Merge pull request 'Alpha Release 0.0.9' (#82) from dev into main

Reviewed-on: #82
Reviewed-by: Philipp Dormann <philipp@philippdormann.de>

.drone.yml

@@ -11,7 +11,7 @@ steps:
       - git checkout $DRONE_SOURCE_BRANCH
       - mv .env.ci .env
   - name: run tests
-    image: node:alpine
+    image: node:14.15.1-alpine3.12
     commands:
       - yarn
       - yarn test:ci
@@ -37,11 +37,23 @@ steps:
       tags:
         - dev
       registry: registry.odit.services
-    when:
-      branch:
-        - dev
-      event:
-        - push
+  - name: run full license export
+    depends_on: ["clone"]
+    image: node:14.15.1-alpine3.12
+    commands:
+      - yarn
+      - yarn licenses:export
+  - name: push new licenses file to repo
+    depends_on: ["run full license export"]
+    image: appleboy/drone-git-push
+    settings:
+      branch: dev
+      commit: true
+      commit_message: new license file version [CI SKIP]
+      author_email: bot@odit.services
+      remote: git@git.odit.services:lfk/backend.git
+      ssh_key:
+        from_secret: GITLAB_SSHKEY
 
 trigger:
   branch:
@@ -90,11 +102,20 @@ steps:
         from_secret: DOCKER_REGISTRY_PASSWORD
       repo: registry.odit.services/lfk/backend
       tags:
-        - $DRONE_TAG
+        - '${DRONE_TAG}'
       registry: registry.odit.services
-
+  - name: trigger node lib build
+    image: idcooldi/drone-webhook
+    settings:
+      urls: https://ci.odit.services/api/repos/lfk/lfk-client-node/builds?SOURCE_TAG=${DRONE_TAG}
+      bearer:
+        from_secret: BOT_DRONE_KEY
+  - name: trigger js lib build
+    image: idcooldi/drone-webhook
+    settings:
+      urls: https://ci.odit.services/api/repos/lfk/lfk-client-js/builds?SOURCE_TAG=${DRONE_TAG}
+      bearer:
+        from_secret: BOT_DRONE_KEY
 trigger:
-  branch:
-    - main
   event:
-    - tag
+  - tag

.env.ci

@@ -5,4 +5,5 @@ DB_PORT=unused
 DB_USER=unused
 DB_PASSWORD=bla
 DB_NAME=./test.sqlite
-NODE_ENV=dev
+NODE_ENV=dev
+POSTALCODE_COUNTRYCODE=null

.env.example

@@ -5,4 +5,5 @@ DB_PORT=bla
 DB_USER=bla
 DB_PASSWORD=bla
 DB_NAME=bla
-NODE_ENV=production
+NODE_ENV=production
+POSTALCODE_COUNTRYCODE=null

.gitignore

@@ -132,4 +132,7 @@ build
 
 *.sqlite
 *.sqlite-jurnal
-docs
+/docs
+lib
+/oss-attribution
+*.tmp

package.json

@@ -1,6 +1,6 @@
 {
-  "name": "@lfk/backend",
-  "version": "1.0.0",
+  "name": "@odit/lfk-backend",
+  "version": "0.0.9",
   "main": "src/app.ts",
   "repository": "https://git.odit.services/lfk/backend",
   "author": {
@@ -28,8 +28,10 @@
     "class-validator": "^0.12.2",
     "class-validator-jsonschema": "^2.0.3",
     "consola": "^2.15.0",
+    "cookie": "^0.4.1",
     "cookie-parser": "^1.4.5",
     "cors": "^2.8.5",
+    "csvtojson": "^2.0.10",
     "dotenv": "^8.2.0",
     "express": "^4.17.1",
     "jsonwebtoken": "^8.5.1",
@@ -38,24 +40,27 @@
     "reflect-metadata": "^0.1.13",
     "routing-controllers": "^0.9.0-alpha.6",
     "routing-controllers-openapi": "^2.1.0",
-    "swagger-ui-express": "^4.1.5",
+    "sqlite3": "5.0.0",
     "typeorm": "^0.2.29",
     "typeorm-routing-controllers-extensions": "^0.2.0",
     "typeorm-seeding": "^1.6.1",
-    "sqlite3": "^5.0.0",
-    "uuid": "^8.3.1"
+    "uuid": "^8.3.1",
+    "validator": "^13.5.2"
   },
   "devDependencies": {
+    "@odit/license-exporter": "^0.0.8",
     "@types/cors": "^2.8.8",
+    "@types/csvtojson": "^1.1.5",
     "@types/express": "^4.17.9",
     "@types/jest": "^26.0.16",
     "@types/jsonwebtoken": "^8.5.0",
     "@types/node": "^14.14.9",
-    "@types/swagger-ui-express": "^4.1.2",
     "@types/uuid": "^8.3.0",
     "axios": "^0.21.0",
+    "cp-cli": "^2.0.0",
     "jest": "^26.6.3",
     "nodemon": "^2.0.6",
+    "rimraf": "^2.7.1",
     "start-server-and-test": "^1.11.6",
     "ts-jest": "^26.4.4",
     "ts-node": "^9.0.0",
@@ -64,12 +69,14 @@
   },
   "scripts": {
     "dev": "nodemon src/app.ts",
-    "build": "tsc",
+    "build": "rimraf ./dist && tsc && cp-cli ./src/static ./dist/static",
     "docs": "typedoc --out docs src",
     "test": "jest",
     "test:watch": "jest --watchAll",
-    "test:ci": "start-server-and-test dev http://localhost:4010/api/openapi.json test",
-    "seed": "ts-node ./node_modules/typeorm/cli.js schema:sync && ts-node ./node_modules/typeorm-seeding/dist/cli.js seed"
+    "test:ci": "start-server-and-test dev http://localhost:4010/api/docs/openapi.json test",
+    "seed": "ts-node ./node_modules/typeorm/cli.js schema:sync && ts-node ./node_modules/typeorm-seeding/dist/cli.js seed",
+    "openapi:export": "ts-node scripts/openapi_export.ts",
+    "licenses:export": "license-exporter --md"
   },
   "nodemonConfig": {
     "ignore": [
@@ -77,4 +84,4 @@
       "docs/*"
     ]
   }
-}
+}

scripts/openapi_export.ts

@@ -0,0 +1,73 @@
+import { validationMetadatasToSchemas } from 'class-validator-jsonschema';
+import consola from "consola";
+import fs from "fs";
+import "reflect-metadata";
+import { createExpressServer, getMetadataArgsStorage } from "routing-controllers";
+import { routingControllersToSpec } from 'routing-controllers-openapi';
+import { config } from '../src/config';
+import authchecker from "../src/middlewares/authchecker";
+import { ErrorHandler } from '../src/middlewares/ErrorHandler';
+
+const CONTROLLERS_FILE_EXTENSION = process.env.NODE_ENV === 'production' ? 'js' : 'ts';
+createExpressServer({
+    authorizationChecker: authchecker,
+    middlewares: [ErrorHandler],
+    development: config.development,
+    cors: true,
+    routePrefix: "/api",
+    controllers: [`${__dirname}/../src/controllers/*.${CONTROLLERS_FILE_EXTENSION}`],
+});
+
+const storage = getMetadataArgsStorage();
+const schemas = validationMetadatasToSchemas({
+    refPointerPrefix: "#/components/schemas/",
+});
+
+//Spec creation based on the previously created schemas
+const spec = routingControllersToSpec(
+    storage,
+    {
+        routePrefix: "/api"
+    },
+    {
+        components: {
+            schemas,
+            "securitySchemes": {
+                "AuthToken": {
+                    "type": "http",
+                    "scheme": "bearer",
+                    "bearerFormat": "JWT",
+                    description: "A JWT based access token. Use /api/auth/login or /api/auth/refresh to get one."
+                },
+                "RefreshTokenCookie": {
+                    "type": "apiKey",
+                    "in": "cookie",
+                    "name": "lfk_backend__refresh_token",
+                    description: "A cookie containing a JWT based refreh token. Attention: Doesn't work in swagger-ui. Use /api/auth/login or /api/auth/refresh to get one."
+                },
+                "StatsApiToken": {
+                    "type": "http",
+                    "scheme": "bearer",
+                    description: "Api token that can be obtained by creating a new stats client (post to /api/statsclients). Only valid for obtaining stats."
+                },
+                "StationApiToken": {
+                    "type": "http",
+                    "scheme": "bearer",
+                    description: "Api token that can be obtained by creating a new scan station (post to /api/stations). Only valid for creating scans."
+                }
+            }
+        },
+        info: {
+            description: "The the backend API for the LfK! runner system.",
+            title: "LfK! Backend API",
+            version: "0.0.8",
+        },
+    }
+);
+
+try {
+    fs.writeFileSync("./openapi.json", JSON.stringify(spec), { encoding: "utf-8" });
+    consola.success("Exported openapi spec to openapi.json");
+} catch (error) {
+    consola.error("Couldn't export the openapi spec");
+}

src/app.ts

@@ -1,9 +1,9 @@
 import consola from "consola";
 import "reflect-metadata";
 import { createExpressServer } from "routing-controllers";
-import authchecker from "./authchecker";
 import { config, e as errors } from './config';
 import loaders from "./loaders/index";
+import authchecker from "./middlewares/authchecker";
 import { ErrorHandler } from './middlewares/ErrorHandler';
 
 const CONTROLLERS_FILE_EXTENSION = process.env.NODE_ENV === 'production' ? 'js' : 'ts';

src/authchecker.ts

@@ -1,51 +0,0 @@
-import * as jwt from "jsonwebtoken";
-import { Action } from "routing-controllers";
-import { getConnectionManager } from 'typeorm';
-import { config } from './config';
-import { IllegalJWTError, NoPermissionError, UserNonexistantOrRefreshtokenInvalidError } from './errors/AuthError';
-import { User } from './models/entities/User';
-// -----------
-const authchecker = async (action: Action, permissions: string | string[]) => {
-    let required_permissions = undefined
-    if (typeof permissions === "string") {
-        required_permissions = [permissions]
-    } else {
-        required_permissions = permissions
-    }
-    // const token = action.request.headers["authorization"];
-    const provided_token = action.request.query["auth"];
-    let jwtPayload = undefined
-    try {
-        jwtPayload = <any>jwt.verify(provided_token, config.jwt_secret);
-    } catch (error) {
-        throw new IllegalJWTError()
-    }
-    const count = await getConnectionManager().get().getRepository(User).count({ id: jwtPayload["userdetails"]["id"], refreshTokenCount: jwtPayload["userdetails"]["refreshTokenCount"] })
-    if (count !== 1) {
-        throw new UserNonexistantOrRefreshtokenInvalidError()
-    }
-    if (jwtPayload.permissions) {
-        action.response.local = {}
-        action.response.local.jwtPayload = jwtPayload.permissions
-        required_permissions.forEach(r => {
-            const permission_key = r.split(":")[0]
-            const actual_accesslevel_for_permission = jwtPayload.permissions[permission_key]
-            const permission_access_level = r.split(":")[1]
-            if (actual_accesslevel_for_permission.includes(permission_access_level)) {
-                return true;
-            } else {
-                throw new NoPermissionError()
-            }
-        });
-    } else {
-        throw new NoPermissionError()
-    }
-    // 
-    try {
-        jwt.verify(provided_token, config.jwt_secret);
-        return true
-    } catch (error) {
-        return false
-    }
-}
-export default authchecker

src/config.ts

@@ -1,10 +1,13 @@
 import { config as configDotenv } from 'dotenv';
+import ValidatorJS from 'validator';
+
 configDotenv();
 export const config = {
     internal_port: parseInt(process.env.APP_PORT) || 4010,
     development: process.env.NODE_ENV === "production",
     jwt_secret: process.env.JWT_SECRET || "secretjwtsecret",
-    phone_validation_countrycode: process.env.PHONE_COUNTRYCODE || "ZZ"
+    phone_validation_countrycode: process.env.PHONE_COUNTRYCODE || "ZZ",
+    postalcode_validation_countrycode: getPostalCodeLocale()
 }
 let errors = 0
 if (typeof config.internal_port !== "number") {
@@ -19,4 +22,13 @@ if (config.phone_validation_countrycode.length !== 2) {
 if (typeof config.development !== "boolean") {
     errors++
 }
+function getPostalCodeLocale(): any {
+    try {
+        const stringArray: String[] = ValidatorJS.isPostalCodeLocales;
+        let index = stringArray.indexOf(process.env.POSTALCODE_COUNTRYCODE);
+        return ValidatorJS.isPostalCodeLocales[index];
+    } catch (error) {
+        return null;
+    }
+}
 export let e = errors

src/controllers/AuthController.ts

@@ -1,10 +1,12 @@
-import { Body, CookieParam, JsonController, Post, Res } from 'routing-controllers';
+import { Body, CookieParam, JsonController, Param, Post, Req, Res } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { IllegalJWTError, InvalidCredentialsError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UsernameOrEmailNeededError } from '../errors/AuthError';
 import { UserNotFoundError } from '../errors/UserErrors';
 import { CreateAuth } from '../models/actions/CreateAuth';
+import { CreateResetToken } from '../models/actions/CreateResetToken';
 import { HandleLogout } from '../models/actions/HandleLogout';
 import { RefreshAuth } from '../models/actions/RefreshAuth';
+import { ResetPassword } from '../models/actions/ResetPassword';
 import { Auth } from '../models/responses/ResponseAuth';
 import { Logout } from '../models/responses/ResponseLogout';
 
@@ -20,7 +22,7 @@ export class AuthController {
 	@ResponseSchema(UsernameOrEmailNeededError)
 	@ResponseSchema(PasswordNeededError)
 	@ResponseSchema(InvalidCredentialsError)
-	@OpenAPI({ description: 'Create a new access token object' })
+	@OpenAPI({ description: 'Login with your username/email and password. <br> You will receive: \n * access token (use it as a bearer token) \n * refresh token (will also be sent as a cookie)' })
 	async login(@Body({ validate: true }) createAuth: CreateAuth, @Res() response: any) {
 		let auth;
 		try {
@@ -40,7 +42,7 @@ export class AuthController {
 	@ResponseSchema(UsernameOrEmailNeededError)
 	@ResponseSchema(PasswordNeededError)
 	@ResponseSchema(InvalidCredentialsError)
-	@OpenAPI({ description: 'Create a new access token object' })
+	@OpenAPI({ description: 'Logout using your refresh token. <br> This instantly invalidates all your access and refresh tokens.', security: [{ "RefreshTokenCookie": [] }] })
 	async logout(@Body({ validate: true }) handleLogout: HandleLogout, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any) {
 		if (refresh_token && refresh_token.length != 0 && handleLogout.token == undefined) {
 			handleLogout.token = refresh_token;
@@ -63,8 +65,8 @@ export class AuthController {
 	@ResponseSchema(IllegalJWTError)
 	@ResponseSchema(UserNotFoundError)
 	@ResponseSchema(RefreshTokenCountInvalidError)
-	@OpenAPI({ description: 'refresh a access token' })
-	async refresh(@Body({ validate: true }) refreshAuth: RefreshAuth, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any) {
+	@OpenAPI({ description: 'Refresh your access and refresh tokens using a valid refresh token. <br> You will receive: \n * access token (use it as a bearer token) \n * refresh token (will also be sent as a cookie)', security: [{ "RefreshTokenCookie": [] }] })
+	async refresh(@Body({ validate: true }) refreshAuth: RefreshAuth, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any, @Req() req: any) {
 		if (refresh_token && refresh_token.length != 0 && refreshAuth.token == undefined) {
 			refreshAuth.token = refresh_token;
 		}
@@ -78,4 +80,24 @@ export class AuthController {
 		}
 		return response.send(auth)
 	}
+
+	@Post("/reset")
+	@ResponseSchema(Auth)
+	@ResponseSchema(UserNotFoundError)
+	@ResponseSchema(UsernameOrEmailNeededError)
+	@OpenAPI({ description: "Request a password reset token. <br> This will provide you with a reset token that you can use by posting to /api/auth/reset/{token}." })
+	async getResetToken(@Body({ validate: true }) passwordReset: CreateResetToken) {
+		//This really shouldn't just get returned, but sent via mail or sth like that. But for dev only this is fine.
+		return { "resetToken": await passwordReset.toResetToken() };
+	}
+
+	@Post("/reset/:token")
+	@ResponseSchema(Auth)
+	@ResponseSchema(UserNotFoundError)
+	@ResponseSchema(UsernameOrEmailNeededError)
+	@OpenAPI({ description: "Reset a user's utilising a valid password reset token. <br> This will set the user's password to the one you provided in the body. <br> To get a reset token post to /api/auth/reset with your username." })
+	async resetPassword(@Param("token") token: string, @Body({ validate: true }) passwordReset: ResetPassword) {
+		passwordReset.resetToken = token;
+		return await passwordReset.resetPassword();
+	}
 }

src/controllers/DonorController.ts

@@ -0,0 +1,105 @@
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnectionManager, Repository } from 'typeorm';
+import { DonorIdsNotMatchingError, DonorNotFoundError } from '../errors/DonorErrors';
+import { CreateDonor } from '../models/actions/CreateDonor';
+import { UpdateDonor } from '../models/actions/UpdateDonor';
+import { Donor } from '../models/entities/Donor';
+import { ResponseDonor } from '../models/responses/ResponseDonor';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+
+@JsonController('/donors')
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+export class DonorController {
+	private donorRepository: Repository<Donor>;
+
+	/**
+	 * Gets the repository of this controller's model/entity.
+	 */
+	constructor() {
+		this.donorRepository = getConnectionManager().get().getRepository(Donor);
+	}
+
+	@Get()
+	@Authorized("DONOR:GET")
+	@ResponseSchema(ResponseDonor, { isArray: true })
+	@OpenAPI({ description: 'Lists all runners from all teams/orgs. <br> This includes the runner\'s group and distance ran.' })
+	async getAll() {
+		let responseDonors: ResponseDonor[] = new Array<ResponseDonor>();
+		const donors = await this.donorRepository.find();
+		donors.forEach(donor => {
+			responseDonors.push(new ResponseDonor(donor));
+		});
+		return responseDonors;
+	}
+
+	@Get('/:id')
+	@Authorized("DONOR:GET")
+	@ResponseSchema(ResponseDonor)
+	@ResponseSchema(DonorNotFoundError, { statusCode: 404 })
+	@OnUndefined(DonorNotFoundError)
+	@OpenAPI({ description: 'Lists all information about the runner whose id got provided.' })
+	async getOne(@Param('id') id: number) {
+		let donor = await this.donorRepository.findOne({ id: id })
+		if (!donor) { throw new DonorNotFoundError(); }
+		return new ResponseDonor(donor);
+	}
+
+	@Post()
+	@Authorized("DONOR:CREATE")
+	@ResponseSchema(ResponseDonor)
+	@OpenAPI({ description: 'Create a new runner. <br> Please remeber to provide the runner\'s group\'s id.' })
+	async post(@Body({ validate: true }) createRunner: CreateDonor) {
+		let donor;
+		try {
+			donor = await createRunner.toDonor();
+		} catch (error) {
+			throw error;
+		}
+
+		donor = await this.donorRepository.save(donor)
+		return new ResponseDonor(await this.donorRepository.findOne(donor));
+	}
+
+	@Put('/:id')
+	@Authorized("DONOR:UPDATE")
+	@ResponseSchema(ResponseDonor)
+	@ResponseSchema(DonorNotFoundError, { statusCode: 404 })
+	@ResponseSchema(DonorIdsNotMatchingError, { statusCode: 406 })
+	@OpenAPI({ description: "Update the runner whose id you provided. <br> Please remember that ids can't be changed." })
+	async put(@Param('id') id: number, @Body({ validate: true }) donor: UpdateDonor) {
+		let oldDonor = await this.donorRepository.findOne({ id: id });
+
+		if (!oldDonor) {
+			throw new DonorNotFoundError();
+		}
+
+		if (oldDonor.id != donor.id) {
+			throw new DonorIdsNotMatchingError();
+		}
+
+		await this.donorRepository.save(await donor.updateDonor(oldDonor));
+		return new ResponseDonor(await this.donorRepository.findOne({ id: id }));
+	}
+
+	@Delete('/:id')
+	@Authorized("DONOR:DELETE")
+	@ResponseSchema(ResponseDonor)
+	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
+	@OnUndefined(204)
+	@OpenAPI({ description: 'Delete the runner whose id you provided. <br> If no runner with this id exists it will just return 204(no content).' })
+	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
+		let donor = await this.donorRepository.findOne({ id: id });
+		if (!donor) { return null; }
+		const responseDonor = await this.donorRepository.findOne(donor);
+
+		if (!donor) {
+			throw new DonorNotFoundError();
+		}
+
+		//TODO: DELETE DONATIONS AND WARN FOR FORCE (https://git.odit.services/lfk/backend/issues/66)
+
+		await this.donorRepository.delete(donor);
+		return new ResponseDonor(responseDonor);
+	}
+}

src/controllers/ImportController.ts

@@ -0,0 +1,102 @@
+import csv from 'csvtojson';
+import { Authorized, Body, ContentType, Controller, Param, Post, QueryParam, Req, UseBefore } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { RunnerGroupNeededError } from '../errors/RunnerErrors';
+import { RunnerGroupNotFoundError } from '../errors/RunnerGroupErrors';
+import RawBodyMiddleware from '../middlewares/RawBody';
+import { ImportRunner } from '../models/actions/ImportRunner';
+import { ResponseRunner } from '../models/responses/ResponseRunner';
+import { RunnerController } from './RunnerController';
+
+@Controller()
+@Authorized(["RUNNER:IMPORT", "TEAM:IMPORT"])
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+export class ImportController {
+    private runnerController: RunnerController;
+
+    /**
+     * Gets the repository of this controller's model/entity.
+     */
+    constructor() {
+        this.runnerController = new RunnerController();
+    }
+
+    @Post('/runners/import')
+    @ContentType("application/json")
+    @ResponseSchema(ResponseRunner, { isArray: true, statusCode: 200 })
+    @ResponseSchema(RunnerGroupNotFoundError, { statusCode: 404 })
+    @ResponseSchema(RunnerGroupNeededError, { statusCode: 406 })
+    @OpenAPI({ description: "Create new runners from json and insert them into the provided group. <br> If teams/classes are provided alongside the runner's name they'll automaticly be created under the provided org and the runners will be inserted into the teams instead." })
+    async postJSON(@Body({ validate: true, type: ImportRunner }) importRunners: ImportRunner[], @QueryParam("group") groupID: number) {
+        if (!groupID) { throw new RunnerGroupNeededError(); }
+        let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
+        for await (let runner of importRunners) {
+            responseRunners.push(await this.runnerController.post(await runner.toCreateRunner(groupID)));
+        }
+        return responseRunners;
+    }
+
+    @Post('/organisations/:id/import')
+    @ContentType("application/json")
+    @ResponseSchema(ResponseRunner, { isArray: true, statusCode: 200 })
+    @ResponseSchema(RunnerGroupNotFoundError, { statusCode: 404 })
+    @ResponseSchema(RunnerGroupNeededError, { statusCode: 406 })
+    @OpenAPI({ description: "Create new runners from json and insert them into the provided org. <br> If teams/classes are provided alongside the runner's name they'll automaticly be created under the provided org and the runners will be inserted into the teams instead." })
+    async postOrgsJSON(@Body({ validate: true, type: ImportRunner }) importRunners: ImportRunner[], @Param('id') id: number) {
+        return await this.postJSON(importRunners, id)
+    }
+
+    @Post('/teams/:id/import')
+    @ContentType("application/json")
+    @ResponseSchema(ResponseRunner, { isArray: true, statusCode: 200 })
+    @ResponseSchema(RunnerGroupNotFoundError, { statusCode: 404 })
+    @ResponseSchema(RunnerGroupNeededError, { statusCode: 406 })
+    @OpenAPI({ description: "Create new runners from json and insert them into the provided team" })
+    async postTeamsJSON(@Body({ validate: true, type: ImportRunner }) importRunners: ImportRunner[], @Param('id') id: number) {
+        return await this.postJSON(importRunners, id)
+    }
+
+    @Post('/runners/import/csv')
+    @ContentType("application/json")
+    @UseBefore(RawBodyMiddleware)
+    @ResponseSchema(ResponseRunner, { isArray: true, statusCode: 200 })
+    @ResponseSchema(RunnerGroupNotFoundError, { statusCode: 404 })
+    @ResponseSchema(RunnerGroupNeededError, { statusCode: 406 })
+    @OpenAPI({ description: "Create new runners from csv and insert them into the provided group. <br> If teams/classes are provided alongside the runner's name they'll automaticly be created under the provided org and the runners will be inserted into the teams instead." })
+    async postCSV(@Req() request: any, @QueryParam("group") groupID: number) {
+        let csvParse = await csv({ delimiter: [",", ";"], trim: true }).fromString(request.rawBody.toString());
+        let importRunners: ImportRunner[] = new Array<ImportRunner>();
+        for await (let runner of csvParse) {
+            let newImportRunner = new ImportRunner();
+            newImportRunner.firstname = runner.firstname;
+            newImportRunner.middlename = runner.middlename;
+            newImportRunner.lastname = runner.lastname;
+            if (runner.class === undefined) { newImportRunner.team = runner.team; }
+            else { newImportRunner.class = runner.class; }
+            importRunners.push(newImportRunner);
+        }
+        return await this.postJSON(importRunners, groupID);
+    }
+
+    @Post('/organisations/:id/import/csv')
+    @ContentType("application/json")
+    @UseBefore(RawBodyMiddleware)
+    @ResponseSchema(ResponseRunner, { isArray: true, statusCode: 200 })
+    @ResponseSchema(RunnerGroupNotFoundError, { statusCode: 404 })
+    @ResponseSchema(RunnerGroupNeededError, { statusCode: 406 })
+    @OpenAPI({ description: "Create new runners from csv and insert them into the provided org. <br> If teams/classes are provided alongside the runner's name they'll automaticly be created under the provided org and the runners will be inserted into the teams instead." })
+    async postOrgsCSV(@Req() request: any, @Param("id") id: number) {
+        return await this.postCSV(request, id);
+    }
+
+    @Post('/teams/:id/import/csv')
+    @ContentType("application/json")
+    @UseBefore(RawBodyMiddleware)
+    @ResponseSchema(ResponseRunner, { isArray: true, statusCode: 200 })
+    @ResponseSchema(RunnerGroupNotFoundError, { statusCode: 404 })
+    @ResponseSchema(RunnerGroupNeededError, { statusCode: 406 })
+    @OpenAPI({ description: "Create new runners from csv and insert them into the provided team" })
+    async postTeamsCSV(@Req() request: any, @Param("id") id: number) {
+        return await this.postCSV(request, id);
+    }
+}

src/controllers/PermissionController.ts

@@ -0,0 +1,118 @@
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnectionManager, Repository } from 'typeorm';
+import { PermissionIdsNotMatchingError, PermissionNeedsPrincipalError, PermissionNotFoundError } from '../errors/PermissionErrors';
+import { PrincipalNotFoundError } from '../errors/PrincipalErrors';
+import { CreatePermission } from '../models/actions/CreatePermission';
+import { UpdatePermission } from '../models/actions/UpdatePermission';
+import { Permission } from '../models/entities/Permission';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponsePermission } from '../models/responses/ResponsePermission';
+import { ResponsePrincipal } from '../models/responses/ResponsePrincipal';
+
+
+@JsonController('/permissions')
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+export class PermissionController {
+    private permissionRepository: Repository<Permission>;
+
+    /**
+     * Gets the repository of this controller's model/entity.
+     */
+    constructor() {
+        this.permissionRepository = getConnectionManager().get().getRepository(Permission);
+    }
+
+    @Get()
+    @Authorized("PERMISSION:GET")
+    @ResponseSchema(ResponsePermission, { isArray: true })
+    @OpenAPI({ description: 'Lists all permissions for all users and groups.' })
+    async getAll() {
+        let responsePermissions: ResponsePermission[] = new Array<ResponsePermission>();
+        const permissions = await this.permissionRepository.find({ relations: ['principal'] });
+        permissions.forEach(permission => {
+            responsePermissions.push(new ResponsePermission(permission));
+        });
+        return responsePermissions;
+    }
+
+
+    @Get('/:id')
+    @Authorized("PERMISSION:GET")
+    @ResponseSchema(ResponsePermission)
+    @ResponseSchema(PermissionNotFoundError, { statusCode: 404 })
+    @OnUndefined(PermissionNotFoundError)
+    @OpenAPI({ description: 'Lists all information about the permission whose id got provided.' })
+    async getOne(@Param('id') id: number) {
+        let permission = await this.permissionRepository.findOne({ id: id }, { relations: ['principal'] });
+        if (!permission) { throw new PermissionNotFoundError(); }
+        return new ResponsePermission(permission);
+    }
+
+
+    @Post()
+    @Authorized("PERMISSION:CREATE")
+    @ResponseSchema(ResponsePermission)
+    @ResponseSchema(PrincipalNotFoundError, { statusCode: 404 })
+    @OpenAPI({ description: 'Create a new permission for a existing principal(user/group). <br> If a permission with this target, action and prinicpal already exists that permission will be returned instead of creating a new one.' })
+    async post(@Body({ validate: true }) createPermission: CreatePermission) {
+        let permission;
+        try {
+            permission = await createPermission.toPermission();
+        } catch (error) {
+            throw error;
+        }
+        let existingPermission = await this.permissionRepository.findOne({ target: permission.target, action: permission.action, principal: permission.principal }, { relations: ['principal'] });
+        if (existingPermission) { return new ResponsePermission(existingPermission); }
+
+        permission = await this.permissionRepository.save(permission);
+        permission = await this.permissionRepository.findOne(permission, { relations: ['principal'] });
+
+        return new ResponsePermission(permission);
+    }
+
+
+    @Put('/:id')
+    @Authorized("PERMISSION:UPDATE")
+    @ResponseSchema(ResponsePrincipal)
+    @ResponseSchema(PermissionNotFoundError, { statusCode: 404 })
+    @ResponseSchema(PrincipalNotFoundError, { statusCode: 404 })
+    @ResponseSchema(PermissionIdsNotMatchingError, { statusCode: 406 })
+    @ResponseSchema(PermissionNeedsPrincipalError, { statusCode: 406 })
+    @OpenAPI({ description: "Update a permission object. <br> If updateing the permission object would result in duplicate permission (same target, action and principal) this permission will get deleted and the existing permission will be returned. <br> Please remember that ids can't be changed." })
+    async put(@Param('id') id: number, @Body({ validate: true }) permission: UpdatePermission) {
+        let oldPermission = await this.permissionRepository.findOne({ id: id }, { relations: ['principal'] });
+
+        if (!oldPermission) {
+            throw new PermissionNotFoundError();
+        }
+
+        if (oldPermission.id != permission.id) {
+            throw new PermissionIdsNotMatchingError();
+        }
+        let existingPermission = await this.permissionRepository.findOne({ target: permission.target, action: permission.action, principal: permission.principal }, { relations: ['principal'] });
+        if (existingPermission) {
+            await this.remove(permission.id, true);
+            return new ResponsePermission(existingPermission);
+        }
+
+        await this.permissionRepository.save(await permission.updatePermission(oldPermission));
+
+        return new ResponsePermission(await this.permissionRepository.findOne({ id: permission.id }, { relations: ['principal'] }));
+    }
+
+    @Delete('/:id')
+    @Authorized("PERMISSION:DELETE")
+    @ResponseSchema(ResponsePermission)
+    @ResponseSchema(ResponseEmpty, { statusCode: 204 })
+    @OnUndefined(204)
+    @OpenAPI({ description: 'Deletes the permission whose id you provide. <br> If no permission with this id exists it will just return 204(no content).' })
+    async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
+        let permission = await this.permissionRepository.findOne({ id: id }, { relations: ['principal'] });
+        if (!permission) { return null; }
+
+        const responsePermission = new ResponsePermission(permission);
+        await this.permissionRepository.delete(permission);
+        return responsePermission;
+    }
+}

src/controllers/RunnerController.ts

@@ -1,4 +1,4 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { RunnerGroupNeededError, RunnerIdsNotMatchingError, RunnerNotFoundError } from '../errors/RunnerErrors';
@@ -10,7 +10,7 @@ import { ResponseEmpty } from '../models/responses/ResponseEmpty';
 import { ResponseRunner } from '../models/responses/ResponseRunner';
 
 @JsonController('/runners')
-//@Authorized('RUNNERS:read')
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 export class RunnerController {
 	private runnerRepository: Repository<Runner>;
 
@@ -22,8 +22,9 @@ export class RunnerController {
 	}
 
 	@Get()
+	@Authorized("RUNNER:GET")
 	@ResponseSchema(ResponseRunner, { isArray: true })
-	@OpenAPI({ description: 'Lists all runners.' })
+	@OpenAPI({ description: 'Lists all runners from all teams/orgs. <br> This includes the runner\'s group and distance ran.' })
 	async getAll() {
 		let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
 		const runners = await this.runnerRepository.find({ relations: ['scans', 'group'] });
@@ -34,10 +35,11 @@ export class RunnerController {
 	}
 
 	@Get('/:id')
+	@Authorized("RUNNER:GET")
 	@ResponseSchema(ResponseRunner)
 	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
 	@OnUndefined(RunnerNotFoundError)
-	@OpenAPI({ description: 'Returns a runner of a specified id (if it exists)' })
+	@OpenAPI({ description: 'Lists all information about the runner whose id got provided.' })
 	async getOne(@Param('id') id: number) {
 		let runner = await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group'] })
 		if (!runner) { throw new RunnerNotFoundError(); }
@@ -45,10 +47,11 @@ export class RunnerController {
 	}
 
 	@Post()
+	@Authorized("RUNNER:CREATE")
 	@ResponseSchema(ResponseRunner)
 	@ResponseSchema(RunnerGroupNeededError)
 	@ResponseSchema(RunnerGroupNotFoundError)
-	@OpenAPI({ description: 'Create a new runner object (id will be generated automagicly).' })
+	@OpenAPI({ description: 'Create a new runner. <br> Please remeber to provide the runner\'s group\'s id.' })
 	async post(@Body({ validate: true }) createRunner: CreateRunner) {
 		let runner;
 		try {
@@ -62,10 +65,11 @@ export class RunnerController {
 	}
 
 	@Put('/:id')
+	@Authorized("RUNNER:UPDATE")
 	@ResponseSchema(ResponseRunner)
 	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
 	@ResponseSchema(RunnerIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update a runner object (id can't be changed)." })
+	@OpenAPI({ description: "Update the runner whose id you provided. <br> Please remember that ids can't be changed." })
 	async put(@Param('id') id: number, @Body({ validate: true }) runner: UpdateRunner) {
 		let oldRunner = await this.runnerRepository.findOne({ id: id }, { relations: ['group'] });
 
@@ -77,15 +81,16 @@ export class RunnerController {
 			throw new RunnerIdsNotMatchingError();
 		}
 
-		await this.runnerRepository.update(oldRunner, await runner.toRunner());
+		await this.runnerRepository.save(await runner.updateRunner(oldRunner));
 		return new ResponseRunner(await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group'] }));
 	}
 
 	@Delete('/:id')
+	@Authorized("RUNNER:DELETE")
 	@ResponseSchema(ResponseRunner)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@OnUndefined(204)
-	@OpenAPI({ description: 'Delete a specified runner (if it exists).' })
+	@OpenAPI({ description: 'Delete the runner whose id you provided. <br> If no runner with this id exists it will just return 204(no content).' })
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let runner = await this.runnerRepository.findOne({ id: id });
 		if (!runner) { return null; }

src/controllers/RunnerOrganisationController.ts

@@ -1,9 +1,9 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
-import { EntityFromBody } from 'typeorm-routing-controllers-extensions';
 import { RunnerOrganisationHasRunnersError, RunnerOrganisationHasTeamsError, RunnerOrganisationIdsNotMatchingError, RunnerOrganisationNotFoundError } from '../errors/RunnerOrganisationErrors';
 import { CreateRunnerOrganisation } from '../models/actions/CreateRunnerOrganisation';
+import { UpdateRunnerOrganisation } from '../models/actions/UpdateRunnerOrganisation';
 import { RunnerOrganisation } from '../models/entities/RunnerOrganisation';
 import { ResponseEmpty } from '../models/responses/ResponseEmpty';
 import { ResponseRunnerOrganisation } from '../models/responses/ResponseRunnerOrganisation';
@@ -12,7 +12,7 @@ import { RunnerTeamController } from './RunnerTeamController';
 
 
 @JsonController('/organisations')
-//@Authorized('RUNNERS:read')
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 export class RunnerOrganisationController {
 	private runnerOrganisationRepository: Repository<RunnerOrganisation>;
 
@@ -24,8 +24,9 @@ export class RunnerOrganisationController {
 	}
 
 	@Get()
+	@Authorized("ORGANISATION:GET")
 	@ResponseSchema(ResponseRunnerOrganisation, { isArray: true })
-	@OpenAPI({ description: 'Lists all runnerOrganisations.' })
+	@OpenAPI({ description: 'Lists all organisations. <br> This includes their address, contact and teams (if existing/associated).' })
 	async getAll() {
 		let responseTeams: ResponseRunnerOrganisation[] = new Array<ResponseRunnerOrganisation>();
 		const runners = await this.runnerOrganisationRepository.find({ relations: ['address', 'contact', 'teams'] });
@@ -36,10 +37,11 @@ export class RunnerOrganisationController {
 	}
 
 	@Get('/:id')
+	@Authorized("ORGANISATION:GET")
 	@ResponseSchema(ResponseRunnerOrganisation)
 	@ResponseSchema(RunnerOrganisationNotFoundError, { statusCode: 404 })
 	@OnUndefined(RunnerOrganisationNotFoundError)
-	@OpenAPI({ description: 'Returns a runnerOrganisation of a specified id (if it exists)' })
+	@OpenAPI({ description: 'Lists all information about the organisation whose id got provided.' })
 	async getOne(@Param('id') id: number) {
 		let runnerOrg = await this.runnerOrganisationRepository.findOne({ id: id }, { relations: ['address', 'contact', 'teams'] });
 		if (!runnerOrg) { throw new RunnerOrganisationNotFoundError(); }
@@ -47,8 +49,9 @@ export class RunnerOrganisationController {
 	}
 
 	@Post()
+	@Authorized("ORGANISATION:CREATE")
 	@ResponseSchema(ResponseRunnerOrganisation)
-	@OpenAPI({ description: 'Create a new runnerOrganisation object (id will be generated automagicly).' })
+	@OpenAPI({ description: 'Create a new organsisation.' })
 	async post(@Body({ validate: true }) createRunnerOrganisation: CreateRunnerOrganisation) {
 		let runnerOrganisation;
 		try {
@@ -63,34 +66,35 @@ export class RunnerOrganisationController {
 	}
 
 	@Put('/:id')
+	@Authorized("ORGANISATION:UPDATE")
 	@ResponseSchema(ResponseRunnerOrganisation)
 	@ResponseSchema(RunnerOrganisationNotFoundError, { statusCode: 404 })
 	@ResponseSchema(RunnerOrganisationIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update a runnerOrganisation object (id can't be changed)." })
-	async put(@Param('id') id: number, @EntityFromBody() runnerOrganisation: RunnerOrganisation) {
+	@OpenAPI({ description: "Update the organisation whose id you provided. <br> Please remember that ids can't be changed." })
+	async put(@Param('id') id: number, @Body({ validate: true }) updateOrganisation: UpdateRunnerOrganisation) {
 		let oldRunnerOrganisation = await this.runnerOrganisationRepository.findOne({ id: id });
 
 		if (!oldRunnerOrganisation) {
 			throw new RunnerOrganisationNotFoundError();
 		}
 
-		if (oldRunnerOrganisation.id != runnerOrganisation.id) {
+		if (oldRunnerOrganisation.id != updateOrganisation.id) {
 			throw new RunnerOrganisationIdsNotMatchingError();
 		}
 
-		await this.runnerOrganisationRepository.update(oldRunnerOrganisation, runnerOrganisation);
+		await this.runnerOrganisationRepository.save(await updateOrganisation.updateRunnerOrganisation(oldRunnerOrganisation));
 
-		runnerOrganisation = await this.runnerOrganisationRepository.findOne(runnerOrganisation, { relations: ['address', 'contact', 'teams'] });
-		return new ResponseRunnerOrganisation(runnerOrganisation);
+		return new ResponseRunnerOrganisation(await this.runnerOrganisationRepository.findOne(id, { relations: ['address', 'contact', 'teams'] }));
 	}
 
 	@Delete('/:id')
+	@Authorized("ORGANISATION:DELETE")
 	@ResponseSchema(ResponseRunnerOrganisation)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@ResponseSchema(RunnerOrganisationHasTeamsError, { statusCode: 406 })
 	@ResponseSchema(RunnerOrganisationHasRunnersError, { statusCode: 406 })
 	@OnUndefined(204)
-	@OpenAPI({ description: 'Delete a specified runnerOrganisation (if it exists).' })
+	@OpenAPI({ description: 'Delete the organsisation whose id you provided. <br> If the organisation still has runners and/or teams associated this will fail. <br> To delete the organisation with all associated runners and teams set the force QueryParam to true (cascading deletion might take a while). <br> If no organisation with this id exists it will just return 204(no content).' })
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let organisation = await this.runnerOrganisationRepository.findOne({ id: id });
 		if (!organisation) { return null; }

src/controllers/RunnerTeamController.ts

@@ -1,4 +1,4 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { RunnerTeamHasRunnersError, RunnerTeamIdsNotMatchingError, RunnerTeamNotFoundError } from '../errors/RunnerTeamErrors';
@@ -11,7 +11,7 @@ import { RunnerController } from './RunnerController';
 
 
 @JsonController('/teams')
-//@Authorized('RUNNERS:read')
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 export class RunnerTeamController {
 	private runnerTeamRepository: Repository<RunnerTeam>;
 
@@ -23,8 +23,9 @@ export class RunnerTeamController {
 	}
 
 	@Get()
+	@Authorized("TEAM:GET")
 	@ResponseSchema(ResponseRunnerTeam, { isArray: true })
-	@OpenAPI({ description: 'Lists all runnerTeams.' })
+	@OpenAPI({ description: 'Lists all teams. <br> This includes their parent organisation and contact (if existing/associated).' })
 	async getAll() {
 		let responseTeams: ResponseRunnerTeam[] = new Array<ResponseRunnerTeam>();
 		const runners = await this.runnerTeamRepository.find({ relations: ['parentGroup', 'contact'] });
@@ -35,10 +36,11 @@ export class RunnerTeamController {
 	}
 
 	@Get('/:id')
+	@Authorized("TEAM:GET")
 	@ResponseSchema(ResponseRunnerTeam)
 	@ResponseSchema(RunnerTeamNotFoundError, { statusCode: 404 })
 	@OnUndefined(RunnerTeamNotFoundError)
-	@OpenAPI({ description: 'Returns a runnerTeam of a specified id (if it exists)' })
+	@OpenAPI({ description: 'Lists all information about the team whose id got provided.' })
 	async getOne(@Param('id') id: number) {
 		let runnerTeam = await this.runnerTeamRepository.findOne({ id: id }, { relations: ['parentGroup', 'contact'] });
 		if (!runnerTeam) { throw new RunnerTeamNotFoundError(); }
@@ -46,8 +48,9 @@ export class RunnerTeamController {
 	}
 
 	@Post()
+	@Authorized("TEAM:CREATE")
 	@ResponseSchema(ResponseRunnerTeam)
-	@OpenAPI({ description: 'Create a new runnerTeam object (id will be generated automagicly).' })
+	@OpenAPI({ description: 'Create a new organsisation. <br> Please remember to provide it\'s parent group\'s id.' })
 	async post(@Body({ validate: true }) createRunnerTeam: CreateRunnerTeam) {
 		let runnerTeam;
 		try {
@@ -63,10 +66,11 @@ export class RunnerTeamController {
 	}
 
 	@Put('/:id')
+	@Authorized("TEAM:UPDATE")
 	@ResponseSchema(ResponseRunnerTeam)
 	@ResponseSchema(RunnerTeamNotFoundError, { statusCode: 404 })
 	@ResponseSchema(RunnerTeamIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update a runnerTeam object (id can't be changed)." })
+	@OpenAPI({ description: "Update the team whose id you provided. <br> Please remember that ids can't be changed." })
 	async put(@Param('id') id: number, @Body({ validate: true }) runnerTeam: UpdateRunnerTeam) {
 		let oldRunnerTeam = await this.runnerTeamRepository.findOne({ id: id }, { relations: ['parentGroup', 'contact'] });
 
@@ -78,17 +82,18 @@ export class RunnerTeamController {
 			throw new RunnerTeamIdsNotMatchingError();
 		}
 
-		await this.runnerTeamRepository.update(oldRunnerTeam, await runnerTeam.toRunnerTeam());
+		await this.runnerTeamRepository.save(await runnerTeam.updateRunnerTeam(oldRunnerTeam));
 
 		return new ResponseRunnerTeam(await this.runnerTeamRepository.findOne({ id: runnerTeam.id }, { relations: ['parentGroup', 'contact'] }));
 	}
 
 	@Delete('/:id')
+	@Authorized("TEAM:DELETE")
 	@ResponseSchema(ResponseRunnerTeam)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@ResponseSchema(RunnerTeamHasRunnersError, { statusCode: 406 })
 	@OnUndefined(204)
-	@OpenAPI({ description: 'Delete a specified runnerTeam (if it exists).' })
+	@OpenAPI({ description: 'Delete the team whose id you provided. <br> If the team still has runners associated this will fail. <br> To delete the team with all associated runners set the force QueryParam to true (cascading deletion might take a while). <br> If no team with this id exists it will just return 204(no content).' })
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let team = await this.runnerTeamRepository.findOne({ id: id });
 		if (!team) { return null; }

src/controllers/ScanController.ts

@@ -0,0 +1,110 @@
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam, UseBefore } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnectionManager, Repository } from 'typeorm';
+import { RunnerNotFoundError } from '../errors/RunnerErrors';
+import { ScanIdsNotMatchingError, ScanNotFoundError } from '../errors/ScanErrors';
+import ScanAuth from '../middlewares/ScanAuth';
+import { CreateScan } from '../models/actions/CreateScan';
+import { CreateTrackScan } from '../models/actions/CreateTrackScan';
+import { UpdateScan } from '../models/actions/UpdateScan';
+import { Scan } from '../models/entities/Scan';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseScan } from '../models/responses/ResponseScan';
+import { ResponseTrackScan } from '../models/responses/ResponseTrackScan';
+
+@JsonController('/scans')
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+export class ScanController {
+	private scanRepository: Repository<Scan>;
+
+	/**
+	 * Gets the repository of this controller's model/entity.
+	 */
+	constructor() {
+		this.scanRepository = getConnectionManager().get().getRepository(Scan);
+	}
+
+	@Get()
+	@Authorized("SCAN:GET")
+	@ResponseSchema(ResponseScan, { isArray: true })
+	@ResponseSchema(ResponseTrackScan, { isArray: true })
+	@OpenAPI({ description: 'Lists all scans (normal or track) from all runners. <br> This includes the scan\'s runner\'s distance ran.' })
+	async getAll() {
+		let responseScans: ResponseScan[] = new Array<ResponseScan>();
+		const scans = await this.scanRepository.find({ relations: ['runner', 'runner.scans', 'runner.scans.track'] });
+		scans.forEach(scan => {
+			responseScans.push(scan.toResponse());
+		});
+		return responseScans;
+	}
+
+	@Get('/:id')
+	@Authorized("SCAN:GET")
+	@ResponseSchema(ResponseScan)
+	@ResponseSchema(ResponseTrackScan)
+	@ResponseSchema(ScanNotFoundError, { statusCode: 404 })
+	@OnUndefined(ScanNotFoundError)
+	@OpenAPI({ description: 'Lists all information about the scan whose id got provided. This includes the scan\'s runner\'s distance ran.' })
+	async getOne(@Param('id') id: number) {
+		let scan = await this.scanRepository.findOne({ id: id }, { relations: ['runner', 'runner.scans', 'runner.scans.track'] })
+		if (!scan) { throw new ScanNotFoundError(); }
+		return scan.toResponse();
+	}
+
+	@Post()
+	@UseBefore(ScanAuth)
+	@ResponseSchema(ResponseScan)
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: 'Create a new scan. <br> Please remeber to provide the scan\'s runner\'s id and distance for normal scans.', security: [{ "ScanApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+	async post(@Body({ validate: true }) createScan: CreateScan) {
+		let scan = await createScan.toScan();
+		scan = await this.scanRepository.save(scan);
+		return (await this.scanRepository.findOne({ id: scan.id }, { relations: ['runner'] })).toResponse();
+	}
+
+	@Post("/trackscans")
+	@UseBefore(ScanAuth)
+	@ResponseSchema(ResponseScan)
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: 'Create a new track scan. <br> This is just a alias for posting /scans', security: [{ "ScanApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+	async postTrackScans(@Body({ validate: true }) createScan: CreateTrackScan) {
+		return this.post(createScan);
+	}
+
+	@Put('/:id')
+	@Authorized("SCAN:UPDATE")
+	@ResponseSchema(ResponseScan)
+	@ResponseSchema(ScanNotFoundError, { statusCode: 404 })
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@ResponseSchema(ScanIdsNotMatchingError, { statusCode: 406 })
+	@OpenAPI({ description: "Update the scan whose id you provided. <br> Please remember that ids can't be changed and distances must be positive." })
+	async put(@Param('id') id: number, @Body({ validate: true }) scan: UpdateScan) {
+		let oldScan = await this.scanRepository.findOne({ id: id });
+
+		if (!oldScan) {
+			throw new ScanNotFoundError();
+		}
+
+		if (oldScan.id != scan.id) {
+			throw new ScanIdsNotMatchingError();
+		}
+
+		await this.scanRepository.save(await scan.updateScan(oldScan));
+		return (await this.scanRepository.findOne({ id: id }, { relations: ['runner'] })).toResponse();
+	}
+
+	@Delete('/:id')
+	@Authorized("SCAN:DELETE")
+	@ResponseSchema(ResponseScan)
+	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
+	@OnUndefined(204)
+	@OpenAPI({ description: 'Delete the scan whose id you provided. <br> If no scan with this id exists it will just return 204(no content).' })
+	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
+		let scan = await this.scanRepository.findOne({ id: id });
+		if (!scan) { return null; }
+		const responseScan = await this.scanRepository.findOne({ id: scan.id }, { relations: ["runner"] });
+
+		await this.scanRepository.delete(scan);
+		return responseScan.toResponse();
+	}
+}

src/controllers/ScanStationController.ts

@@ -0,0 +1,108 @@
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnectionManager, Repository } from 'typeorm';
+import { ScanStationHasScansError, ScanStationIdsNotMatchingError, ScanStationNotFoundError } from '../errors/ScanStationErrors';
+import { TrackNotFoundError } from '../errors/TrackErrors';
+import { CreateScanStation } from '../models/actions/CreateScanStation';
+import { UpdateScanStation } from '../models/actions/UpdateScanStation';
+import { ScanStation } from '../models/entities/ScanStation';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseScanStation } from '../models/responses/ResponseScanStation';
+import { ScanController } from './ScanController';
+
+@JsonController('/stations')
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+export class ScanStationController {
+	private stationRepository: Repository<ScanStation>;
+
+	/**
+	 * Gets the repository of this controller's model/entity.
+	 */
+	constructor() {
+		this.stationRepository = getConnectionManager().get().getRepository(ScanStation);
+	}
+
+	@Get()
+	@Authorized("STATION:GET")
+	@ResponseSchema(ResponseScanStation, { isArray: true })
+	@OpenAPI({ description: 'Lists all stations. <br> This includes their associated tracks.' })
+	async getAll() {
+		let responseStations: ResponseScanStation[] = new Array<ResponseScanStation>();
+		const stations = await this.stationRepository.find({ relations: ['track'] });
+		stations.forEach(station => {
+			responseStations.push(station.toResponse());
+		});
+		return responseStations;
+	}
+
+	@Get('/:id')
+	@Authorized("STATION:GET")
+	@ResponseSchema(ResponseScanStation)
+	@ResponseSchema(ScanStationNotFoundError, { statusCode: 404 })
+	@OnUndefined(ScanStationNotFoundError)
+	@OpenAPI({ description: 'Lists all information about the station whose id got provided. <br> This includes it\'s associated track.' })
+	async getOne(@Param('id') id: number) {
+		let scan = await this.stationRepository.findOne({ id: id }, { relations: ['track'] })
+		if (!scan) { throw new ScanStationNotFoundError(); }
+		return scan.toResponse();
+	}
+
+	@Post()
+	@Authorized("STATION:CREATE")
+	@ResponseSchema(ResponseScanStation)
+	@ResponseSchema(TrackNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: 'Create a new station. <br> Please remeber to provide the station\'s track\'s id. <br> Please also remember that the station key is only visibe on creation.' })
+	async post(@Body({ validate: true }) createStation: CreateScanStation) {
+		let newStation = await createStation.toEntity();
+		const station = await this.stationRepository.save(newStation);
+		let responseStation = (await this.stationRepository.findOne({ id: station.id }, { relations: ['track'] })).toResponse();
+		responseStation.key = newStation.cleartextkey;
+		return responseStation;
+	}
+
+	@Put('/:id')
+	@Authorized("STATION:UPDATE")
+	@ResponseSchema(ResponseScanStation)
+	@ResponseSchema(ScanStationNotFoundError, { statusCode: 404 })
+	@ResponseSchema(ScanStationIdsNotMatchingError, { statusCode: 406 })
+	@OpenAPI({ description: "Update the station whose id you provided. <br> Please remember that only the description and enabled state can be changed." })
+	async put(@Param('id') id: number, @Body({ validate: true }) station: UpdateScanStation) {
+		let oldStation = await this.stationRepository.findOne({ id: id });
+
+		if (!oldStation) {
+			throw new ScanStationNotFoundError();
+		}
+
+		if (oldStation.id != station.id) {
+			throw new ScanStationIdsNotMatchingError();
+		}
+
+		await this.stationRepository.save(await station.updateStation(oldStation));
+		return (await this.stationRepository.findOne({ id: id }, { relations: ['track'] })).toResponse();
+	}
+
+	@Delete('/:id')
+	@Authorized("STATION:DELETE")
+	@ResponseSchema(ResponseScanStation)
+	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
+	@ResponseSchema(ScanStationHasScansError, { statusCode: 406 })
+	@OnUndefined(204)
+	@OpenAPI({ description: 'Delete the station whose id you provided. <br> If no station with this id exists it will just return 204(no content). <br> If the station still has scans associated you have to provide the force=true query param (warning: this deletes all scans associated with/created by this station - please disable it instead).' })
+	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
+		let station = await this.stationRepository.findOne({ id: id });
+		if (!station) { return null; }
+
+		const stationScans = (await this.stationRepository.findOne({ id: station.id }, { relations: ["scans"] })).scans;
+		if (stationScans.length != 0 && !force) {
+			throw new ScanStationHasScansError();
+		}
+		const scanController = new ScanController;
+		for (let scan of stationScans) {
+			scanController.remove(scan.id, force);
+		}
+
+		const responseStation = await this.stationRepository.findOne({ id: station.id }, { relations: ["track"] });
+		await this.stationRepository.delete(station);
+		return responseStation.toResponse();
+	}
+}

src/controllers/StatsClientController.ts

@@ -0,0 +1,75 @@
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnectionManager, Repository } from 'typeorm';
+import { StatsClientNotFoundError } from '../errors/StatsClientErrors';
+import { TrackNotFoundError } from "../errors/TrackErrors";
+import { CreateStatsClient } from '../models/actions/CreateStatsClient';
+import { StatsClient } from '../models/entities/StatsClient';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseStatsClient } from '../models/responses/ResponseStatsClient';
+
+@JsonController('/statsclients')
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+export class StatsClientController {
+	private clientRepository: Repository<StatsClient>;
+
+	/**
+	 * Gets the repository of this controller's model/entity.
+	 */
+	constructor() {
+		this.clientRepository = getConnectionManager().get().getRepository(StatsClient);
+	}
+
+	@Get()
+	@Authorized("STATSCLIENT:GET")
+	@ResponseSchema(ResponseStatsClient, { isArray: true })
+	@OpenAPI({ description: 'Lists all stats clients. Please remember that the key can only be viewed on creation.' })
+	async getAll() {
+		let responseClients: ResponseStatsClient[] = new Array<ResponseStatsClient>();
+		const clients = await this.clientRepository.find();
+		clients.forEach(clients => {
+			responseClients.push(new ResponseStatsClient(clients));
+		});
+		return responseClients;
+	}
+
+	@Get('/:id')
+	@Authorized("STATSCLIENT:GET")
+	@ResponseSchema(ResponseStatsClient)
+	@ResponseSchema(StatsClientNotFoundError, { statusCode: 404 })
+	@OnUndefined(StatsClientNotFoundError)
+	@OpenAPI({ description: "Lists all information about the stats client whose id got provided. Please remember that the key can only be viewed on creation." })
+	async getOne(@Param('id') id: number) {
+		let client = await this.clientRepository.findOne({ id: id });
+		if (!client) { throw new TrackNotFoundError(); }
+		return new ResponseStatsClient(client);
+	}
+
+	@Post()
+	@Authorized("STATSCLIENT:CREATE")
+	@ResponseSchema(ResponseStatsClient)
+	@OpenAPI({ description: "Create a new stats client. <br> Please remember that the client\'s key will be generated automaticly and that it can only be viewed on creation." })
+	async post(
+		@Body({ validate: true })
+		client: CreateStatsClient
+	) {
+		let newClient = await this.clientRepository.save(await client.toStatsClient());
+		let responseClient = new ResponseStatsClient(newClient);
+		responseClient.key = newClient.cleartextkey;
+		return responseClient;
+	}
+
+	@Delete('/:id')
+	@Authorized("STATSCLIENT:DELETE")
+	@ResponseSchema(ResponseStatsClient)
+	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
+	@OnUndefined(204)
+	@OpenAPI({ description: "Delete the stats client whose id you provided. <br> If no client with this id exists it will just return 204(no content)." })
+	async remove(@Param("id") id: number) {
+		let client = await this.clientRepository.findOne({ id: id });
+		if (!client) { return null; }
+
+		await this.clientRepository.delete(client);
+		return new ResponseStatsClient(client);
+	}
+}

src/controllers/StatsController.ts

@@ -0,0 +1,124 @@
+import { Get, JsonController, UseBefore } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnection } from 'typeorm';
+import StatsAuth from '../middlewares/StatsAuth';
+import { Donation } from '../models/entities/Donation';
+import { Runner } from '../models/entities/Runner';
+import { RunnerOrganisation } from '../models/entities/RunnerOrganisation';
+import { RunnerTeam } from '../models/entities/RunnerTeam';
+import { Scan } from '../models/entities/Scan';
+import { User } from '../models/entities/User';
+import { ResponseStats } from '../models/responses/ResponseStats';
+import { ResponseStatsOrgnisation } from '../models/responses/ResponseStatsOrganisation';
+import { ResponseStatsRunner } from '../models/responses/ResponseStatsRunner';
+import { ResponseStatsTeam } from '../models/responses/ResponseStatsTeam';
+
+@JsonController('/stats')
+export class StatsController {
+
+    @Get()
+    @ResponseSchema(ResponseStats)
+    @OpenAPI({ description: "A very basic stats endpoint providing basic counters for a dashboard or simmilar" })
+    async get() {
+        let connection = getConnection();
+        let runners = await connection.getRepository(Runner).find({ relations: ['scans', 'scans.track'] });
+        let teams = await connection.getRepository(RunnerTeam).find();
+        let orgs = await connection.getRepository(RunnerOrganisation).find();
+        let users = await connection.getRepository(User).find();
+        let scans = await connection.getRepository(Scan).find();
+        let donations = await connection.getRepository(Donation).find({ relations: ['runner', 'runner.scans', 'runner.scans.track'] });
+        return new ResponseStats(runners, teams, orgs, users, scans, donations)
+    }
+
+    @Get("/runners/distance")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsRunner, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten runners by distance.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopRunnersByDistance() {
+        let runners = await getConnection().getRepository(Runner).find({ relations: ['scans', 'group', 'distanceDonations', 'scans.track'] });
+        let topRunners = runners.sort((runner1, runner2) => runner1.distance - runner2.distance).slice(0, 9);
+        let responseRunners: ResponseStatsRunner[] = new Array<ResponseStatsRunner>();
+        topRunners.forEach(runner => {
+            responseRunners.push(new ResponseStatsRunner(runner));
+        });
+        return responseRunners;
+    }
+
+    @Get("/runners/donations")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsRunner, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten runners by donations.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopRunnersByDonations() {
+        let runners = await getConnection().getRepository(Runner).find({ relations: ['scans', 'group', 'distanceDonations', 'scans.track'] });
+        let topRunners = runners.sort((runner1, runner2) => runner1.distanceDonationAmount - runner2.distanceDonationAmount).slice(0, 9);
+        let responseRunners: ResponseStatsRunner[] = new Array<ResponseStatsRunner>();
+        topRunners.forEach(runner => {
+            responseRunners.push(new ResponseStatsRunner(runner));
+        });
+        return responseRunners;
+    }
+
+    @Get("/scans")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsRunner, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten fastest track times (with their runner and the runner's group).", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopRunnersByTrackTime() {
+        throw new Error("Not implemented yet.")
+    }
+
+    @Get("/teams/distance")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsTeam, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten teams by distance.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopTeamsByDistance() {
+        let teams = await getConnection().getRepository(RunnerTeam).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track'] });
+        let topTeams = teams.sort((team1, team2) => team1.distance - team2.distance).slice(0, 9);
+        let responseTeams: ResponseStatsTeam[] = new Array<ResponseStatsTeam>();
+        topTeams.forEach(team => {
+            responseTeams.push(new ResponseStatsTeam(team));
+        });
+        return responseTeams;
+    }
+
+    @Get("/teams/donations")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsTeam, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten teams by donations.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopTeamsByDonations() {
+        let teams = await getConnection().getRepository(RunnerTeam).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track'] });
+        let topTeams = teams.sort((team1, team2) => team1.distanceDonationAmount - team2.distanceDonationAmount).slice(0, 9);
+        let responseTeams: ResponseStatsTeam[] = new Array<ResponseStatsTeam>();
+        topTeams.forEach(team => {
+            responseTeams.push(new ResponseStatsTeam(team));
+        });
+        return responseTeams;
+    }
+
+    @Get("/organisations/distance")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsOrgnisation, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten organisations by distance.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopOrgsByDistance() {
+        let orgs = await getConnection().getRepository(RunnerOrganisation).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.scans', 'teams.runners.distanceDonations', 'teams.runners.scans.track'] });
+        let topOrgs = orgs.sort((org1, org2) => org1.distance - org2.distance).slice(0, 9);
+        let responseOrgs: ResponseStatsOrgnisation[] = new Array<ResponseStatsOrgnisation>();
+        topOrgs.forEach(org => {
+            responseOrgs.push(new ResponseStatsOrgnisation(org));
+        });
+        return responseOrgs;
+    }
+
+    @Get("/organisations/donations")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsOrgnisation, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten organisations by donations.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopOrgsByDonations() {
+        let orgs = await getConnection().getRepository(RunnerOrganisation).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.scans', 'teams.runners.distanceDonations', 'teams.runners.scans.track'] });
+        let topOrgs = orgs.sort((org1, org2) => org1.distanceDonationAmount - org2.distanceDonationAmount).slice(0, 9);
+        let responseOrgs: ResponseStatsOrgnisation[] = new Array<ResponseStatsOrgnisation>();
+        topOrgs.forEach(org => {
+            responseOrgs.push(new ResponseStatsOrgnisation(org));
+        });
+        return responseOrgs;
+    }
+}

src/controllers/StatusController.ts

@@ -0,0 +1,22 @@
+import { Get, JsonController } from 'routing-controllers';
+import { OpenAPI } from 'routing-controllers-openapi';
+import { getConnection } from 'typeorm';
+
+@JsonController('/status')
+export class StatusController {
+
+    @Get()
+    @OpenAPI({ description: "A very basic status/health endpoint that just checks if the database connection is available. <br> The available information depth will be expanded later." })
+    get() {
+        let connection;
+        try {
+            connection = getConnection();
+        } catch {
+            throw new Error("sth is wrong, i can feel it....");
+        }
+        return {
+            "controllers": "✔",
+            "database connection": "✔"
+        };
+    }
+}

src/controllers/TrackController.ts

@@ -1,15 +1,16 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
-import { EntityFromBody } from 'typeorm-routing-controllers-extensions';
-import { TrackIdsNotMatchingError, TrackNotFoundError } from "../errors/TrackErrors";
+import { TrackHasScanStationsError, TrackIdsNotMatchingError, TrackLapTimeCantBeNegativeError, TrackNotFoundError } from "../errors/TrackErrors";
 import { CreateTrack } from '../models/actions/CreateTrack';
+import { UpdateTrack } from '../models/actions/UpdateTrack';
 import { Track } from '../models/entities/Track';
 import { ResponseEmpty } from '../models/responses/ResponseEmpty';
 import { ResponseTrack } from '../models/responses/ResponseTrack';
+import { ScanStationController } from './ScanStationController';
 
 @JsonController('/tracks')
-//@Authorized("TRACKS:read")
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 export class TrackController {
 	private trackRepository: Repository<Track>;
 
@@ -21,8 +22,9 @@ export class TrackController {
 	}
 
 	@Get()
+	@Authorized("TRACK:GET")
 	@ResponseSchema(ResponseTrack, { isArray: true })
-	@OpenAPI({ description: "Lists all tracks." })
+	@OpenAPI({ description: 'Lists all tracks.' })
 	async getAll() {
 		let responseTracks: ResponseTrack[] = new Array<ResponseTrack>();
 		const tracks = await this.trackRepository.find();
@@ -33,10 +35,11 @@ export class TrackController {
 	}
 
 	@Get('/:id')
+	@Authorized("TRACK:GET")
 	@ResponseSchema(ResponseTrack)
 	@ResponseSchema(TrackNotFoundError, { statusCode: 404 })
 	@OnUndefined(TrackNotFoundError)
-	@OpenAPI({ description: "Returns a track of a specified id (if it exists)" })
+	@OpenAPI({ description: "Lists all information about the track whose id got provided." })
 	async getOne(@Param('id') id: number) {
 		let track = await this.trackRepository.findOne({ id: id });
 		if (!track) { throw new TrackNotFoundError(); }
@@ -44,8 +47,10 @@ export class TrackController {
 	}
 
 	@Post()
+	@Authorized("TRACK:CREATE")
 	@ResponseSchema(ResponseTrack)
-	@OpenAPI({ description: "Create a new track object (id will be generated automagicly)." })
+	@ResponseSchema(TrackLapTimeCantBeNegativeError, { statusCode: 406 })
+	@OpenAPI({ description: "Create a new track. <br> Please remember that the track\'s distance must be greater than 0." })
 	async post(
 		@Body({ validate: true })
 		track: CreateTrack
@@ -54,34 +59,46 @@ export class TrackController {
 	}
 
 	@Put('/:id')
+	@Authorized("TRACK:UPDATE")
 	@ResponseSchema(ResponseTrack)
 	@ResponseSchema(TrackNotFoundError, { statusCode: 404 })
 	@ResponseSchema(TrackIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update a track object (id can't be changed)." })
-	async put(@Param('id') id: number, @EntityFromBody() track: Track) {
+	@ResponseSchema(TrackLapTimeCantBeNegativeError, { statusCode: 406 })
+	@OpenAPI({ description: "Update the track whose id you provided. <br> Please remember that ids can't be changed." })
+	async put(@Param('id') id: number, @Body({ validate: true }) updateTrack: UpdateTrack) {
 		let oldTrack = await this.trackRepository.findOne({ id: id });
 
 		if (!oldTrack) {
 			throw new TrackNotFoundError();
 		}
 
-		if (oldTrack.id != track.id) {
+		if (oldTrack.id != updateTrack.id) {
 			throw new TrackIdsNotMatchingError();
 		}
+		await this.trackRepository.save(await updateTrack.updateTrack(oldTrack));
 
-		await this.trackRepository.update(oldTrack, track);
-		return new ResponseTrack(track);
+		return new ResponseTrack(await this.trackRepository.findOne({ id: id }));
 	}
 
 	@Delete('/:id')
+	@Authorized("TRACK:DELETE")
 	@ResponseSchema(ResponseTrack)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@OnUndefined(204)
-	@OpenAPI({ description: "Delete a specified track (if it exists)." })
-	async remove(@Param("id") id: number) {
+	@OpenAPI({ description: "Delete the track whose id you provided. <br> If no track with this id exists it will just return 204(no content)." })
+	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let track = await this.trackRepository.findOne({ id: id });
 		if (!track) { return null; }
 
+		const trackStations = (await this.trackRepository.findOne({ id: id }, { relations: ["stations"] })).stations;
+		if (trackStations.length != 0 && !force) {
+			throw new TrackHasScanStationsError();
+		}
+		const scanController = new ScanStationController;
+		for (let station of trackStations) {
+			scanController.remove(station.id, force);
+		}
+
 		await this.trackRepository.delete(track);
 		return new ResponseTrack(track);
 	}

src/controllers/UserController.ts

@@ -1,15 +1,18 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
-import { EntityFromBody } from 'typeorm-routing-controllers-extensions';
 import { UserIdsNotMatchingError, UserNotFoundError } from '../errors/UserErrors';
 import { UserGroupNotFoundError } from '../errors/UserGroupErrors';
 import { CreateUser } from '../models/actions/CreateUser';
+import { UpdateUser } from '../models/actions/UpdateUser';
 import { User } from '../models/entities/User';
 import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseUser } from '../models/responses/ResponseUser';
+import { PermissionController } from './PermissionController';
 
 
 @JsonController('/users')
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 export class UserController {
 	private userRepository: Repository<User>;
 
@@ -21,25 +24,35 @@ export class UserController {
 	}
 
 	@Get()
+	@Authorized("USER:GET")
 	@ResponseSchema(User, { isArray: true })
-	@OpenAPI({ description: 'Lists all users.' })
-	getAll() {
-		return this.userRepository.find();
+	@OpenAPI({ description: 'Lists all users. <br> This includes their groups and permissions directly granted to them (if existing/associated).' })
+	async getAll() {
+		let responseUsers: ResponseUser[] = new Array<ResponseUser>();
+		const users = await this.userRepository.find({ relations: ['permissions', 'groups', 'groups.permissions'] });
+		users.forEach(user => {
+			responseUsers.push(new ResponseUser(user));
+		});
+		return responseUsers;
 	}
 
 	@Get('/:id')
+	@Authorized("USER:GET")
 	@ResponseSchema(User)
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@OnUndefined(UserNotFoundError)
-	@OpenAPI({ description: 'Returns a user of a specified id (if it exists)' })
-	getOne(@Param('id') id: number) {
-		return this.userRepository.findOne({ id: id });
+	@OpenAPI({ description: 'Lists all information about the user whose id got provided. <br> Please remember that only permissions granted directly to the user will show up here, not permissions inherited from groups.' })
+	async getOne(@Param('id') id: number) {
+		let user = await this.userRepository.findOne({ id: id }, { relations: ['permissions', 'groups', 'groups.permissions'] })
+		if (!user) { throw new UserNotFoundError(); }
+		return new ResponseUser(user);
 	}
 
 	@Post()
+	@Authorized("USER:CREATE")
 	@ResponseSchema(User)
 	@ResponseSchema(UserGroupNotFoundError)
-	@OpenAPI({ description: 'Create a new user object (id will be generated automagicly).' })
+	@OpenAPI({ description: 'Create a new user. <br> If you want to grant permissions to the user you have to create them seperately by posting to /api/permissions after creating the user.' })
 	async post(@Body({ validate: true }) createUser: CreateUser) {
 		let user;
 		try {
@@ -48,41 +61,48 @@ export class UserController {
 			throw error;
 		}
 
-		return this.userRepository.save(user);
+		user = await this.userRepository.save(user)
+		return new ResponseUser(await this.userRepository.findOne({ id: user.id }, { relations: ['permissions', 'groups'] }));
 	}
 
 	@Put('/:id')
+	@Authorized("USER:UPDATE")
 	@ResponseSchema(User)
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update a user object (id can't be changed)." })
-	async put(@Param('id') id: number, @EntityFromBody() user: User) {
+	@OpenAPI({ description: "Update the user whose id you provided. <br> To change the permissions directly granted to the user please use /api/permissions instead. <br> Please remember that ids can't be changed." })
+	async put(@Param('id') id: number, @Body({ validate: true }) updateUser: UpdateUser) {
 		let oldUser = await this.userRepository.findOne({ id: id });
 
 		if (!oldUser) {
 			throw new UserNotFoundError();
 		}
 
-		if (oldUser.id != user.id) {
+		if (oldUser.id != updateUser.id) {
 			throw new UserIdsNotMatchingError();
 		}
+		await this.userRepository.save(await updateUser.updateUser(oldUser));
 
-		await this.userRepository.update(oldUser, user);
-		return user;
+		return new ResponseUser(await this.userRepository.findOne({ id: id }, { relations: ['permissions', 'groups'] }));
 	}
 
 	@Delete('/:id')
+	@Authorized("USER:DELETE")
 	@ResponseSchema(User)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@OnUndefined(204)
-	@OpenAPI({ description: 'Delete a specified runner (if it exists).' })
-	async remove(@Param("id") id: number) {
+	@OpenAPI({ description: 'Delete the user whose id you provided. <br> If there are any permissions directly granted to the user they will get deleted as well. <br> If no user with this id exists it will just return 204(no content).' })
+	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let user = await this.userRepository.findOne({ id: id });
-		if (!user) {
-			return null;
+		if (!user) { return null; }
+		const responseUser = await this.userRepository.findOne({ id: id }, { relations: ['permissions', 'groups'] });;
+
+		const permissionControler = new PermissionController();
+		for (let permission of responseUser.permissions) {
+			await permissionControler.remove(permission.id, true);
 		}
 
 		await this.userRepository.delete(user);
-		return user;
+		return new ResponseUser(responseUser);
 	}
 }

src/controllers/UserGroupController.ts

@@ -1,4 +1,4 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { EntityFromBody } from 'typeorm-routing-controllers-extensions';
@@ -6,9 +6,12 @@ import { UserGroupIdsNotMatchingError, UserGroupNotFoundError } from '../errors/
 import { CreateUserGroup } from '../models/actions/CreateUserGroup';
 import { UserGroup } from '../models/entities/UserGroup';
 import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseUserGroup } from '../models/responses/ResponseUserGroup';
+import { PermissionController } from './PermissionController';
 
 
 @JsonController('/usergroups')
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 export class UserGroupController {
 	private userGroupsRepository: Repository<UserGroup>;
 
@@ -20,25 +23,28 @@ export class UserGroupController {
 	}
 
 	@Get()
+	@Authorized("USERGROUP:GET")
 	@ResponseSchema(UserGroup, { isArray: true })
-	@OpenAPI({ description: 'Lists all usergroups.' })
+	@OpenAPI({ description: 'Lists all groups. <br> The information provided might change while the project continues to evolve.' })
 	getAll() {
-		return this.userGroupsRepository.find();
+		return this.userGroupsRepository.find({ relations: ["permissions"] });
 	}
 
 	@Get('/:id')
+	@Authorized("USERGROUP:GET")
 	@ResponseSchema(UserGroup)
 	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
 	@OnUndefined(UserGroupNotFoundError)
-	@OpenAPI({ description: 'Returns a usergroup of a specified id (if it exists)' })
+	@OpenAPI({ description: 'Lists all information about the group whose id got provided. <br> The information provided might change while the project continues to evolve.' })
 	getOne(@Param('id') id: number) {
-		return this.userGroupsRepository.findOne({ id: id });
+		return this.userGroupsRepository.findOne({ id: id }, { relations: ["permissions"] });
 	}
 
 	@Post()
+	@Authorized("USERGROUP:CREATE")
 	@ResponseSchema(UserGroup)
 	@ResponseSchema(UserGroupNotFoundError)
-	@OpenAPI({ description: 'Create a new usergroup object (id will be generated automagicly).' })
+	@OpenAPI({ description: 'Create a new group. <br> If you want to grant permissions to the group you have to create them seperately by posting to /api/permissions after creating the group.' })
 	async post(@Body({ validate: true }) createUserGroup: CreateUserGroup) {
 		let userGroup;
 		try {
@@ -51,12 +57,13 @@ export class UserGroupController {
 	}
 
 	@Put('/:id')
+	@Authorized("USERGROUP:UPDATE")
 	@ResponseSchema(UserGroup)
 	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserGroupIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update a usergroup object (id can't be changed)." })
+	@OpenAPI({ description: "Update the group whose id you provided. <br> To change the permissions granted to the group please use /api/permissions instead. <br> Please remember that ids can't be changed." })
 	async put(@Param('id') id: number, @EntityFromBody() userGroup: UserGroup) {
-		let oldUserGroup = await this.userGroupsRepository.findOne({ id: id });
+		let oldUserGroup = await this.userGroupsRepository.findOne({ id: id }, { relations: ["permissions"] });
 
 		if (!oldUserGroup) {
 			throw new UserGroupNotFoundError()
@@ -66,22 +73,27 @@ export class UserGroupController {
 			throw new UserGroupIdsNotMatchingError();
 		}
 
-		await this.userGroupsRepository.update(oldUserGroup, userGroup);
+		await this.userGroupsRepository.save(userGroup);
 		return userGroup;
 	}
 
 	@Delete('/:id')
-	@ResponseSchema(UserGroup)
+	@Authorized("USERGROUP:DELETE")
+	@ResponseSchema(ResponseUserGroup)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@OnUndefined(204)
-	@OpenAPI({ description: 'Delete a specified usergroup (if it exists).' })
-	async remove(@Param("id") id: number) {
-		let group = await this.userGroupsRepository.findOne({ id: id });
-		if (!group) {
-			return null;
+	@OpenAPI({ description: 'Delete the group whose id you provided. <br> If there are any permissions directly granted to the group they will get deleted as well. <br> Users associated with this group won\'t get deleted - just deassociated. <br> If no group with this id exists it will just return 204(no content).' })
+	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
+		let group = await this.userGroupsRepository.findOne({ id: id }, { relations: ["permissions"] });
+		if (!group) { return null; }
+		const responseGroup = await this.userGroupsRepository.findOne({ id: id }, { relations: ['permissions'] });
+
+		const permissionControler = new PermissionController();
+		for (let permission of responseGroup.permissions) {
+			await permissionControler.remove(permission.id, true);
 		}
 
 		await this.userGroupsRepository.delete(group);
-		return group;
+		return new ResponseUserGroup(responseGroup);
 	}
 }

src/errors/AuthError.ts

@@ -1,63 +1,57 @@
 import { IsString } from 'class-validator';
 import { ForbiddenError, NotAcceptableError, NotFoundError, UnauthorizedError } from 'routing-controllers';
 
-/**
- * Error to throw when a jwt is expired.
- */
-export class ExpiredJWTError extends UnauthorizedError {
-	@IsString()
-	name = "ExpiredJWTError"
-
-	@IsString()
-	message = "your provided jwt is expired"
-}
-
 /**
  * Error to throw when a jwt could not be parsed.
+ * For example: Wrong signature or expired.
  */
 export class IllegalJWTError extends UnauthorizedError {
 	@IsString()
 	name = "IllegalJWTError"
 
 	@IsString()
-	message = "your provided jwt could not be parsed"
+	message = "Your provided jwt could not be parsed."
 }
 
 /**
  * Error to throw when user is nonexistant or refreshtoken is invalid.
+ * This can happen if someone provides a JWT with a invalid user id or the refreshTokenCount of the user is higher that the provided jwt's is.
  */
 export class UserNonexistantOrRefreshtokenInvalidError extends UnauthorizedError {
 	@IsString()
 	name = "UserNonexistantOrRefreshtokenInvalidError"
 
 	@IsString()
-	message = "user is nonexistant or refreshtoken is invalid"
+	message = "User is nonexistant or refreshtoken is invalid."
 }
 
 /**
  * Error to throw when provided credentials are invalid.
+ * We don't have seperate errors for username/mail and passwords to protect against guessing attacks.
  */
 export class InvalidCredentialsError extends UnauthorizedError {
 	@IsString()
 	name = "InvalidCredentialsError"
 
 	@IsString()
-	message = "your provided credentials are invalid"
+	message = "Your provided credentials are invalid."
 }
 
 /**
  * Error to throw when a jwt does not have permission for this route/action.
+ * Mainly used be the @Authorized decorator (via the authchecker).
  */
 export class NoPermissionError extends ForbiddenError {
 	@IsString()
 	name = "NoPermissionError"
 
 	@IsString()
-	message = "your provided jwt does not have permission for this route/ action"
+	message = "Your provided jwt does not have permission for this route/ action."
 }
 
 /**
  * Error to throw when no username and no email is set.
+ * Because we have to identify users somehow.
  */
 export class UsernameOrEmailNeededError extends NotAcceptableError {
 	@IsString()
@@ -68,47 +62,48 @@ export class UsernameOrEmailNeededError extends NotAcceptableError {
 }
 
 /**
- * Error to throw when no password is provided.
+ * Error to throw when no password is provided for a new user.
+ * Passwords are the minimum we need for user security.
  */
 export class PasswordNeededError extends NotAcceptableError {
 	@IsString()
 	name = "PasswordNeededError"
 
 	@IsString()
-	message = "no password is provided - you need to provide it"
+	message = "No password is provided - you need to provide it."
 }
 
 /**
- * Error to throw when no user could be found mating the provided credential.
+ * Error to throw when no user could be found for a certain query.
  */
 export class UserNotFoundError extends NotFoundError {
 	@IsString()
 	name = "UserNotFoundError"
 
 	@IsString()
-	message = "no user could be found for provided credential"
+	message = "The user you provided couldn't be located in the system. \n Please check your request."
 }
 
 /**
- * Error to throw when no jwt token was provided (but one had to be).
+ * Error to throw when no jwt was provided (but one had to be).
  */
 export class JwtNotProvidedError extends NotAcceptableError {
 	@IsString()
 	name = "JwtNotProvidedError"
 
 	@IsString()
-	message = "no jwt token was provided"
+	message = "No jwt was provided."
 }
 
 /**
- * Error to throw when user was not found or refresh token count was invalid.
+ * Error to throw when user was not found or the jwt's refresh token count was invalid.
  */
 export class UserNotFoundOrRefreshTokenCountInvalidError extends NotAcceptableError {
 	@IsString()
 	name = "UserNotFoundOrRefreshTokenCountInvalidError"
 
 	@IsString()
-	message = "user was not found or refresh token count was invalid"
+	message = "User was not found or the refresh token count is invalid."
 }
 
 /**
@@ -119,5 +114,27 @@ export class RefreshTokenCountInvalidError extends NotAcceptableError {
 	name = "RefreshTokenCountInvalidError"
 
 	@IsString()
-	message = "refresh token count was invalid"
+	message = "Refresh token count is invalid."
+}
+
+/**
+ * Error to throw when someone tryes to reset a user's password more than once in 15 minutes.
+ */
+export class ResetAlreadyRequestedError extends NotAcceptableError {
+	@IsString()
+	name = "ResetAlreadyRequestedError"
+
+	@IsString()
+	message = "You already requested a password reset in the last 15 minutes. \n Please wait until the old reset code expires before requesting a new one."
+}
+
+/**
+ * Error to throw when someone tries a disabled user's password or login as a disabled user.
+ */
+export class UserDisabledError extends NotAcceptableError {
+	@IsString()
+	name = "UserDisabledError"
+
+	@IsString()
+	message = "This user is currently disabled. \n Please contact your administrator if this is a mistake."
 }

src/errors/DonorErrors.ts

@@ -0,0 +1,36 @@
+import { IsString } from 'class-validator';
+import { NotAcceptableError, NotFoundError } from 'routing-controllers';
+
+/**
+ * Error to throw when a donor couldn't be found.
+ */
+export class DonorNotFoundError extends NotFoundError {
+	@IsString()
+	name = "DonorNotFoundError"
+
+	@IsString()
+	message = "Donor not found!"
+}
+
+/**
+ * Error to throw when two donors' ids don't match.
+ * Usually occurs when a user tries to change a donor's id.
+ */
+export class DonorIdsNotMatchingError extends NotAcceptableError {
+	@IsString()
+	name = "DonorIdsNotMatchingError"
+
+	@IsString()
+	message = "The ids don't match! \n And if you wanted to change a donor's id: This isn't allowed!"
+}
+
+/**
+ * Error to throw when a donor needs a receipt, but no address is associated with them.
+ */
+export class DonorReceiptAddressNeededError extends NotAcceptableError {
+	@IsString()
+	name = "DonorReceiptAddressNeededError"
+
+	@IsString()
+	message = "An address is needed to create a receipt for a donor. \n You didn't provide one."
+}

src/errors/PermissionErrors.ts

@@ -0,0 +1,36 @@
+import { IsString } from 'class-validator';
+import { NotAcceptableError, NotFoundError } from 'routing-controllers';
+
+/**
+ * Error to throw when a permission couldn't be found.
+ */
+export class PermissionNotFoundError extends NotFoundError {
+	@IsString()
+	name = "PermissionNotFoundError"
+
+	@IsString()
+	message = "Permission not found!"
+}
+
+/**
+ * Error to throw when two permissions' ids don't match.
+ * Usually occurs when a user tries to change a permission's id.
+ */
+export class PermissionIdsNotMatchingError extends NotAcceptableError {
+	@IsString()
+	name = "PermissionIdsNotMatchingError"
+
+	@IsString()
+	message = "The ids don't match! \n And if you wanted to change a permission's id: This isn't allowed!"
+}
+
+/**
+ * Error to throw when a permission gets provided without a principal.
+ */
+export class PermissionNeedsPrincipalError extends NotAcceptableError {
+	@IsString()
+	name = "PermissionNeedsPrincipalError"
+
+	@IsString()
+	message = "You provided no principal for this permission."
+}

src/errors/PrincipalErrors.ts

@@ -0,0 +1,24 @@
+import { IsString } from 'class-validator';
+import { NotAcceptableError, NotFoundError } from 'routing-controllers';
+
+/**
+ * Error to throw when a user couldn't be found.
+ */
+export class PrincipalNotFoundError extends NotFoundError {
+	@IsString()
+	name = "PrincipalNotFoundError"
+
+	@IsString()
+	message = "Principal not found!"
+}
+
+/**
+ * Error to throw, when a provided runnerOrganisation doesn't belong to the accepted types.
+ */
+export class PrincipalWrongTypeError extends NotAcceptableError {
+	@IsString()
+	name = "PrincipalWrongTypeError"
+
+	@IsString()
+	message = "The princial must have an existing principal's id. \n You provided a object of another type."
+}

src/errors/RunnerErrors.ts

@@ -3,7 +3,6 @@ import { NotAcceptableError, NotFoundError } from 'routing-controllers';
 
 /**
  * Error to throw when a runner couldn't be found.
- * Implemented this ways to work with the json-schema conversion for openapi.
  */
 export class RunnerNotFoundError extends NotFoundError {
 	@IsString()
@@ -16,14 +15,13 @@ export class RunnerNotFoundError extends NotFoundError {
 /**
  * Error to throw when two runners' ids don't match.
  * Usually occurs when a user tries to change a runner's id.
- * Implemented this ways to work with the json-schema conversion for openapi.
  */
 export class RunnerIdsNotMatchingError extends NotAcceptableError {
 	@IsString()
 	name = "RunnerIdsNotMatchingError"
 
 	@IsString()
-	message = "The id's don't match!! \n And if you wanted to change a runner's id: This isn't allowed"
+	message = "The ids don't match! \n And if you wanted to change a runner's id: This isn't allowed!"
 }
 
 /**

src/errors/RunnerGroupErrors.ts

@@ -3,7 +3,6 @@ import { NotFoundError } from 'routing-controllers';
 
 /**
  * Error to throw when a runner group couldn't be found.
- * Implemented this ways to work with the json-schema conversion for openapi.
  */
 export class RunnerGroupNotFoundError extends NotFoundError {
 	@IsString()

src/errors/RunnerOrganisationErrors.ts

@@ -3,7 +3,6 @@ import { NotAcceptableError, NotFoundError } from 'routing-controllers';
 
 /**
  * Error to throw when a runner organisation couldn't be found.
- * Implemented this ways to work with the json-schema conversion for openapi.
  */
 export class RunnerOrganisationNotFoundError extends NotFoundError {
 	@IsString()
@@ -15,39 +14,36 @@ export class RunnerOrganisationNotFoundError extends NotFoundError {
 
 /**
  * Error to throw when two runner organisations' ids don't match.
- * Usually occurs when a user tries to change a runner's id.
- * Implemented this way to work with the json-schema conversion for openapi.
+ * Usually occurs when a user tries to change a runner organisation's id.
  */
 export class RunnerOrganisationIdsNotMatchingError extends NotAcceptableError {
 	@IsString()
 	name = "RunnerOrganisationIdsNotMatchingError"
 
 	@IsString()
-	message = "The id's don't match!! \n And if you wanted to change a runner's id: This isn't allowed"
+	message = "The ids don't match! \n And if you wanted to change a runner organisation's id: This isn't allowed!"
 }
 
 /**
  * Error to throw when a organisation still has runners associated.
- * Implemented this waysto work with the json-schema conversion for openapi.
  */
 export class RunnerOrganisationHasRunnersError extends NotAcceptableError {
 	@IsString()
 	name = "RunnerOrganisationHasRunnersError"
 
 	@IsString()
-	message = "This organisation still has runners associated with it. \n If you want to delete this organisation with all it's runners and teams ass `?force` to your query."
+	message = "This organisation still has runners associated with it. \n If you want to delete this organisation with all it's runners and teams add `?force` to your query."
 }
 
 /**
- * Error to throw when a organisation still has runners associated.
- * Implemented this waysto work with the json-schema conversion for openapi.
+ * Error to throw when a organisation still has teams associated.
  */
 export class RunnerOrganisationHasTeamsError extends NotAcceptableError {
 	@IsString()
 	name = "RunnerOrganisationHasTeamsError"
 
 	@IsString()
-	message = "This organisation still has teams associated with it. \n If you want to delete this organisation with all it's runners and teams ass `?force` to your query."
+	message = "This organisation still has teams associated with it. \n If you want to delete this organisation with all it's runners and teams add `?force` to your query."
 }
 
 /**

src/errors/RunnerTeamErrors.ts

@@ -3,7 +3,6 @@ import { NotAcceptableError, NotFoundError } from 'routing-controllers';
 
 /**
  * Error to throw when a runner team couldn't be found.
- * Implemented this ways to work with the json-schema conversion for openapi.
  */
 export class RunnerTeamNotFoundError extends NotFoundError {
 	@IsString()
@@ -15,32 +14,29 @@ export class RunnerTeamNotFoundError extends NotFoundError {
 
 /**
  * Error to throw when two runner teams' ids don't match.
- * Usually occurs when a user tries to change a runner's id.
- * Implemented this way to work with the json-schema conversion for openapi.
+ * Usually occurs when a user tries to change a runner team's id.
  */
 export class RunnerTeamIdsNotMatchingError extends NotAcceptableError {
 	@IsString()
 	name = "RunnerTeamIdsNotMatchingError"
 
 	@IsString()
-	message = "The id's don't match!! \n And if you wanted to change a runner's id: This isn't allowed"
+	message = "The ids don't match! \n And if you wanted to change a runner's id: This isn't allowed!"
 }
 
 /**
  * Error to throw when a team still has runners associated.
- * Implemented this waysto work with the json-schema conversion for openapi.
  */
 export class RunnerTeamHasRunnersError extends NotAcceptableError {
 	@IsString()
 	name = "RunnerTeamHasRunnersError"
 
 	@IsString()
-	message = "This team still has runners associated with it. \n If you want to delete this team with all it's runners and teams ass `?force` to your query."
+	message = "This team still has runners associated with it. \n If you want to delete this team with all it's runners and teams add `?force` to your query."
 }
 
 /**
  * Error to throw when a team still has runners associated.
- * Implemented this waysto work with the json-schema conversion for openapi.
  */
 export class RunnerTeamNeedsParentError extends NotAcceptableError {
 	@IsString()

src/errors/ScanErrors.ts

@@ -0,0 +1,25 @@
+import { IsString } from 'class-validator';
+import { NotAcceptableError, NotFoundError } from 'routing-controllers';
+
+/**
+ * Error to throw when a Scan couldn't be found.
+ */
+export class ScanNotFoundError extends NotFoundError {
+	@IsString()
+	name = "ScanNotFoundError"
+
+	@IsString()
+	message = "Scan not found!"
+}
+
+/**
+ * Error to throw when two Scans' ids don't match.
+ * Usually occurs when a user tries to change a Scan's id.
+ */
+export class ScanIdsNotMatchingError extends NotAcceptableError {
+	@IsString()
+	name = "ScanIdsNotMatchingError"
+
+	@IsString()
+	message = "The ids don't match! \n And if you wanted to change a Scan's id: This isn't allowed!"
+}

src/errors/ScanStationErrors.ts

@@ -0,0 +1,36 @@
+import { IsString } from 'class-validator';
+import { NotAcceptableError, NotFoundError } from 'routing-controllers';
+
+/**
+ * Error to throw, when a non-existant scan station get's loaded.
+ */
+export class ScanStationNotFoundError extends NotFoundError {
+	@IsString()
+	name = "ScanStationNotFoundError"
+
+	@IsString()
+	message = "The scan station you provided couldn't be located in the system. \n Please check your request."
+}
+
+/**
+ * Error to throw when two scan stations' ids don't match.
+ * Usually occurs when a user tries to change a scan station's id.
+ */
+export class ScanStationIdsNotMatchingError extends NotAcceptableError {
+	@IsString()
+	name = "ScanStationIdsNotMatchingError"
+
+	@IsString()
+	message = "The ids don't match! \n And if you wanted to change a scan station's id: This isn't allowed!"
+}
+
+/**
+ * Error to throw when a station still has scans associated.
+ */
+export class ScanStationHasScansError extends NotAcceptableError {
+	@IsString()
+	name = "ScanStationHasScansError"
+
+	@IsString()
+	message = "This station still has scans associated with it. \n If you want to delete this station with all it's scans add `?force` to your query."
+}

src/errors/StatsClientErrors.ts

@@ -0,0 +1,25 @@
+import { IsString } from 'class-validator';
+import { NotAcceptableError, NotFoundError } from 'routing-controllers';
+
+/**
+ * Error to throw, when a non-existant stats client get's loaded.
+ */
+export class StatsClientNotFoundError extends NotFoundError {
+	@IsString()
+	name = "StatsClientNotFoundError"
+
+	@IsString()
+	message = "The stats client you provided couldn't be located in the system. \n Please check your request."
+}
+
+/**
+ * Error to throw when two stats clients' ids don't match.
+ * Usually occurs when a user tries to change a stats client's id.
+ */
+export class StatsClientIdsNotMatchingError extends NotAcceptableError {
+	@IsString()
+	name = "StatsClientIdsNotMatchingError"
+
+	@IsString()
+	message = "The ids don't match! \n And if you wanted to change a stats client's id: This isn't allowed!"
+}

src/errors/TrackErrors.ts

@@ -1,9 +1,8 @@
-import { JsonController, Param, Body, Get, Post, Put, Delete, NotFoundError, OnUndefined, NotAcceptableError } from 'routing-controllers';
-import { IsInt, IsNotEmpty, IsPositive, IsString } from 'class-validator';
+import { IsString } from 'class-validator';
+import { NotAcceptableError, NotFoundError } from 'routing-controllers';
 
 /**
  * Error to throw when a track couldn't be found.
- * Implemented this ways to work with the json-schema conversion for openapi.
  */
 export class TrackNotFoundError extends NotFoundError {
 	@IsString()
@@ -16,12 +15,30 @@ export class TrackNotFoundError extends NotFoundError {
 /**
  * Error to throw when two tracks' ids don't match.
  * Usually occurs when a user tries to change a track's id.
- * Implemented this ways to work with the json-schema conversion for openapi.
  */
 export class TrackIdsNotMatchingError extends NotAcceptableError {
 	@IsString()
 	name = "TrackIdsNotMatchingError"
 
 	@IsString()
-	message = "The id's don't match!! \n And if you wanted to change a track's id: This isn't allowed"
+	message = "The ids don't match! \n And if you wanted to change a track's id: This isn't allowed"
+}
+
+/**
+ * Error to throw when a track's lap time is set to a negative value.
+ */
+export class TrackLapTimeCantBeNegativeError extends NotAcceptableError {
+	@IsString()
+	name = "TrackLapTimeCantBeNegativeError"
+
+	@IsString()
+	message = "The minimum lap time you provided is negative - That isn't possible. \n If you wanted to disable it: Just set it to 0/null."
+}
+
+export class TrackHasScanStationsError extends NotAcceptableError {
+	@IsString()
+	name = "TrackHasScanStationsError"
+
+	@IsString()
+	message = "This track still has stations associated with it. \n If you want to delete this track with all it's stations and scans add `?force` to your query."
 }

src/errors/UserErrors.ts

@@ -3,14 +3,15 @@ import { NotAcceptableError, NotFoundError } from 'routing-controllers';
 
 
 /**
- * Error to throw when no username or email is set
+ * Error to throw when no username or email is set.
+ * We somehow need to identify you :)
  */
 export class UsernameOrEmailNeededError extends NotFoundError {
 	@IsString()
 	name = "UsernameOrEmailNeededError"
 
 	@IsString()
-	message = "no username or email is set!"
+	message = "No username or email is set!"
 }
 
 /**
@@ -33,5 +34,5 @@ export class UserIdsNotMatchingError extends NotAcceptableError {
 	name = "UserIdsNotMatchingError"
 
 	@IsString()
-	message = "The id's don't match!! \n And if you wanted to change a user's id: This isn't allowed"
+	message = "The ids don't match!! \n And if you wanted to change a user's id: This isn't allowed!"
 }

src/errors/UserGroupErrors.ts

@@ -2,14 +2,14 @@ import { IsString } from 'class-validator';
 import { NotAcceptableError, NotFoundError } from 'routing-controllers';
 
 /**
- * Error to throw when no groupname is set
+ * Error to throw when no groupname is set.
  */
 export class GroupNameNeededError extends NotFoundError {
 	@IsString()
 	name = "GroupNameNeededError"
 
 	@IsString()
-	message = "no groupname is set!"
+	message = "No name is set for this group!"
 }
 
 /**
@@ -32,5 +32,5 @@ export class UserGroupIdsNotMatchingError extends NotAcceptableError {
 	name = "UserGroupIdsNotMatchingError"
 
 	@IsString()
-	message = "The id's don't match!! \n If you wanted to change a usergroup's id: This isn't allowed"
+	message = "The ids don't match!! \n If you wanted to change a usergroup's id: This isn't allowed!"
 }

src/jwtcreator.ts

@@ -0,0 +1,111 @@
+import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsString, IsUUID } from 'class-validator';
+import * as jsonwebtoken from "jsonwebtoken";
+import { config } from './config';
+import { User } from './models/entities/User';
+
+/**
+ * This class is responsible for all things JWT creation.
+ */
+export class JwtCreator {
+    /**
+     * Creates a new refresh token for a given user
+     * @param user User entity that the refresh token shall be created for
+     * @param expiry_timestamp Timestamp for the token expiry. Will be generated if not provided.
+     */
+    public static createRefresh(user: User, expiry_timestamp?: number) {
+        if (!expiry_timestamp) { expiry_timestamp = Math.floor(Date.now() / 1000) + 10 * 36000; }
+        return jsonwebtoken.sign({
+            refreshTokenCount: user.refreshTokenCount,
+            id: user.id,
+            exp: expiry_timestamp
+        }, config.jwt_secret)
+    }
+
+    /**
+     * Creates a new access token for a given user
+     * @param user User entity that the access token shall be created for
+     * @param expiry_timestamp Timestamp for the token expiry. Will be generated if not provided.
+     */
+    public static createAccess(user: User, expiry_timestamp?: number) {
+        if (!expiry_timestamp) { expiry_timestamp = Math.floor(Date.now() / 1000) + 10 * 36000; }
+        return jsonwebtoken.sign({
+            userdetails: new JwtUser(user),
+            exp: expiry_timestamp
+        }, config.jwt_secret)
+    }
+
+    /**
+     * Creates a new password reset token for a given user.
+     * The token is valid for 15 minutes or 1 use - whatever comes first.
+     * @param user User entity that the password reset token shall be created for
+     */
+    public static createReset(user: User) {
+        let expiry_timestamp = Math.floor(Date.now() / 1000) + 15 * 60;
+        return jsonwebtoken.sign({
+            id: user.id,
+            refreshTokenCount: user.refreshTokenCount,
+            exp: expiry_timestamp
+        }, config.jwt_secret)
+    }
+}
+
+/**
+ * Special variant of the user class that 
+ */
+export class JwtUser {
+    @IsInt()
+    id: number;
+
+    @IsUUID(4)
+    uuid: string;
+
+    @IsOptional()
+    @IsEmail()
+    email?: string;
+
+    @IsOptional()
+    @IsString()
+    username?: string;
+
+    @IsString()
+    @IsNotEmpty()
+    firstname: string;
+
+    @IsString()
+    @IsOptional()
+    middlename?: string;
+
+    @IsString()
+    @IsNotEmpty()
+    lastname: string;
+
+    permissions: string[];
+
+    @IsBoolean()
+    enabled: boolean;
+
+    @IsInt()
+    @IsNotEmpty()
+    refreshTokenCount?: number;
+
+    @IsString()
+    @IsOptional()
+    profilePic?: string;
+
+    /**
+     * Creates a new instance of this class based on a provided user entity.
+     * @param user User entity that shall be encapsulated in a jwt.
+     */
+    public constructor(user: User) {
+        this.id = user.id;
+        this.firstname = user.firstname;
+        this.middlename = user.middlename;
+        this.lastname = user.lastname;
+        this.username = user.username;
+        this.email = user.email;
+        this.refreshTokenCount = user.refreshTokenCount;
+        this.uuid = user.uuid;
+        this.profilePic = user.profilePic;
+        this.permissions = user.allPermissions;
+    }
+}

src/loaders/database.ts

@@ -4,6 +4,7 @@ import { User } from '../models/entities/User';
 import SeedUsers from '../seeds/SeedUsers';
 /**
  * Loader for the database that creates the database connection and initializes the database tabels.
+ * It also triggers the seeding process if no users got detected in the database.
  */
 export default async () => {
     const connection = await createConnection();

src/loaders/express.ts

@@ -2,10 +2,12 @@ import cookieParser from "cookie-parser";
 import { Application } from "express";
 /**
  * Loader for express related configurations.
- * Currently only enables the proxy trust.
+ * Configures proxy trusts, globally used middlewares and other express features.
  */
 export default async (app: Application) => {
 	app.enable('trust proxy');
+	app.disable('x-powered-by');
+	app.disable('x-served-by');
 	app.use(cookieParser());
 	return app;
 };

src/loaders/index.ts

@@ -5,6 +5,7 @@ import openapiLoader from "./openapi";
 
 /**
  * Index Loader that executes the other loaders in the right order.
+ * This basicly exists for abstraction and a overall better dev experience.
  */
 export default async (app: Application) => {
     await databaseLoader();

src/loaders/openapi.ts

@@ -1,11 +1,12 @@
 import { validationMetadatasToSchemas } from "class-validator-jsonschema";
-import { Application } from "express";
+import express, { Application } from "express";
+import path from 'path';
 import { getMetadataArgsStorage } from "routing-controllers";
 import { routingControllersToSpec } from "routing-controllers-openapi";
-import * as swaggerUiExpress from "swagger-ui-express";
 
 /**
- * Loader for everything openapi related - from creating the schema to serving it via a static route.
+ * Loader for everything openapi related - from creating the schema to serving it via a static route and swaggerUiExpress.
+ * All auth schema related stuff also has to be configured here
  */
 export default async (app: Application) => {
   const storage = getMetadataArgsStorage();
@@ -26,29 +27,37 @@ export default async (app: Application) => {
           "AuthToken": {
             "type": "http",
             "scheme": "bearer",
-            "bearerFormat": "JWT"
+            "bearerFormat": "JWT",
+            description: "A JWT based access token. Use /api/auth/login or /api/auth/refresh to get one."
+          },
+          "RefreshTokenCookie": {
+            "type": "apiKey",
+            "in": "cookie",
+            "name": "lfk_backend__refresh_token",
+            description: "A cookie containing a JWT based refreh token. Attention: Doesn't work in swagger-ui. Use /api/auth/login or /api/auth/refresh to get one."
+          },
+          "StatsApiToken": {
+            "type": "http",
+            "scheme": "bearer",
+            description: "Api token that can be obtained by creating a new stats client (post to /api/statsclients). Only valid for obtaining stats."
+          },
+          "StationApiToken": {
+            "type": "http",
+            "scheme": "bearer",
+            description: "Api token that can be obtained by creating a new scan station (post to /api/stations). Only valid for creating scans."
           }
         }
       },
       info: {
         description: "The the backend API for the LfK! runner system.",
         title: "LfK! Backend API",
-        version: "1.0.0",
+        version: "0.0.8",
       },
     }
   );
-
-  //Options for swaggerUiExpress
-  const options = {
-    explorer: true,
-  };
-  app.use(
-    "/api/docs",
-    swaggerUiExpress.serve,
-    swaggerUiExpress.setup(spec, options)
-  );
-  app.get(["/api/openapi.json", "/api/swagger.json"], (req, res) => {
+  app.get(["/api/docs/openapi.json", "/api/docs/swagger.json"], (req, res) => {
     res.json(spec);
   });
+  app.use('/api/docs', express.static(path.join(__dirname, '../static/docs'), { index: "index.html", extensions: ['html'] }));
   return app;
 };

src/middlewares/ErrorHandler.ts

@@ -1,7 +1,7 @@
 import { ExpressErrorMiddlewareInterface, Middleware } from "routing-controllers";
 
 /**
- * Our Error handling middlware that returns our custom httperrors to the user
+ * Our Error handling middlware that returns our custom httperrors to the user.
  */
 @Middleware({ type: "after" })
 export class ErrorHandler implements ExpressErrorMiddlewareInterface {

src/middlewares/RawBody.ts

@@ -0,0 +1,23 @@
+import { Request, Response } from 'express';
+
+/**
+ * Custom express middleware that appends the raw body to the request obeject.
+ * Mainly used for parsing csvs from boddies.
+ */
+
+const RawBodyMiddleware = (req: Request, res: Response, next: () => void) => {
+    const body = []
+    req.on('data', chunk => {
+        body.push(chunk)
+    })
+    req.on('end', () => {
+        const rawBody = Buffer.concat(body)
+        req['rawBody'] = rawBody
+        next()
+    })
+    req.on('error', () => {
+        res.sendStatus(400)
+    })
+}
+
+export default RawBodyMiddleware

src/middlewares/ScanAuth.ts

@@ -0,0 +1,68 @@
+import * as argon2 from "argon2";
+import { Request, Response } from 'express';
+import { getConnectionManager } from 'typeorm';
+import { ScanStation } from '../models/entities/ScanStation';
+import authchecker from './authchecker';
+
+/**
+ * This middleware handels the authentification of scan station api tokens.
+ * The tokens have to be provided via Bearer auth header.
+ * @param req Express request object.
+ * @param res Express response object.
+ * @param next Next function to call on success.
+ */
+const ScanAuth = async (req: Request, res: Response, next: () => void) => {
+    let provided_token: string = req.headers["authorization"];
+    if (provided_token == "" || provided_token === undefined || provided_token === null) {
+        res.status(401).send("No api token provided.");
+        return;
+    }
+
+    try {
+        provided_token = provided_token.replace("Bearer ", "");
+    } catch (error) {
+        res.status(401).send("No valid jwt or api token provided.");
+        return;
+    }
+
+    let prefix = "";
+    try {
+        prefix = provided_token.split(".")[0];
+    }
+    finally {
+        if (prefix == "" || prefix == undefined || prefix == null) {
+            res.status(401).send("Api token non-existant or invalid syntax.");
+            return;
+        }
+    }
+
+    const station = await getConnectionManager().get().getRepository(ScanStation).findOne({ prefix: prefix });
+    if (!station) {
+        let user_authorized = false;
+        try {
+            let action = { request: req, response: res, context: null, next: next }
+            user_authorized = await authchecker(action, ["SCAN:CREATE"]);
+        }
+        finally {
+            if (user_authorized == false) {
+                res.status(401).send("Api token non-existant or invalid syntax.");
+                return;
+            }
+            else {
+                next();
+            }
+        }
+    }
+    else {
+        if (station.enabled == false) {
+            res.status(401).send("Station disabled.");
+        }
+        if (!(await argon2.verify(station.key, provided_token))) {
+            res.status(401).send("Api token invalid.");
+            return;
+        }
+
+        next();
+    }
+}
+export default ScanAuth;

src/middlewares/StatsAuth.ts

@@ -0,0 +1,65 @@
+import * as argon2 from "argon2";
+import { Request, Response } from 'express';
+import { getConnectionManager } from 'typeorm';
+import { StatsClient } from '../models/entities/StatsClient';
+import authchecker from './authchecker';
+
+/**
+ * This middleware handels the authentification of stats client api tokens.
+ * The tokens have to be provided via Bearer auth header.
+ * @param req Express request object.
+ * @param res Express response object.
+ * @param next Next function to call on success.
+ */
+const StatsAuth = async (req: Request, res: Response, next: () => void) => {
+    let provided_token: string = req.headers["authorization"];
+    if (provided_token == "" || provided_token === undefined || provided_token === null) {
+        res.status(401).send("No api token provided.");
+        return;
+    }
+
+    try {
+        provided_token = provided_token.replace("Bearer ", "");
+    } catch (error) {
+        res.status(401).send("No valid jwt or api token provided.");
+        return;
+    }
+
+    let prefix = "";
+    try {
+        prefix = provided_token.split(".")[0];
+    }
+    finally {
+        if (prefix == "" || prefix == undefined || prefix == null) {
+            res.status(401).send("Api token non-existant or invalid syntax.");
+            return;
+        }
+    }
+
+    const client = await getConnectionManager().get().getRepository(StatsClient).findOne({ prefix: prefix });
+    if (!client) {
+        let user_authorized = false;
+        try {
+            let action = { request: req, response: res, context: null, next: next }
+            user_authorized = await authchecker(action, ["RUNNER:GET", "TEAM:GET", "ORGANISATION:GET"]);
+        }
+        finally {
+            if (user_authorized == false) {
+                res.status(401).send("Api token non-existant or invalid syntax.");
+                return;
+            }
+            else {
+                next();
+            }
+        }
+    }
+    else {
+        if (!(await argon2.verify(client.key, provided_token))) {
+            res.status(401).send("Api token invalid.");
+            return;
+        }
+
+        next();
+    }
+}
+export default StatsAuth;

src/middlewares/authchecker.ts

@@ -0,0 +1,74 @@
+import cookie from "cookie";
+import * as jwt from "jsonwebtoken";
+import { Action } from "routing-controllers";
+import { getConnectionManager } from 'typeorm';
+import { config } from '../config';
+import { IllegalJWTError, NoPermissionError, UserDisabledError, UserNonexistantOrRefreshtokenInvalidError } from '../errors/AuthError';
+import { JwtCreator, JwtUser } from '../jwtcreator';
+import { User } from '../models/entities/User';
+
+/**
+ * Handels authorisation verification via jwt's for all api endpoints using the @Authorized decorator.
+ * @param action Routing-Controllers action object that provides request and response objects among other stuff.
+ * @param permissions The permissions that the endpoint using @Authorized requires.
+ */
+const authchecker = async (action: Action, permissions: string[] | string) => {
+    let required_permissions = undefined;
+    if (typeof permissions === "string") {
+        required_permissions = [permissions]
+    } else {
+        required_permissions = permissions
+    }
+
+    let jwtPayload = undefined
+    try {
+        let provided_token = "" + action.request.headers["authorization"].replace("Bearer ", "");
+        jwtPayload = <any>jwt.verify(provided_token, config.jwt_secret);
+        jwtPayload = jwtPayload["userdetails"];
+    } catch (error) {
+        jwtPayload = await refresh(action);
+    }
+
+    const user = await getConnectionManager().get().getRepository(User).findOne({ id: jwtPayload["id"], refreshTokenCount: jwtPayload["refreshTokenCount"] }, { relations: ['permissions'] })
+    if (!user) { throw new UserNonexistantOrRefreshtokenInvalidError() }
+    if (user.enabled == false) { throw new UserDisabledError(); }
+    if (!jwtPayload["permissions"]) { throw new NoPermissionError(); }
+
+    action.response.local = {}
+    action.response.local.jwtPayload = jwtPayload;
+    for (let required_permission of required_permissions) {
+        if (!(jwtPayload["permissions"].includes(required_permission))) { return false; }
+    }
+    return true;
+}
+
+/**
+ * Handels soft-refreshing of access-tokens.
+ * @param action Routing-Controllers action object that provides request and response objects among other stuff.
+ */
+const refresh = async (action: Action) => {
+    let refresh_token = undefined;
+    try {
+        refresh_token = cookie.parse(action.request.headers["cookie"])["lfk_backend__refresh_token"];
+    }
+    catch {
+        throw new IllegalJWTError();
+    }
+
+    let jwtPayload = undefined;
+    try {
+        jwtPayload = <any>jwt.verify(refresh_token, config.jwt_secret);
+    } catch (error) {
+        throw new IllegalJWTError();
+    }
+
+    const user = await getConnectionManager().get().getRepository(User).findOne({ id: jwtPayload["id"], refreshTokenCount: jwtPayload["refreshTokenCount"] }, { relations: ['permissions', 'groups', 'groups.permissions'] })
+    if (!user) { throw new UserNonexistantOrRefreshtokenInvalidError() }
+    if (user.enabled == false) { throw new UserDisabledError(); }
+
+    let newAccess = JwtCreator.createAccess(user);
+    action.response.header("authorization", "Bearer " + newAccess);
+
+    return await new JwtUser(user);
+}
+export default authchecker

src/models/actions/CreateAddress.ts

@@ -1,16 +1,20 @@
 import { IsNotEmpty, IsOptional, IsPostalCode, IsString } from 'class-validator';
+import { config } from '../../config';
 import { Address } from '../entities/Address';
 
+/**
+ * This classed is used to create a new Address entity from a json body (post request).
+ */
 export class CreateAddress {
     /**
-   * The address's description.
-   */
+     * The newaddress's description.
+     */
     @IsString()
     @IsOptional()
     description?: string;
 
     /**
-     * The address's first line.
+     * The new address's first line.
      * Containing the street and house number.
      */
     @IsString()
@@ -18,7 +22,7 @@ export class CreateAddress {
     address1: string;
 
     /**
-     * The address's second line.
+     * The new address's second line.
      * Containing optional information.
      */
     @IsString()
@@ -26,29 +30,31 @@ export class CreateAddress {
     address2?: string;
 
     /**
-     * The address's postal code.
+     * The new address's postal code.
+     * This will get checked against the postal code syntax for the configured country.
+     * TODO: Implement the config option. 
      */
     @IsString()
     @IsNotEmpty()
-    @IsPostalCode("DE")
+    @IsPostalCode(config.postalcode_validation_countrycode)
     postalcode: string;
 
     /**
-     * The address's city.
+     * The new address's city.
      */
     @IsString()
     @IsNotEmpty()
     city: string;
 
     /**
-     * The address's country.
+     * The new address's country.
      */
     @IsString()
     @IsNotEmpty()
     country: string;
 
     /**
-     * Creates a Address object based on this.
+     * Creates a new Address entity from this.
      */
     public toAddress(): Address {
         let newAddress: Address = new Address();

src/models/actions/CreateAuth.ts

@@ -1,24 +1,47 @@
 import * as argon2 from "argon2";
-import { IsEmail, IsOptional, IsString } from 'class-validator';
-import * as jsonwebtoken from 'jsonwebtoken';
+import { IsEmail, IsNotEmpty, IsOptional, IsString } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
-import { config } from '../../config';
-import { InvalidCredentialsError, PasswordNeededError, UserNotFoundError } from '../../errors/AuthError';
+import { InvalidCredentialsError, PasswordNeededError, UserDisabledError, UserNotFoundError } from '../../errors/AuthError';
 import { UsernameOrEmailNeededError } from '../../errors/UserErrors';
+import { JwtCreator } from '../../jwtcreator';
 import { User } from '../entities/User';
 import { Auth } from '../responses/ResponseAuth';
 
+/**
+ * This class is used to create auth credentials based on user credentials provided in a json body (post request).
+ * To be a little bit more exact: Is takes in a username/email + password and creates a new access and refresh token for the user.
+ * It of course checks for user existance, password validity and so on.
+ */
 export class CreateAuth {
+    /**
+     * The username of the user that want's to login.
+     * Either username or email have to be provided.
+     */
     @IsOptional()
     @IsString()
     username?: string;
-    @IsString()
-    password: string;
+
+    /**
+     * The email address of the user that want's to login.
+     * Either username or email have to be provided.
+     */
     @IsOptional()
     @IsEmail()
     @IsString()
     email?: string;
 
+    /**
+     * The user's password.
+     * Will be checked against an argon2 hash.
+     */
+    @IsNotEmpty()
+    @IsString()
+    password: string;
+
+
+    /**
+     * Creates a new auth object based on this.
+     */
     public async toAuth(): Promise<Auth> {
         let newAuth: Auth = new Auth();
 
@@ -26,34 +49,25 @@ export class CreateAuth {
             throw new UsernameOrEmailNeededError();
         }
         if (!this.password) {
-            throw new PasswordNeededError()
+            throw new PasswordNeededError();
         }
-        const found_users = await getConnectionManager().get().getRepository(User).find({ relations: ['groups', 'permissions'], where: [{ username: this.username }, { email: this.email }] });
-        if (found_users.length === 0) {
-            throw new UserNotFoundError()
-        } else {
-            const found_user = found_users[0]
-            if (await argon2.verify(found_user.password, this.password + found_user.uuid)) {
-                const timestamp_accesstoken_expiry = Math.floor(Date.now() / 1000) + 5 * 60
-                found_user.permissions = found_user.permissions || []
-                delete found_user.password;
-                newAuth.access_token = jsonwebtoken.sign({
-                    userdetails: found_user,
-                    exp: timestamp_accesstoken_expiry
-                }, config.jwt_secret)
-                newAuth.access_token_expires_at = timestamp_accesstoken_expiry
-                // 
-                const timestamp_refresh_expiry = Math.floor(Date.now() / 1000) + 10 * 36000
-                newAuth.refresh_token = jsonwebtoken.sign({
-                    refreshtokencount: found_user.refreshTokenCount,
-                    userid: found_user.id,
-                    exp: timestamp_refresh_expiry
-                }, config.jwt_secret)
-                newAuth.refresh_token_expires_at = timestamp_refresh_expiry
-            } else {
-                throw new InvalidCredentialsError()
-            }
+        const found_user = await getConnectionManager().get().getRepository(User).findOne({ relations: ['groups', 'permissions', 'groups.permissions'], where: [{ username: this.username }, { email: this.email }] });
+        if (!found_user) {
+            throw new UserNotFoundError();
         }
+        if (found_user.enabled == false) { throw new UserDisabledError(); }
+        if (!(await argon2.verify(found_user.password, this.password + found_user.uuid))) {
+            throw new InvalidCredentialsError();
+        }
+
+        //Create the access token
+        const timestamp_accesstoken_expiry = Math.floor(Date.now() / 1000) + 5 * 60
+        newAuth.access_token = JwtCreator.createAccess(found_user, timestamp_accesstoken_expiry);
+        newAuth.access_token_expires_at = timestamp_accesstoken_expiry
+        //Create the refresh token
+        const timestamp_refresh_expiry = Math.floor(Date.now() / 1000) + 10 * 36000
+        newAuth.refresh_token = JwtCreator.createRefresh(found_user, timestamp_refresh_expiry);
+        newAuth.refresh_token_expires_at = timestamp_refresh_expiry
         return newAuth;
     }
 }

src/models/actions/CreateDonor.ts

@@ -0,0 +1,38 @@
+import { IsBoolean, IsOptional } from 'class-validator';
+import { DonorReceiptAddressNeededError } from '../../errors/DonorErrors';
+import { Donor } from '../entities/Donor';
+import { CreateParticipant } from './CreateParticipant';
+
+/**
+ * This classed is used to create a new Donor entity from a json body (post request).
+ */
+export class CreateDonor extends CreateParticipant {
+
+    /**
+     * Does this donor need a receipt?
+     */
+    @IsBoolean()
+    @IsOptional()
+    receiptNeeded?: boolean = false;
+
+    /**
+     * Creates a new Donor entity from this.
+     */
+    public async toDonor(): Promise<Donor> {
+        let newDonor: Donor = new Donor();
+
+        newDonor.firstname = this.firstname;
+        newDonor.middlename = this.middlename;
+        newDonor.lastname = this.lastname;
+        newDonor.phone = this.phone;
+        newDonor.email = this.email;
+        newDonor.address = await this.getAddress();
+        newDonor.receiptNeeded = this.receiptNeeded;
+
+        if (this.receiptNeeded == true && this.address == null) {
+            throw new DonorReceiptAddressNeededError()
+        }
+
+        return newDonor;
+    }
+}

src/models/actions/CreateGroupContact.ts

@@ -5,32 +5,34 @@ import { AddressNotFoundError, AddressWrongTypeError } from '../../errors/Addres
 import { Address } from '../entities/Address';
 import { GroupContact } from '../entities/GroupContact';
 
+/**
+ * This classed is used to create a new Group entity from a json body (post request).
+ */
 export class CreateGroupContact {
     /**
-       * The contact's first name.
-       */
+     * The new contact's first name.
+     */
     @IsNotEmpty()
     @IsString()
     firstname: string;
 
     /**
-     * The contact's middle name.
-     * Optional
+     * The new contact's middle name.
      */
     @IsOptional()
     @IsString()
     middlename?: string;
 
     /**
-     * The contact's last name.
+     * The new contact's last name.
      */
     @IsNotEmpty()
     @IsString()
     lastname: string;
 
     /**
-     * The contact's address.
-     * Optional
+     * The new contact's address.
+     * Must be the address's id.
      */
     @IsInt()
     @IsOptional()
@@ -38,7 +40,7 @@ export class CreateGroupContact {
 
     /**
      * The contact's phone number.
-     * Optional
+     * This will be validated against the configured country phone numer syntax (default: international).
      */
     @IsOptional()
     @IsPhoneNumber(config.phone_validation_countrycode)
@@ -46,17 +48,16 @@ export class CreateGroupContact {
 
     /**
      * The contact's email address.
-     * Optional
      */
     @IsOptional()
     @IsEmail()
     email?: string;
 
     /**
-     * Get's this participant's address from this.address.
+     * Gets the new contact's address by it's id.
      */
     public async getAddress(): Promise<Address> {
-        if (this.address === undefined) {
+        if (this.address === undefined || this.address === null) {
             return null;
         }
         if (!isNaN(this.address)) {
@@ -69,7 +70,7 @@ export class CreateGroupContact {
     }
 
     /**
-     * Creates a Address object based on this.
+     * Creates a new Address entity from this.
      */
     public async toGroupContact(): Promise<GroupContact> {
         let contact: GroupContact = new GroupContact();

src/models/actions/CreateParticipant.ts

@@ -4,6 +4,9 @@ import { config } from '../../config';
 import { AddressNotFoundError, AddressWrongTypeError } from '../../errors/AddressErrors';
 import { Address } from '../entities/Address';
 
+/**
+ * This classed is used to create a new Participant entity from a json body (post request).
+ */
 export abstract class CreateParticipant {
     /**
      * The new participant's first name.
@@ -14,7 +17,6 @@ export abstract class CreateParticipant {
 
     /**
      * The new participant's middle name.
-     * Optional.
      */
     @IsString()
     @IsOptional()
@@ -29,7 +31,7 @@ export abstract class CreateParticipant {
 
     /**
      * The new participant's phone number.
-     * Optional.
+     * This will be validated against the configured country phone numer syntax (default: international).
      */
     @IsString()
     @IsOptional()
@@ -38,7 +40,6 @@ export abstract class CreateParticipant {
 
     /**
      * The new participant's e-mail address.
-     * Optional.
      */
     @IsString()
     @IsOptional()
@@ -48,17 +49,16 @@ export abstract class CreateParticipant {
     /**
      * The new participant's address.
      * Must be of type number (address id).
-     * Optional.
      */
     @IsInt()
     @IsOptional()
     address?: number;
 
     /**
-     * Get's this participant's address from this.address.
+     * Gets the new participant's address by it's address.
      */
     public async getAddress(): Promise<Address> {
-        if (this.address === undefined) {
+        if (this.address === undefined || this.address === null) {
             return null;
         }
         if (!isNaN(this.address)) {

src/models/actions/CreatePermission.ts

@@ -0,0 +1,60 @@
+import {
+    IsEnum,
+    IsInt,
+    IsNotEmpty
+} from "class-validator";
+import { getConnectionManager } from 'typeorm';
+import { PrincipalNotFoundError } from '../../errors/PrincipalErrors';
+import { Permission } from '../entities/Permission';
+import { Principal } from '../entities/Principal';
+import { PermissionAction } from '../enums/PermissionAction';
+import { PermissionTarget } from '../enums/PermissionTargets';
+
+/**
+ * This classed is used to create a new Permission entity from a json body (post request).
+ */
+export class CreatePermission {
+
+    /**
+     * The new permissions's principal's id.
+     */
+    @IsInt()
+    @IsNotEmpty()
+    principal: number;
+
+    /**
+     * The new permissions's target.
+     */
+    @IsNotEmpty()
+    @IsEnum(PermissionTarget)
+    target: PermissionTarget;
+
+    /**
+     * The new permissions's action.
+     */
+    @IsNotEmpty()
+    @IsEnum(PermissionAction)
+    action: PermissionAction;
+
+    /**
+     * Creates a new Permission entity from this.
+     */
+    public async toPermission(): Promise<Permission> {
+        let newPermission: Permission = new Permission();
+
+        newPermission.principal = await this.getPrincipal();
+        newPermission.target = this.target;
+        newPermission.action = this.action;
+
+        return newPermission;
+    }
+
+    /**
+     * Gets the new permission's principal by it's id.
+     */
+    public async getPrincipal(): Promise<Principal> {
+        let principal = await getConnectionManager().get().getRepository(Principal).findOne({ id: this.principal })
+        if (!principal) { throw new PrincipalNotFoundError(); }
+        return principal;
+    }
+}

src/models/actions/CreateResetToken.ts

@@ -0,0 +1,50 @@
+import { IsEmail, IsOptional, IsString } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import { ResetAlreadyRequestedError, UserDisabledError, UserNotFoundError } from '../../errors/AuthError';
+import { UsernameOrEmailNeededError } from '../../errors/UserErrors';
+import { JwtCreator } from '../../jwtcreator';
+import { User } from '../entities/User';
+
+/**
+ * This calss is used to create password reset tokens for users.
+ * These password reset token can be used to set a new password for the user for the next 15mins.
+ */
+export class CreateResetToken {
+    /**
+     * The username of the user that wants to reset their password.
+     */
+    @IsOptional()
+    @IsString()
+    username?: string;
+
+    /**
+     * The email address of the user that wants to reset their password.
+     */
+    @IsOptional()
+    @IsEmail()
+    @IsString()
+    email?: string;
+
+
+    /**
+     * Create a password reset token based on this.
+     */
+    public async toResetToken(): Promise<any> {
+        if (this.email === undefined && this.username === undefined) {
+            throw new UsernameOrEmailNeededError();
+        }
+        let found_user = await getConnectionManager().get().getRepository(User).findOne({ where: [{ username: this.username }, { email: this.email }] });
+        if (!found_user) { throw new UserNotFoundError(); }
+        if (found_user.enabled == false) { throw new UserDisabledError(); }
+        if (found_user.resetRequestedTimestamp > (Math.floor(Date.now() / 1000) - 15 * 60)) { throw new ResetAlreadyRequestedError(); }
+
+        found_user.refreshTokenCount = found_user.refreshTokenCount + 1;
+        found_user.resetRequestedTimestamp = Math.floor(Date.now() / 1000);
+        await getConnectionManager().get().getRepository(User).save(found_user);
+
+        //Create the reset token
+        let reset_token = JwtCreator.createReset(found_user);
+
+        return reset_token;
+    }
+}

src/models/actions/CreateRunner.ts

@@ -7,6 +7,9 @@ import { Runner } from '../entities/Runner';
 import { RunnerGroup } from '../entities/RunnerGroup';
 import { CreateParticipant } from './CreateParticipant';
 
+/**
+ * This classed is used to create a new Runner entity from a json body (post request).
+ */
 export class CreateRunner extends CreateParticipant {
 
     /**
@@ -16,7 +19,7 @@ export class CreateRunner extends CreateParticipant {
     group: number;
 
     /**
-     * Creates a Runner entity from this.
+     * Creates a new Runner entity from this.
      */
     public async toRunner(): Promise<Runner> {
         let newRunner: Runner = new Runner();
@@ -33,10 +36,10 @@ export class CreateRunner extends CreateParticipant {
     }
 
     /**
-     * Manages all the different ways a group can be provided.
+     * Gets the new runner's group by it's id.
      */
     public async getGroup(): Promise<RunnerGroup> {
-        if (this.group === undefined) {
+        if (this.group === undefined || this.group === null) {
             throw new RunnerTeamNeedsParentError();
         }
         if (!isNaN(this.group)) {

src/models/actions/CreateRunnerGroup.ts

@@ -3,16 +3,19 @@ import { getConnectionManager } from 'typeorm';
 import { GroupContactNotFoundError, GroupContactWrongTypeError } from '../../errors/GroupContactErrors';
 import { GroupContact } from '../entities/GroupContact';
 
+/**
+ * This classed is used to create a new RunnerGroup entity from a json body (post request).
+ */
 export abstract class CreateRunnerGroup {
     /**
-     * The group's name.
+     * The new group's name.
      */
     @IsNotEmpty()
     @IsString()
     name: string;
 
     /**
-     * The group's contact.
+     * The new group's contact.
      * Optional
      */
     @IsInt()
@@ -20,7 +23,7 @@ export abstract class CreateRunnerGroup {
     contact?: number;
 
     /**
-     * Get's this group's contact from this.address.
+     * Gets the new group's contact by it's id.
      */
     public async getContact(): Promise<GroupContact> {
         if (this.contact === undefined || this.contact === null) {

src/models/actions/CreateRunnerOrganisation.ts

@@ -5,21 +5,23 @@ import { Address } from '../entities/Address';
 import { RunnerOrganisation } from '../entities/RunnerOrganisation';
 import { CreateRunnerGroup } from './CreateRunnerGroup';
 
+/**
+ * This classed is used to create a new RunnerOrganisation entity from a json body (post request).
+ */
 export class CreateRunnerOrganisation extends CreateRunnerGroup {
     /**
      * The new organisation's address.
      * Must be of type number (address id).
-     * Optional.
      */
     @IsInt()
     @IsOptional()
     address?: number;
 
     /**
-     * Get's this org's address from this.address.
+     * Gets the org's address by it's id.
      */
     public async getAddress(): Promise<Address> {
-        if (this.address === undefined) {
+        if (this.address === undefined || this.address === null) {
             return null;
         }
         if (!isNaN(this.address)) {
@@ -32,14 +34,14 @@ export class CreateRunnerOrganisation extends CreateRunnerGroup {
     }
 
     /**
-     * Creates a RunnerOrganisation entity from this.
+     * Creates a new RunnerOrganisation entity from this.
      */
     public async toRunnerOrganisation(): Promise<RunnerOrganisation> {
         let newRunnerOrganisation: RunnerOrganisation = new RunnerOrganisation();
 
         newRunnerOrganisation.name = this.name;
         newRunnerOrganisation.contact = await this.getContact();
-        newRunnerOrganisation.address = await this.getAddress();
+        // newRunnerOrganisation.address = await this.getAddress();
 
         return newRunnerOrganisation;
     }

src/models/actions/CreateRunnerTeam.ts

@@ -6,17 +6,23 @@ import { RunnerOrganisation } from '../entities/RunnerOrganisation';
 import { RunnerTeam } from '../entities/RunnerTeam';
 import { CreateRunnerGroup } from './CreateRunnerGroup';
 
+/**
+ * This classed is used to create a new RunnerTeam entity from a json body (post request).
+ */
 export class CreateRunnerTeam extends CreateRunnerGroup {
 
     /**
-     * The team's parent group (organisation).
+     * The new team's parent group (organisation).
      */
     @IsInt()
     @IsNotEmpty()
     parentGroup: number;
 
+    /**
+     * Gets the new team's parent org based on it's id.
+     */
     public async getParent(): Promise<RunnerOrganisation> {
-        if (this.parentGroup === undefined) {
+        if (this.parentGroup === undefined || this.parentGroup === null) {
             throw new RunnerTeamNeedsParentError();
         }
         if (!isNaN(this.parentGroup)) {
@@ -29,7 +35,7 @@ export class CreateRunnerTeam extends CreateRunnerGroup {
     }
 
     /**
-     * Creates a RunnerTeam entity from this.
+     * Creates a new RunnerTeam entity from this.
      */
     public async toRunnerTeam(): Promise<RunnerTeam> {
         let newRunnerTeam: RunnerTeam = new RunnerTeam();

src/models/actions/CreateScan.ts

@@ -0,0 +1,59 @@
+import { IsBoolean, IsInt, IsOptional, IsPositive } from 'class-validator';
+import { getConnection } from 'typeorm';
+import { RunnerNotFoundError } from '../../errors/RunnerErrors';
+import { Runner } from '../entities/Runner';
+import { Scan } from '../entities/Scan';
+
+/**
+ * This class is used to create a new Scan entity from a json body (post request).
+ */
+export abstract class CreateScan {
+    /**
+     * The scan's associated runner.
+     * This is important to link ran distances to runners.
+     */
+    @IsInt()
+    @IsPositive()
+    runner: number;
+
+    /**
+     * Is the scan valid (for fraud reasons).
+     * The determination of validity will work differently for every child class.
+     * Default: true
+     */
+    @IsBoolean()
+    @IsOptional()
+    valid?: boolean = true;
+
+    /**
+     * The scan's distance in meters.
+     * Can be set manually or derived from another object.
+     */
+    @IsInt()
+    @IsPositive()
+    public distance: number;
+
+    /**
+     * Creates a new Scan entity from this.
+     */
+    public async toScan(): Promise<Scan> {
+        let newScan = new Scan();
+
+        newScan.distance = this.distance;
+        newScan.valid = this.valid;
+        newScan.runner = await this.getRunner();
+
+        return newScan;
+    }
+
+    /**
+     * Gets a runner based on the runner id provided via this.runner.
+     */
+    public async getRunner(): Promise<Runner> {
+        const runner = await getConnection().getRepository(Runner).findOne({ id: this.runner });
+        if (!runner) {
+            throw new RunnerNotFoundError();
+        }
+        return runner;
+    }
+}

src/models/actions/CreateScanStation.ts

@@ -0,0 +1,64 @@
+import * as argon2 from "argon2";
+import { IsBoolean, IsInt, IsOptional, IsPositive, IsString } from 'class-validator';
+import crypto from 'crypto';
+import { getConnection } from 'typeorm';
+import * as uuid from 'uuid';
+import { TrackNotFoundError } from '../../errors/TrackErrors';
+import { ScanStation } from '../entities/ScanStation';
+import { Track } from '../entities/Track';
+
+/**
+ * This class is used to create a new StatsClient entity from a json body (post request).
+ */
+export class CreateScanStation {
+    /**
+     * The new station's description.
+     */
+    @IsString()
+    @IsOptional()
+    description?: string;
+
+    /**
+     * The station's associated track.
+     */
+    @IsInt()
+    @IsPositive()
+    track: number;
+
+    /**
+     * Is this station enabled?
+     */
+    @IsBoolean()
+    @IsOptional()
+    enabled?: boolean = true;
+
+    /**
+     * Converts this to a ScanStation entity.
+     */
+    public async toEntity(): Promise<ScanStation> {
+        let newStation: ScanStation = new ScanStation();
+
+        newStation.description = this.description;
+        newStation.enabled = this.enabled;
+        newStation.track = await this.getTrack();
+
+        let newUUID = uuid.v4().toUpperCase();
+        newStation.prefix = crypto.createHash("sha3-512").update(newUUID).digest('hex').substring(0, 7).toUpperCase();
+        newStation.key = await argon2.hash(newStation.prefix + "." + newUUID);
+        newStation.cleartextkey = newStation.prefix + "." + newUUID;
+
+        return newStation;
+    }
+
+    /**
+     * Get's a track by it's id provided via this.track.
+     * Used to link the new station to a track.
+     */
+    public async getTrack(): Promise<Track> {
+        const track = await getConnection().getRepository(Track).findOne({ id: this.track });
+        if (!track) {
+            throw new TrackNotFoundError();
+        }
+        return track;
+    }
+}

src/models/actions/CreateStatsClient.ts

@@ -0,0 +1,33 @@
+import * as argon2 from "argon2";
+import { IsOptional, IsString } from 'class-validator';
+import crypto from 'crypto';
+import * as uuid from 'uuid';
+import { StatsClient } from '../entities/StatsClient';
+
+/**
+ * This classed is used to create a new StatsClient entity from a json body (post request).
+ */
+export class CreateStatsClient {
+    /**
+     * The new client's description.
+     */
+    @IsString()
+    @IsOptional()
+    description?: string;
+
+    /**
+     * Converts this to a StatsClient entity.
+     */
+    public async toStatsClient(): Promise<StatsClient> {
+        let newClient: StatsClient = new StatsClient();
+
+        newClient.description = this.description;
+
+        let newUUID = uuid.v4().toUpperCase();
+        newClient.prefix = crypto.createHash("sha3-512").update(newUUID).digest('hex').substring(0, 7).toUpperCase();
+        newClient.key = await argon2.hash(newClient.prefix + "." + newUUID);
+        newClient.cleartextkey = newClient.prefix + "." + newUUID;
+
+        return newClient;
+    }
+}

src/models/actions/CreateTrack.ts

@@ -1,29 +1,45 @@
-import { IsInt, IsNotEmpty, IsPositive, IsString } from 'class-validator';
+import { IsInt, IsNotEmpty, IsOptional, IsPositive, IsString } from 'class-validator';
+import { TrackLapTimeCantBeNegativeError } from '../../errors/TrackErrors';
 import { Track } from '../entities/Track';
 
+/**
+ * This classed is used to create a new Track entity from a json body (post request).
+ */
 export class CreateTrack {
     /**
-     * The track's name.
+     * The new track's name.
      */
     @IsString()
     @IsNotEmpty()
     name: string;
 
     /**
-     * The track's distance in meters (must be greater than 0).
+     * The new track's distance in meters (must be greater than 0).
      */
     @IsInt()
     @IsPositive()
     distance: number;
 
     /**
-     * Converts a Track object based on this.
+     * The minimum time a runner should take to run a lap on this track (in seconds).
+     * Will be used for fraud detection.
+     */
+    @IsInt()
+    @IsOptional()
+    minimumLapTime: number;
+
+    /**
+     * Creates a new Track entity from this.
      */
     public toTrack(): Track {
         let newTrack: Track = new Track();
 
         newTrack.name = this.name;
         newTrack.distance = this.distance;
+        newTrack.minimumLapTime = this.minimumLapTime;
+        if (this.minimumLapTime < 0) {
+            throw new TrackLapTimeCantBeNegativeError();
+        }
 
         return newTrack;
     }

src/models/actions/CreateTrackScan.ts

@@ -0,0 +1,84 @@
+import { IsNotEmpty } from 'class-validator';
+import { getConnection } from 'typeorm';
+import { RunnerNotFoundError } from '../../errors/RunnerErrors';
+import { RunnerCard } from '../entities/RunnerCard';
+import { ScanStation } from '../entities/ScanStation';
+import { TrackScan } from '../entities/TrackScan';
+import { CreateScan } from './CreateScan';
+
+/**
+ * This classed is used to create a new Scan entity from a json body (post request).
+ */
+export class CreateTrackScan extends CreateScan {
+
+    /**
+     * The scan's associated track.
+     * This is used to determine the scan's distance.
+     */
+    @IsNotEmpty()
+    track: number;
+
+    /**
+     * The runnerCard associated with the scan.
+     * This get's saved for documentation and management purposes.
+     */
+    @IsNotEmpty()
+    card: number;
+
+    /**
+     * The scanning station that created the scan.
+     * Mainly used for logging and traceing back scans (or errors)
+     */
+    @IsNotEmpty()
+    station: number;
+
+    /**
+     * Creates a new Track entity from this.
+     */
+    public async toScan(): Promise<TrackScan> {
+        let newScan: TrackScan = new TrackScan();
+
+        newScan.station = await this.getStation();
+        newScan.card = await this.getCard();
+
+        newScan.track = newScan.station.track;
+        newScan.runner = newScan.card.runner;
+
+        if (!newScan.runner) {
+            throw new RunnerNotFoundError();
+        }
+
+        newScan.timestamp = new Date(Date.now()).toString();
+        newScan.valid = await this.validateScan(newScan);
+
+        return newScan;
+    }
+
+    public async getCard(): Promise<RunnerCard> {
+        const track = await getConnection().getRepository(RunnerCard).findOne({ id: this.card }, { relations: ["runner"] });
+        if (!track) {
+            throw new Error();
+        }
+        return track;
+    }
+
+    public async getStation(): Promise<ScanStation> {
+        const track = await getConnection().getRepository(ScanStation).findOne({ id: this.card }, { relations: ["track"] });
+        if (!track) {
+            throw new Error();
+        }
+        return track;
+    }
+
+    public async validateScan(scan: TrackScan): Promise<boolean> {
+        const scans = await getConnection().getRepository(TrackScan).find({ where: { runner: scan.runner }, relations: ["track"] });
+        if (scans.length == 0) { return true; }
+
+        const newestScan = scans[0];
+        if ((new Date(scan.timestamp).getTime() - new Date(newestScan.timestamp).getTime()) > scan.track.minimumLapTime) {
+            return true;
+        }
+
+        return false;
+    }
+}

src/models/actions/CreateUser.ts

@@ -1,5 +1,5 @@
 import * as argon2 from "argon2";
-import { IsEmail, IsOptional, IsPhoneNumber, IsString } from 'class-validator';
+import { IsBoolean, IsEmail, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import * as uuid from 'uuid';
 import { config } from '../../config';
@@ -8,6 +8,9 @@ import { UserGroupNotFoundError } from '../../errors/UserGroupErrors';
 import { User } from '../entities/User';
 import { UserGroup } from '../entities/UserGroup';
 
+/**
+ * This classed is used to create a new User entity from a json body (post request).
+ */
 export class CreateUser {
     /**
      * The new user's first name.
@@ -17,7 +20,6 @@ export class CreateUser {
 
     /**
      * The new user's middle name.
-     * Optinal.
      */
     @IsString()
     @IsOptional()
@@ -48,7 +50,7 @@ export class CreateUser {
 
     /**
      * The new user's phone number.
-     * Optional
+     * This will be validated against the configured country phone numer syntax (default: international).
      */
     @IsPhoneNumber(config.phone_validation_countrycode)
     @IsOptional()
@@ -62,17 +64,30 @@ export class CreateUser {
     password: string;
 
     /**
-     * The new user's groups' id(s).
-     * You can provide either one groupId or an array of groupIDs.
-     * Optional.
+     * Will the new user be enabled from the start?
+     * Default: true
      */
+    @IsBoolean()
     @IsOptional()
-    groupId?: number[] | number
-
-    //TODO: ProfilePics
+    enabled?: boolean = true;
 
     /**
-     * Converts this to a User Entity.
+     * The new user's groups' id(s).
+     * You can provide either one groupId or an array of groupIDs.
+     */
+    @IsOptional()
+    groups?: number[] | number
+
+    /**
+    * The user's profile pic (or rather a url pointing to it).
+    */
+    @IsString()
+    @IsUrl()
+    @IsOptional()
+    profilePic?: string;
+
+    /**
+     * Converts this to a User entity.
      */
     public async toUser(): Promise<User> {
         let newUser: User = new User();
@@ -81,30 +96,6 @@ export class CreateUser {
             throw new UsernameOrEmailNeededError();
         }
 
-        if (this.groupId) {
-            if (!Array.isArray(this.groupId)) {
-                this.groupId = [this.groupId]
-            }
-            const groupIDs: number[] = this.groupId
-            let errors = 0
-            const validateusergroups = async () => {
-                let foundgroups = []
-                for (const g of groupIDs) {
-                    const found = await getConnectionManager().get().getRepository(UserGroup).find({ id: g });
-                    if (found.length === 0) {
-                        errors++
-                    } else {
-                        foundgroups.push(found[0])
-                    }
-                }
-                newUser.groups = foundgroups
-            }
-            await validateusergroups()
-            if (errors !== 0) {
-                throw new UserGroupNotFoundError();
-            }
-        }
-
         newUser.email = this.email
         newUser.username = this.username
         newUser.firstname = this.firstname
@@ -113,8 +104,29 @@ export class CreateUser {
         newUser.uuid = uuid.v4()
         newUser.phone = this.phone
         newUser.password = await argon2.hash(this.password + newUser.uuid);
-        //TODO: ProfilePics
+        newUser.groups = await this.getGroups();
+        newUser.enabled = this.enabled;
+
+        if (!this.profilePic) { newUser.profilePic = `https://dev.lauf-fuer-kaya.de/lfk-logo.png`; }
+        else { newUser.profilePic = this.profilePic; }
 
         return newUser;
     }
+
+    /**
+     * Get's all groups for this user by their id's;
+     */
+    public async getGroups() {
+        if (!this.groups) { return null; }
+        let groups = new Array<UserGroup>();
+        if (!Array.isArray(this.groups)) {
+            this.groups = [this.groups]
+        }
+        for (let group of this.groups) {
+            let found = await getConnectionManager().get().getRepository(UserGroup).findOne({ id: group });
+            if (!found) { throw new UserGroupNotFoundError(); }
+            groups.push(found);
+        }
+        return groups;
+    }
 }

src/models/actions/CreateUserGroup.ts

@@ -1,6 +1,9 @@
 import { IsOptional, IsString } from 'class-validator';
 import { UserGroup } from '../entities/UserGroup';
 
+/**
+ * This classed is used to create a new UserGroup entity from a json body (post request).
+ */
 export class CreateUserGroup {
     /**
      * The new group's name.
@@ -17,7 +20,7 @@ export class CreateUserGroup {
     description?: string;
 
     /**
-     * Converts this to a UserGroup entity.
+     * Creates a new UserGroup entity from this.
      */
     public async toUserGroup(): Promise<UserGroup> {
         let newUserGroup: UserGroup = new UserGroup();

src/models/actions/HandleLogout.ts

@@ -6,11 +6,23 @@ import { IllegalJWTError, JwtNotProvidedError, RefreshTokenCountInvalidError, Us
 import { User } from '../entities/User';
 import { Logout } from '../responses/ResponseLogout';
 
+/**
+ * This class handels a user logging out of the system.
+ * Of course it check's the user's provided credential (token) before logging him out.
+ */
 export class HandleLogout {
+    /**
+     * A stringyfied jwt access token.
+     * Will get checked for validity.
+     */
     @IsString()
     @IsOptional()
     token?: string;
 
+    /**
+     * Logs the user out.
+     * This gets achived by increasing the user's refresh token count, thereby invalidateing all currently existing jwts for that user.
+     */
     public async logout(): Promise<Logout> {
         let logout: Logout = new Logout();
         if (!this.token || this.token === undefined) {
@@ -23,11 +35,11 @@ export class HandleLogout {
             throw new IllegalJWTError()
         }
         logout.timestamp = Math.floor(Date.now() / 1000)
-        let found_user: User = await getConnectionManager().get().getRepository(User).findOne({ id: decoded["userid"] });
+        let found_user: User = await getConnectionManager().get().getRepository(User).findOne({ id: decoded["id"] });
         if (!found_user) {
             throw new UserNotFoundError()
         }
-        if (found_user.refreshTokenCount !== decoded["refreshtokencount"]) {
+        if (found_user.refreshTokenCount !== decoded["refreshTokenCount"]) {
             throw new RefreshTokenCountInvalidError()
         }
         found_user.refreshTokenCount++;

src/models/actions/ImportRunner.ts

@@ -0,0 +1,97 @@
+import { IsNotEmpty, IsOptional, IsString } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import { RunnerGroupNeededError } from '../../errors/RunnerErrors';
+import { RunnerOrganisationNotFoundError } from '../../errors/RunnerOrganisationErrors';
+import { RunnerGroup } from '../entities/RunnerGroup';
+import { RunnerOrganisation } from '../entities/RunnerOrganisation';
+import { RunnerTeam } from '../entities/RunnerTeam';
+import { CreateRunner } from './CreateRunner';
+
+/**
+ * Special class used to import runners from csv files - or json arrays created from csv to be exact.
+ * Why you ask? Because the past has shown us that a non excel/csv based workflow is too much for most schools.
+ */
+export class ImportRunner {
+
+    /**
+     * The new runner's first name.
+     */
+    @IsString()
+    @IsNotEmpty()
+    firstname: string;
+
+    /**
+     * The new runner's middle name.
+     */
+    @IsString()
+    @IsOptional()
+    middlename?: string;
+
+    /**
+     * The new runner's last name.
+     */
+    @IsString()
+    @IsNotEmpty()
+    lastname: string;
+
+    /**
+     * The new runner's team's name (if not provided otherwise).
+     * The team will automaticly get generated if it doesn't exist in this org yet.
+     */
+    @IsString()
+    @IsOptional()
+    team?: string;
+
+    /**
+     * Just an alias for team, because this is usually only used for importing data from schools.
+     */
+    @IsOptional()
+    @IsString()
+    public set class(value: string) {
+        this.team = value;
+    }
+
+    /**
+     * Creates a CreateRunner object based on this.
+     * @param groupID Either the id of the new runner's group or the id of the org that the new runner's team is a part of.
+     */
+    public async toCreateRunner(groupID: number): Promise<CreateRunner> {
+        let newRunner: CreateRunner = new CreateRunner();
+
+        newRunner.firstname = this.firstname;
+        newRunner.middlename = this.middlename;
+        newRunner.lastname = this.lastname;
+        newRunner.group = (await this.getGroup(groupID)).id;
+
+        return newRunner;
+    }
+
+    /**
+     * Get's the new runners group.
+     * @param groupID Either the id of the new runner's group or the id of the org that the new runner's team is a part of.
+     */
+    public async getGroup(groupID: number): Promise<RunnerGroup> {
+        if (this.team === undefined && groupID === undefined) {
+            throw new RunnerGroupNeededError();
+        }
+
+        let team = await getConnectionManager().get().getRepository(RunnerTeam).findOne({ id: groupID });
+        if (team) { return team; }
+
+        let org = await getConnectionManager().get().getRepository(RunnerOrganisation).findOne({ id: groupID });
+        if (!org) {
+            throw new RunnerOrganisationNotFoundError();
+        }
+        if (this.team === undefined) { return org; }
+
+        team = await getConnectionManager().get().getRepository(RunnerTeam).findOne({ name: this.team, parentGroup: org });
+        if (!team) {
+            let newRunnerTeam: RunnerTeam = new RunnerTeam();
+            newRunnerTeam.name = this.team;
+            newRunnerTeam.parentGroup = org;
+            team = await getConnectionManager().get().getRepository(RunnerTeam).save(newRunnerTeam);
+        }
+
+        return team;
+    }
+}

src/models/actions/RefreshAuth.ts

@@ -2,15 +2,28 @@ import { IsOptional, IsString } from 'class-validator';
 import * as jsonwebtoken from 'jsonwebtoken';
 import { getConnectionManager } from 'typeorm';
 import { config } from '../../config';
-import { IllegalJWTError, JwtNotProvidedError, RefreshTokenCountInvalidError, UserNotFoundError } from '../../errors/AuthError';
+import { IllegalJWTError, JwtNotProvidedError, RefreshTokenCountInvalidError, UserDisabledError, UserNotFoundError } from '../../errors/AuthError';
+import { JwtCreator } from "../../jwtcreator";
 import { User } from '../entities/User';
 import { Auth } from '../responses/ResponseAuth';
 
+/**
+ * This class is used to create refreshed auth credentials.
+ * To be a little bit more exact: Is takes in a refresh token and creates a new access and refresh token for it's user.
+ * It of course checks for user existance, jwt validity and so on.
+ */
 export class RefreshAuth {
+    /**
+     * A stringyfied jwt refresh token.
+     * Will get checked for validity.
+     */
     @IsString()
     @IsOptional()
     token?: string;
 
+    /**
+     * Creates a new auth object based on this.
+     */
     public async toAuth(): Promise<Auth> {
         let newAuth: Auth = new Auth();
         if (!this.token || this.token === undefined) {
@@ -22,31 +35,22 @@ export class RefreshAuth {
         } catch (error) {
             throw new IllegalJWTError()
         }
-        const found_user = await getConnectionManager().get().getRepository(User).findOne({ id: decoded["userid"] }, { relations: ['groups', 'permissions'] });
+        const found_user = await getConnectionManager().get().getRepository(User).findOne({ id: decoded["id"] }, { relations: ['groups', 'permissions', 'groups.permissions'] });
         if (!found_user) {
             throw new UserNotFoundError()
         }
-        if (found_user.refreshTokenCount !== decoded["refreshtokencount"]) {
+        if (found_user.enabled == false) { throw new UserDisabledError(); }
+        if (found_user.refreshTokenCount !== decoded["refreshTokenCount"]) {
             throw new RefreshTokenCountInvalidError()
         }
-        found_user.permissions = found_user.permissions || []
-        delete found_user.password;
+        //Create the auth token
         const timestamp_accesstoken_expiry = Math.floor(Date.now() / 1000) + 5 * 60
-        delete found_user.password;
-        newAuth.access_token = jsonwebtoken.sign({
-            userdetails: found_user,
-            exp: timestamp_accesstoken_expiry
-        }, config.jwt_secret)
+        newAuth.access_token = JwtCreator.createAccess(found_user, timestamp_accesstoken_expiry);
         newAuth.access_token_expires_at = timestamp_accesstoken_expiry
-        // 
+        //Create the refresh token
         const timestamp_refresh_expiry = Math.floor(Date.now() / 1000) + 10 * 36000
-        newAuth.refresh_token = jsonwebtoken.sign({
-            refreshtokencount: found_user.refreshTokenCount,
-            userid: found_user.id,
-            exp: timestamp_refresh_expiry
-        }, config.jwt_secret)
-        newAuth.refresh_token_expires_at = timestamp_refresh_expiry
-
+        newAuth.refresh_token = JwtCreator.createRefresh(found_user, timestamp_refresh_expiry);
+        newAuth.refresh_token_expires_at = timestamp_refresh_expiry;
         return newAuth;
     }
 }

src/models/actions/ResetPassword.ts

@@ -0,0 +1,57 @@
+import * as argon2 from "argon2";
+import { IsNotEmpty, IsOptional, IsString } from 'class-validator';
+import * as jsonwebtoken from 'jsonwebtoken';
+import { getConnectionManager } from 'typeorm';
+import { config } from '../../config';
+import { IllegalJWTError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UserNotFoundError } from '../../errors/AuthError';
+import { User } from '../entities/User';
+
+/**
+ * This class can be used to reset a user's password.
+ * To set a new password the user needs to provide a valid password reset token.
+ */
+export class ResetPassword {
+    /**
+     * The reset token on which the password reset will be based.
+     */
+    @IsOptional()
+    @IsString()
+    resetToken?: string;
+
+    /**
+     * The user's new password
+     */
+    @IsNotEmpty()
+    @IsString()
+    password: string;
+
+
+    /**
+     * Create a password reset token based on this.
+     */
+    public async resetPassword(): Promise<any> {
+        if (!this.resetToken || this.resetToken === undefined) {
+            throw new JwtNotProvidedError()
+        }
+        if (!this.password || this.password === undefined) {
+            throw new PasswordNeededError()
+        }
+
+        let decoded;
+        try {
+            decoded = jsonwebtoken.verify(this.resetToken, config.jwt_secret)
+        } catch (error) {
+            throw new IllegalJWTError()
+        }
+
+        const found_user = await getConnectionManager().get().getRepository(User).findOne({ id: decoded["id"] });
+        if (!found_user) { throw new UserNotFoundError(); }
+        if (found_user.refreshTokenCount !== decoded["refreshTokenCount"]) { throw new RefreshTokenCountInvalidError(); }
+
+        found_user.refreshTokenCount = found_user.refreshTokenCount + 1;
+        found_user.password = await argon2.hash(this.password + found_user.uuid);
+        await getConnectionManager().get().getRepository(User).save(found_user);
+
+        return "password reset successfull";
+    }
+}

src/models/actions/UpdateDonor.ts

@@ -0,0 +1,44 @@
+import { IsBoolean, IsInt, IsOptional } from 'class-validator';
+import { DonorReceiptAddressNeededError } from '../../errors/DonorErrors';
+import { Donor } from '../entities/Donor';
+import { CreateParticipant } from './CreateParticipant';
+
+/**
+ * This class is used to update a Donor entity (via put request).
+ */
+export class UpdateDonor extends CreateParticipant {
+
+    /**
+     * The updated donor's id.
+     * This shouldn't have changed but it is here in case anyone ever wants to enable id changes (whyever they would want to).
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * Does the updated donor need a receipt?
+     */
+    @IsBoolean()
+    @IsOptional()
+    receiptNeeded?: boolean;
+
+
+    /**
+     * Updates a provided Donor entity based on this.
+     */
+    public async updateDonor(donor: Donor): Promise<Donor> {
+        donor.firstname = this.firstname;
+        donor.middlename = this.middlename;
+        donor.lastname = this.lastname;
+        donor.phone = this.phone;
+        donor.email = this.email;
+        donor.receiptNeeded = this.receiptNeeded;
+        donor.address = await this.getAddress();
+
+        if (this.receiptNeeded == true && this.address == null) {
+            throw new DonorReceiptAddressNeededError()
+        }
+
+        return donor;
+    }
+}

src/models/actions/UpdatePermission.ts

@@ -0,0 +1,68 @@
+import { IsInt, IsNotEmpty, IsObject } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import { PermissionNeedsPrincipalError } from '../../errors/PermissionErrors';
+import { PrincipalNotFoundError, PrincipalWrongTypeError } from '../../errors/PrincipalErrors';
+import { Permission } from '../entities/Permission';
+import { Principal } from '../entities/Principal';
+import { PermissionAction } from '../enums/PermissionAction';
+import { PermissionTarget } from '../enums/PermissionTargets';
+
+/**
+ * This class is used to update a Permission entity (via put request).
+ */
+export class UpdatePermission {
+
+    /**
+     * The updated permission's id.
+     * This shouldn't have changed but it is here in case anyone ever wants to enable id changes (whyever they would want to).
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The updated permissions's principal.
+     * Just has to contain the principal's id -everything else won't be checked or changed.
+     */
+    @IsObject()
+    @IsNotEmpty()
+    principal: Principal;
+
+    /**
+     * The permissions's target.
+     */
+    @IsNotEmpty()
+    target: PermissionTarget;
+
+    /**
+     * The permissions's action.
+     */
+    @IsNotEmpty()
+    action: PermissionAction;
+
+    /**
+     * Updates a provided Permission entity based on this.
+     */
+    public async updatePermission(permission: Permission): Promise<Permission> {
+        permission.principal = await this.getPrincipal();
+        permission.target = this.target;
+        permission.action = this.action;
+
+        return permission;
+    }
+
+    /**
+     * Loads the updated permission's principal based on it's id.
+     */
+    public async getPrincipal(): Promise<Principal> {
+        if (this.principal === undefined || this.principal === null) {
+            throw new PermissionNeedsPrincipalError();
+        }
+        if (!isNaN(this.principal.id)) {
+            let principal = await getConnectionManager().get().getRepository(Principal).findOne({ id: this.principal.id });
+            if (!principal) { throw new PrincipalNotFoundError(); }
+            return principal;
+        }
+
+        throw new PrincipalWrongTypeError();
+    }
+}

src/models/actions/UpdateRunner.ts

@@ -7,43 +7,45 @@ import { Runner } from '../entities/Runner';
 import { RunnerGroup } from '../entities/RunnerGroup';
 import { CreateParticipant } from './CreateParticipant';
 
+/**
+ * This class is used to update a Runner entity (via put request).
+ */
 export class UpdateRunner extends CreateParticipant {
 
     /**
      * The updated runner's id.
+     * This shouldn't have changed but it is here in case anyone ever wants to enable id changes (whyever they would want to).
      */
     @IsInt()
     id: number;
 
     /**
      * The updated runner's new team/org.
+     * Just has to contain the group's id -everything else won't be checked or changed.
      */
     @IsObject()
     group: RunnerGroup;
 
     /**
-     * Creates a Runner entity from this.
+     * Updates a provided Runner entity based on this.
      */
-    public async toRunner(): Promise<Runner> {
-        let newRunner: Runner = new Runner();
+    public async updateRunner(runner: Runner): Promise<Runner> {
+        runner.firstname = this.firstname;
+        runner.middlename = this.middlename;
+        runner.lastname = this.lastname;
+        runner.phone = this.phone;
+        runner.email = this.email;
+        runner.group = await this.getGroup();
+        runner.address = await this.getAddress();
 
-        newRunner.id = this.id;
-        newRunner.firstname = this.firstname;
-        newRunner.middlename = this.middlename;
-        newRunner.lastname = this.lastname;
-        newRunner.phone = this.phone;
-        newRunner.email = this.email;
-        newRunner.group = await this.getGroup();
-        newRunner.address = await this.getAddress();
-
-        return newRunner;
+        return runner;
     }
 
     /**
-     * Manages all the different ways a group can be provided.
+     * Loads the updated runner's group based on it's id.
      */
     public async getGroup(): Promise<RunnerGroup> {
-        if (this.group === undefined) {
+        if (this.group === undefined || this.group === null) {
             throw new RunnerTeamNeedsParentError();
         }
         if (!isNaN(this.group.id)) {

src/models/actions/UpdateRunnerOrganisation.ts

@@ -0,0 +1,52 @@
+import { IsInt, IsOptional } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import { AddressNotFoundError } from '../../errors/AddressErrors';
+import { Address } from '../entities/Address';
+import { RunnerOrganisation } from '../entities/RunnerOrganisation';
+import { CreateRunnerGroup } from './CreateRunnerGroup';
+
+/**
+ * This class is used to update a RunnerOrganisation entity (via put request).
+ */
+export class UpdateRunnerOrganisation extends CreateRunnerGroup {
+
+    /**
+     * The updated orgs's id.
+     * This shouldn't have changed but it is here in case anyone ever wants to enable id changes (whyever they would want to).
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The updated organisation's address.
+     * Just has to contain the address's id - everything else won't be checked or changed.
+     * Optional.
+     */
+    @IsInt()
+    @IsOptional()
+    address?: Address;
+
+    /**
+     * Loads the organisation's address based on it's id.
+     */
+    public async getAddress(): Promise<Address> {
+        if (this.address === undefined || this.address === null) {
+            return null;
+        }
+        let address = await getConnectionManager().get().getRepository(Address).findOne({ id: this.address.id });
+        if (!address) { throw new AddressNotFoundError; }
+        return address;
+    }
+
+    /**
+     * Updates a provided RunnerOrganisation entity based on this.
+     */
+    public async updateRunnerOrganisation(organisation: RunnerOrganisation): Promise<RunnerOrganisation> {
+
+        organisation.name = this.name;
+        organisation.contact = await this.getContact();
+        // organisation.address = await this.getAddress();
+
+        return organisation;
+    }
+}

src/models/actions/UpdateRunnerTeam.ts

@@ -6,23 +6,31 @@ import { RunnerOrganisation } from '../entities/RunnerOrganisation';
 import { RunnerTeam } from '../entities/RunnerTeam';
 import { CreateRunnerGroup } from './CreateRunnerGroup';
 
+/**
+ * This class is used to update a RunnerTeam entity (via put request).
+ */
 export class UpdateRunnerTeam extends CreateRunnerGroup {
 
     /**
      * The updated team's id.
+     * This shouldn't have changed but it is here in case anyone ever wants to enable id changes (whyever they would want to).
      */
     @IsInt()
     id: number;
 
     /**
-     * The team's parent group (organisation).
+     * The updated team's parentGroup.
+     * Just has to contain the organisation's id - everything else won't be checked or changed.
      */
     @IsObject()
     @IsNotEmpty()
     parentGroup: RunnerOrganisation;
 
+    /**
+     * Loads the updated teams's parentGroup based on it's id.
+     */
     public async getParent(): Promise<RunnerOrganisation> {
-        if (this.parentGroup === undefined) {
+        if (this.parentGroup === undefined || this.parentGroup === null) {
             throw new RunnerTeamNeedsParentError();
         }
         if (!isNaN(this.parentGroup.id)) {
@@ -35,16 +43,14 @@ export class UpdateRunnerTeam extends CreateRunnerGroup {
     }
 
     /**
-     * Creates a RunnerTeam entity from this.
+     * Updates a provided RunnerTeam entity based on this.
      */
-    public async toRunnerTeam(): Promise<RunnerTeam> {
-        let newRunnerTeam: RunnerTeam = new RunnerTeam();
+    public async updateRunnerTeam(team: RunnerTeam): Promise<RunnerTeam> {
 
-        newRunnerTeam.id = this.id;
-        newRunnerTeam.name = this.name;
-        newRunnerTeam.parentGroup = await this.getParent();
-        newRunnerTeam.contact = await this.getContact()
+        team.name = this.name;
+        team.parentGroup = await this.getParent();
+        team.contact = await this.getContact()
 
-        return newRunnerTeam;
+        return team;
     }
 }

src/models/actions/UpdateScan.ts

@@ -0,0 +1,62 @@
+import { IsBoolean, IsInt, IsOptional, IsPositive } from 'class-validator';
+import { getConnection } from 'typeorm';
+import { RunnerNotFoundError } from '../../errors/RunnerErrors';
+import { Runner } from '../entities/Runner';
+import { Scan } from '../entities/Scan';
+
+/**
+ * This class is used to update a Scan entity (via put request)
+ */
+export abstract class UpdateScan {
+    /**
+     * The updated scan's id.
+     * This shouldn't have changed but it is here in case anyone ever wants to enable id changes (whyever they would want to).
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The updated scan's associated runner.
+     * This is important to link ran distances to runners.
+     */
+    @IsInt()
+    @IsPositive()
+    runner: number;
+
+    /**
+     * Is the updated scan valid (for fraud reasons).
+     */
+    @IsBoolean()
+    @IsOptional()
+    valid?: boolean = true;
+
+    /**
+     * The updated scan's distance in meters.
+     */
+    @IsInt()
+    @IsPositive()
+    public distance: number;
+
+    /**
+     * Update a Scan entity based on this.
+     * @param scan The scan that shall be updated.
+     */
+    public async updateScan(scan: Scan): Promise<Scan> {
+        scan.distance = this.distance;
+        scan.valid = this.valid;
+        scan.runner = await this.getRunner();
+
+        return scan;
+    }
+
+    /**
+     * Gets a runner based on the runner id provided via this.runner.
+     */
+    public async getRunner(): Promise<Runner> {
+        const runner = await getConnection().getRepository(Runner).findOne({ id: this.runner });
+        if (!runner) {
+            throw new RunnerNotFoundError();
+        }
+        return runner;
+    }
+}

src/models/actions/UpdateScanStation.ts

@@ -0,0 +1,39 @@
+import { IsBoolean, IsInt, IsOptional, IsString } from 'class-validator';
+import { ScanStation } from '../entities/ScanStation';
+
+/**
+ * This class is used to update a ScanStation entity (via put request)
+ */
+export class UpdateScanStation {
+    /**
+     * The updated station's id.
+     * This shouldn't have changed but it is here in case anyone ever wants to enable id changes (whyever they would want to).
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The updated station's description.
+     */
+    @IsString()
+    @IsOptional()
+    description?: string;
+
+    /**
+     * Is this station enabled?
+     */
+    @IsBoolean()
+    @IsOptional()
+    enabled?: boolean = true;
+
+    /**
+     * Update a ScanStation entity based on this.
+     * @param station The station that shall be updated.
+     */
+    public async updateStation(station: ScanStation): Promise<ScanStation> {
+        station.description = this.description;
+        station.enabled = this.enabled;
+
+        return station;
+    }
+}

src/models/actions/UpdateTrack.ts

@@ -0,0 +1,50 @@
+import { IsInt, IsNotEmpty, IsOptional, IsPositive, IsString } from 'class-validator';
+import { TrackLapTimeCantBeNegativeError } from '../../errors/TrackErrors';
+import { Track } from '../entities/Track';
+
+/**
+ * This class is used to update a Track entity (via put request).
+ */
+export class UpdateTrack {
+    /**
+     * The updated track's id.
+     * This shouldn't have changed but it is here in case anyone ever wants to enable id changes (whyever they would want to).
+     */
+    @IsInt()
+    id: number;
+
+    @IsString()
+    @IsNotEmpty()
+    name: string;
+
+    /**
+     * The updated track's distance in meters (must be greater than 0).
+     */
+    @IsInt()
+    @IsPositive()
+    distance: number;
+
+    /**
+     * The minimum time a runner should take to run a lap on this track (in seconds).
+     * Will be used for fraud detection.
+     */
+    @IsInt()
+    @IsOptional()
+    minimumLapTime: number;
+
+
+    /**
+     * Update a Track entity based on this.
+     * @param track The track that shall be updated.
+     */
+    public updateTrack(track: Track): Track {
+        track.name = this.name;
+        track.distance = this.distance;
+        track.minimumLapTime = this.minimumLapTime;
+        if (this.minimumLapTime < 0) {
+            throw new TrackLapTimeCantBeNegativeError();
+        }
+
+        return track;
+    }
+}

src/models/actions/UpdateUser.ts

@@ -0,0 +1,141 @@
+import * as argon2 from "argon2";
+import { IsBoolean, IsEmail, IsInt, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import { config } from '../../config';
+import { UsernameOrEmailNeededError } from '../../errors/AuthError';
+import { UserGroupNotFoundError } from '../../errors/UserGroupErrors';
+import { User } from '../entities/User';
+import { UserGroup } from '../entities/UserGroup';
+
+/**
+ * This class is used to update a User entity (via put request).
+ */
+export class UpdateUser {
+
+    /**
+     * The updated user's id.
+     * This shouldn't have changed but it is here in case anyone ever wants to enable id changes (whyever they would want to).
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The updated user's first name.
+     */
+    @IsString()
+    firstname: string;
+
+    /**
+     * The updated user's middle name.
+     */
+    @IsString()
+    @IsOptional()
+    middlename?: string;
+
+    /**
+     * The updated user's last name.
+     */
+    @IsString()
+    lastname: string;
+
+    /**
+     * The updated user's username.
+     * You have to provide at least one of: {email, username}.
+     */
+    @IsOptional()
+    @IsString()
+    username?: string;
+
+    /**
+     * The updated user's email address.
+     * You have to provide at least one of: {email, username}.
+     */
+    @IsEmail()
+    @IsString()
+    @IsOptional()
+    email?: string;
+
+    /**
+     * The updated user's phone number.
+     * This will be validated against the configured country phone numer syntax (default: international).
+     */
+    @IsPhoneNumber(config.phone_validation_countrycode)
+    @IsOptional()
+    phone?: string;
+
+    /**
+     * The new updated's password. 
+     * Only provide it if you want it updated.
+     * Changeing the password will invalidate all of the user's jwts.
+     * This will of course not be saved in plaintext :)
+     */
+    @IsString()
+    @IsOptional()
+    password?: string;
+
+    /**
+     * Should the user be enabled?
+     */
+    @IsBoolean()
+    enabled: boolean = true;
+
+    /**
+     * The updated user's groups.
+     * This just has to contain the group's id - everything else won't be changed.
+     */
+    @IsOptional()
+    groups?: UserGroup[]
+
+    /**
+    * The user's profile pic (or rather a url pointing to it).
+    */
+    @IsString()
+    @IsUrl()
+    @IsOptional()
+    profilePic?: string;
+
+    /**
+     * Updates a user entity based on this.
+     * @param user The user that shall be updated.
+     */
+    public async updateUser(user: User): Promise<User> {
+        user.email = this.email;
+        user.username = this.username;
+        if ((user.email === undefined || user.email === null) && (user.username === undefined || user.username === null)) {
+            throw new UsernameOrEmailNeededError();
+        }
+        if (this.password) {
+            user.password = await argon2.hash(this.password + user.uuid);
+            user.refreshTokenCount = user.refreshTokenCount + 1;
+        }
+
+        user.enabled = this.enabled;
+        user.firstname = this.firstname
+        user.middlename = this.middlename
+        user.lastname = this.lastname
+        user.phone = this.phone;
+        user.groups = await this.getGroups();
+
+        if (!this.profilePic) { user.profilePic = `https://dev.lauf-fuer-kaya.de/lfk-logo.png`; }
+        else { user.profilePic = this.profilePic; }
+
+        return user;
+    }
+
+    /**
+     * Loads the updated user's groups based on their ids.
+     */
+    public async getGroups() {
+        if (!this.groups) { return null; }
+        let groups = new Array<UserGroup>();
+        if (!Array.isArray(this.groups)) {
+            this.groups = [this.groups]
+        }
+        for (let group of this.groups) {
+            let found = await getConnectionManager().get().getRepository(UserGroup).findOne({ id: group.id });
+            if (!found) { throw new UserGroupNotFoundError(); }
+            groups.push(found);
+        }
+        return groups;
+    }
+}

src/models/entities/Address.ts

@@ -6,11 +6,12 @@ import {
   IsString
 } from "class-validator";
 import { Column, Entity, OneToMany, PrimaryGeneratedColumn } from "typeorm";
-import { Participant } from "./Participant";
-import { RunnerOrganisation } from "./RunnerOrganisation";
+import { config } from '../../config';
+import { IAddressUser } from './IAddressUser';
 
 /**
- * Defines a address (to be used for contact information).
+ * Defines the Address entity.
+ * Implemented this way to prevent any formatting differences.
 */
 @Entity()
 export class Address {
@@ -23,6 +24,7 @@ export class Address {
 
   /**
    * The address's description.
+   * Optional and mostly for UX.
    */
   @Column({ nullable: true })
   @IsString()
@@ -49,11 +51,12 @@ export class Address {
 
   /**
    * The address's postal code.
+   * This will get checked against the postal code syntax for the configured country.
    */
   @Column()
   @IsString()
   @IsNotEmpty()
-  @IsPostalCode("DE")
+  @IsPostalCode(config.postalcode_validation_countrycode)
   postalcode: string;
 
   /**
@@ -75,12 +78,13 @@ export class Address {
   /**
    * Used to link the address to participants.
    */
-  @OneToMany(() => Participant, participant => participant.address, { nullable: true })
-  participants: Participant[];
+  @OneToMany(() => IAddressUser, addressUser => addressUser.address, { nullable: true })
+  addressUsers: IAddressUser[];
 
   /**
-   * Used to link the address to runner groups.
+   * Turns this entity into it's response class.
    */
-  @OneToMany(() => RunnerOrganisation, group => group.address, { nullable: true })
-  groups: RunnerOrganisation[];
+  public toResponse() {
+    return new Error("NotImplemented");
+  }
 }

src/models/entities/DistanceDonation.ts

@@ -4,19 +4,21 @@ import { Donation } from "./Donation";
 import { Runner } from "./Runner";
 
 /**
- * Defines a distance based donation.
- * Here people donate a certain amout per kilometer
+ * Defines the DistanceDonation entity.
+ * For distanceDonations a donor pledges to donate a certain amount for each kilometer ran by a runner.
 */
 @ChildEntity()
 export class DistanceDonation extends Donation {
   /**
-   * The runner associated.
+   * The donation's associated runner.
+   * Used as the source of the donation's distance.
    */
   @IsNotEmpty()
   @ManyToOne(() => Runner, runner => runner.distanceDonations)
   runner: Runner;
 
   /**
+   * The donation's amount donated per distance.
    * The amount the donor set to be donated per kilometer that the runner ran.
    */
   @Column()
@@ -26,15 +28,22 @@ export class DistanceDonation extends Donation {
 
   /**
    * The donation's amount in cents (or whatever your currency's smallest unit is.).
-   * The exact implementation may differ for each type of donation.
+   * Get's calculated from the runner's distance ran and the amount donated per kilometer.
    */
   public get amount(): number {
     let calculatedAmount = -1;
     try {
-      calculatedAmount = this.amountPerDistance * this.runner.distance;
+      calculatedAmount = this.amountPerDistance * (this.runner.distance / 1000);
     } catch (error) {
       throw error;
     }
     return calculatedAmount;
   }
+
+  /**
+   * Turns this entity into it's response class.
+   */
+  public toResponse() {
+    return new Error("NotImplemented");
+  }
 }

src/models/entities/Donation.ts

@@ -3,10 +3,12 @@ import {
   IsNotEmpty
 } from "class-validator";
 import { Entity, ManyToOne, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
-import { Participant } from "./Participant";
+import { Donor } from './Donor';
 
 /**
- * Defines the donation interface.
+ * Defines the Donation entity.
+ * A donation just associates a donor with a donation amount.
+ * The specifics of the amoun's determination has to be implemented in child classes.
 */
 @Entity()
 @TableInheritance({ column: { name: "type", type: "varchar" } })
@@ -22,12 +24,19 @@ export abstract class Donation {
    * The donations's donor.
    */
   @IsNotEmpty()
-  @ManyToOne(() => Participant, donor => donor.donations)
-  donor: Participant;
+  @ManyToOne(() => Donor, donor => donor.donations)
+  donor: Donor;
 
   /**
    * The donation's amount in cents (or whatever your currency's smallest unit is.).
    * The exact implementation may differ for each type of donation.
    */
-  abstract amount: number | Promise<number>;
+  abstract amount: number;
+
+  /**
+   * Turns this entity into it's response class.
+   */
+  public toResponse() {
+    return new Error("NotImplemented");
+  }
 }

src/models/entities/Donor.ts

@@ -1,17 +1,33 @@
 import { IsBoolean } from "class-validator";
-import { ChildEntity, Column } from "typeorm";
+import { ChildEntity, Column, OneToMany } from "typeorm";
+import { ResponseDonor } from '../responses/ResponseDonor';
+import { Donation } from './Donation';
 import { Participant } from "./Participant";
 
 /**
- * Defines a donor.
+ * Defines the Donor entity.
 */
 @ChildEntity()
 export class Donor extends Participant {
   /**
-   * Does this donor need a receipt?.
-   * Default: false
+   * Does this donor need a receipt?
+   * Will later be used to automaticly generate donation receipts.
    */
   @Column()
   @IsBoolean()
   receiptNeeded: boolean = false;
+
+  /**
+ * Used to link the participant as the donor of a donation.
+ * Attention: Only runner's can be associated as a distanceDonations distance source.
+ */
+  @OneToMany(() => Donation, donation => donation.donor, { nullable: true })
+  donations: Donation[];
+
+  /**
+   * Turns this entity into it's response class.
+   */
+  public toResponse(): ResponseDonor {
+    return new ResponseDonor(this);
+  }
 }

src/models/entities/FixedDonation.ts

@@ -3,7 +3,8 @@ import { ChildEntity, Column } from "typeorm";
 import { Donation } from "./Donation";
 
 /**
- * Defines a fixed donation.
+ * Defines the FixedDonation entity.
+ * In the past there was no easy way to track fixed donations (eg. for creating donation receipts).
 */
 @ChildEntity()
 export class FixedDonation extends Donation {
@@ -15,4 +16,11 @@ export class FixedDonation extends Donation {
   @IsInt()
   @IsPositive()
   amount: number;
+
+  /**
+   * Turns this entity into it's response class.
+   */
+  public toResponse() {
+    return new Error("NotImplemented");
+  }
 }

src/models/entities/GroupContact.ts

@@ -10,16 +10,18 @@ import {
 import { Column, Entity, ManyToOne, OneToMany, PrimaryGeneratedColumn } from "typeorm";
 import { config } from '../../config';
 import { Address } from "./Address";
+import { IAddressUser } from './IAddressUser';
 import { RunnerGroup } from "./RunnerGroup";
 
 /**
- * Defines a group's contact.
+ * Defines the GroupContact entity.
+ * Mainly it's own class to reduce duplicate code and enable contact's to be associated with multiple groups.
 */
 @Entity()
-export class GroupContact {
+export class GroupContact implements IAddressUser {
   /**
- * Autogenerated unique id (primary key).
- */
+   * Autogenerated unique id (primary key).
+   */
   @PrimaryGeneratedColumn()
   @IsInt()
   id: number;
@@ -34,7 +36,6 @@ export class GroupContact {
 
   /**
    * The contact's middle name.
-   * Optional
    */
   @Column({ nullable: true })
   @IsOptional()
@@ -51,15 +52,15 @@ export class GroupContact {
 
   /**
    * The contact's address.
-   * Optional
+   * This is a address object to prevent any formatting differences.
    */
   @IsOptional()
-  @ManyToOne(() => Address, address => address.participants, { nullable: true })
+  @ManyToOne(() => Address, address => address.addressUsers, { nullable: true })
   address?: Address;
 
   /**
    * The contact's phone number.
-   * Optional
+   * This will be validated against the configured country phone numer syntax (default: international).
    */
   @Column({ nullable: true })
   @IsOptional()
@@ -68,7 +69,7 @@ export class GroupContact {
 
   /**
    * The contact's email address.
-   * Optional
+   * Could later be used to automaticly send mails concerning the contact's associated groups.
    */
   @Column({ nullable: true })
   @IsOptional()
@@ -80,4 +81,11 @@ export class GroupContact {
     */
   @OneToMany(() => RunnerGroup, group => group.contact, { nullable: true })
   groups: RunnerGroup[];
+
+  /**
+   * Turns this entity into it's response class.
+   */
+  public toResponse() {
+    return new Error("NotImplemented");
+  }
 }

src/models/entities/IAddressUser.ts

@@ -0,0 +1,20 @@
+import { Entity, ManyToOne, PrimaryColumn } from 'typeorm';
+import { Address } from './Address';
+
+/**
+ * The interface(tm) all entities using addresses have to implement.
+ * This is a abstract class, because apparently typeorm can't really work with interfaces :/
+ */
+@Entity()
+export abstract class IAddressUser {
+    @PrimaryColumn()
+    id: number;
+
+    @ManyToOne(() => Address, address => address.addressUsers, { nullable: true })
+    address?: Address
+
+    /**
+   * Turns this entity into it's response class.
+   */
+    public abstract toResponse();
+}

src/models/entities/Participant.ts

@@ -7,17 +7,19 @@ import {
 
   IsString
 } from "class-validator";
-import { Column, Entity, ManyToOne, OneToMany, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
+import { Column, Entity, ManyToOne, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
 import { config } from '../../config';
+import { ResponseParticipant } from '../responses/ResponseParticipant';
 import { Address } from "./Address";
-import { Donation } from "./Donation";
+import { IAddressUser } from './IAddressUser';
 
 /**
- * Defines the participant interface.
+ * Defines the Participant entity.
+ * Participans can donate and therefor be associated with donation entities.
 */
 @Entity()
 @TableInheritance({ column: { name: "type", type: "varchar" } })
-export abstract class Participant {
+export abstract class Participant implements IAddressUser {
   /**
    * Autogenerated unique id (primary key).
    */
@@ -35,7 +37,6 @@ export abstract class Participant {
 
   /**
    * The participant's middle name.
-   * Optional
    */
   @Column({ nullable: true })
   @IsOptional()
@@ -52,14 +53,14 @@ export abstract class Participant {
 
   /**
    * The participant's address.
-   * Optional
+   * This is a address object to prevent any formatting differences.
    */
-  @ManyToOne(() => Address, address => address.participants, { nullable: true })
+  @ManyToOne(() => Address, address => address.addressUsers, { nullable: true })
   address?: Address;
 
   /**
    * The participant's phone number.
-   * Optional
+   * This will be validated against the configured country phone numer syntax (default: international).
    */
   @Column({ nullable: true })
   @IsOptional()
@@ -68,7 +69,7 @@ export abstract class Participant {
 
   /**
    * The participant's email address.
-   * Optional
+   * Can be used to contact the participant.
    */
   @Column({ nullable: true })
   @IsOptional()
@@ -76,8 +77,7 @@ export abstract class Participant {
   email?: string;
 
   /**
-   * Used to link the participant as the donor of a donation.
+   * Turns this entity into it's response class.
    */
-  @OneToMany(() => Donation, donation => donation.donor, { nullable: true })
-  donations: Donation[];
+  public abstract toResponse(): ResponseParticipant;
 }

src/models/entities/Permission.ts

@@ -1,17 +1,20 @@
 import {
+  IsEnum,
   IsInt,
-  IsNotEmpty,
-
-  IsString
+  IsNotEmpty
 } from "class-validator";
-import { Column, Entity, OneToMany, PrimaryGeneratedColumn } from "typeorm";
-import { User } from './User';
-import { UserGroup } from './UserGroup';
+import { Column, Entity, ManyToOne, PrimaryGeneratedColumn } from "typeorm";
+import { PermissionAction } from '../enums/PermissionAction';
+import { PermissionTarget } from '../enums/PermissionTargets';
+import { ResponsePermission } from '../responses/ResponsePermission';
+import { Principal } from './Principal';
 /**
- * Defines the Permission interface.
+ * Defines the Permission entity.
+ * Permissions can be granted to principals.
+ * The permissions possible targets and actions are defined in enums.
 */
 @Entity()
-export abstract class Permission {
+export class Permission {
   /**
    * Autogenerated unique id (primary key).
    */
@@ -20,30 +23,40 @@ export abstract class Permission {
   id: number;
 
   /**
-   * users
+   * The permission's principal.
    */
-  @OneToMany(() => User, user => user.permissions, { nullable: true })
-  users: User[]
+  @ManyToOne(() => Principal, principal => principal.permissions)
+  principal: Principal;
 
   /**
-   * groups
+   * The permission's target.
+   * This get's stored as the enum value's string representation for compatability reasons.
    */
-  @OneToMany(() => UserGroup, group => group.permissions, { nullable: true })
-  groups: UserGroup[]
-
-  /**
-   * The target
-   */
-  @Column()
+  @Column({ type: 'varchar' })
   @IsNotEmpty()
-  @IsString()
-  target: string;
+  @IsEnum(PermissionTarget)
+  target: PermissionTarget;
 
   /**
-   * The action type
+   * The permission's action.
+   * This get's stored as the enum value's string representation for compatability reasons.
    */
-  @Column()
-  @IsNotEmpty()
-  @IsString()
-  action: string;
+  @Column({ type: 'varchar' })
+  @IsEnum(PermissionAction)
+  action: PermissionAction;
+
+  /**
+   * Turn this into a string for exporting and jwts.
+   * Mainly used to shrink the size of jwts (otherwise the would contain entire objects).
+   */
+  public toString(): string {
+    return this.target + ":" + this.action;
+  }
+
+  /**
+   * Turns this entity into it's response class.
+   */
+  public toResponse(): ResponsePermission {
+    return new ResponsePermission(this);
+  }
 }

src/models/entities/Principal.ts

@@ -0,0 +1,30 @@
+import { IsInt } from 'class-validator';
+import { Entity, OneToMany, PrimaryGeneratedColumn, TableInheritance } from 'typeorm';
+import { ResponsePrincipal } from '../responses/ResponsePrincipal';
+import { Permission } from './Permission';
+
+/**
+ * Defines the principal entity.
+ * A principal basicly is any entity that can receive permissions for the api (users and their groups).
+*/
+@Entity()
+@TableInheritance({ column: { name: "type", type: "varchar" } })
+export abstract class Principal {
+  /**
+  * Autogenerated unique id (primary key).
+  */
+  @PrimaryGeneratedColumn()
+  @IsInt()
+  id: number;
+
+  /**
+  * The participant's permissions.
+  */
+  @OneToMany(() => Permission, permission => permission.principal, { nullable: true })
+  permissions: Permission[];
+
+  /**
+   * Turns this entity into it's response class.
+   */
+  public abstract toResponse(): ResponsePrincipal;
+}

src/models/entities/Runner.ts

@@ -1,5 +1,6 @@
 import { IsInt, IsNotEmpty } from "class-validator";
 import { ChildEntity, ManyToOne, OneToMany } from "typeorm";
+import { ResponseRunner } from '../responses/ResponseRunner';
 import { DistanceDonation } from "./DistanceDonation";
 import { Participant } from "./Participant";
 import { RunnerCard } from "./RunnerCard";
@@ -7,47 +8,70 @@ import { RunnerGroup } from "./RunnerGroup";
 import { Scan } from "./Scan";
 
 /**
- * Defines a runner.
+ * Defines the runner entity.
+ * Runners differ from participants in being able to actually accumulate a ran distance through scans.
+ * Runner's get organized in groups.
 */
 @ChildEntity()
 export class Runner extends Participant {
   /**
    * The runner's associated group.
+   * Can be a runner team or organisation.
    */
   @IsNotEmpty()
-  @ManyToOne(() => RunnerGroup, group => group.runners, { nullable: false })
+  @ManyToOne(() => RunnerGroup, group => group.runners)
   group: RunnerGroup;
 
   /**
-   * Used to link runners to donations.
+   * The runner's associated distanceDonations.
+   * Used to link runners to distanceDonations in order to calculate the donation's amount based on the distance the runner ran.
    */
   @OneToMany(() => DistanceDonation, distanceDonation => distanceDonation.runner, { nullable: true })
   distanceDonations: DistanceDonation[];
 
   /**
-   * Used to link runners to cards.
+   * The runner's associated cards.
+   * Used to link runners to cards - yes a runner be associated with multiple cards this came in handy in the past.
    */
   @OneToMany(() => RunnerCard, card => card.runner, { nullable: true })
   cards: RunnerCard[];
 
   /**
-   * Used to link runners to a scans
+   * The runner's associated scans.
+   * Used to link runners to scans (valid and fraudulant).
    */
   @OneToMany(() => Scan, scan => scan.runner, { nullable: true })
   scans: Scan[];
 
   /**
    * Returns all valid scans associated with this runner.
+   * This is implemented here to avoid duplicate code in other files.
    */
   public get validScans(): Scan[] {
-    return this.scans.filter(scan => { scan.valid === true });
+    return this.scans.filter(scan => scan.valid == true);
   }
 
   /**
-   * Returns the total distance ran by this runner.
+   * Returns the total distance ran by this runner based on all his valid scans.
+   * This is implemented here to avoid duplicate code in other files.
   */
   @IsInt()
   public get distance(): number {
     return this.validScans.reduce((sum, current) => sum + current.distance, 0);
   }
+
+  /**
+   * Returns the total donations a runner has collected based on his linked donations and distance ran.
+  */
+  @IsInt()
+  public get distanceDonationAmount(): number {
+    return this.distanceDonations.reduce((sum, current) => sum + current.amountPerDistance, 0) * this.distance;
+  }
+
+  /**
+   * Turns this entity into it's response class.
+   */
+  public toResponse(): ResponseRunner {
+    return new ResponseRunner(this);
+  }
 }

src/models/entities/RunnerCard.ts

@@ -11,7 +11,9 @@ import { Runner } from "./Runner";
 import { TrackScan } from "./TrackScan";
 
 /**
- * Defines a card that can be scanned via a scanner station.
+ * Defines the RunnerCard entity.
+ * A runnerCard is a physical representation for a runner.
+ * It can be associated with a runner to create scans via the scan station's.
 */
 @Entity()
 export class RunnerCard {
@@ -23,7 +25,8 @@ export class RunnerCard {
   id: number;
 
   /**
-   * The runner that is currently associated with this card.
+   * The card's currently associated runner.
+   * To increase reusability a card can be reassigned.
    */
   @IsOptional()
   @ManyToOne(() => Runner, runner => runner.cards, { nullable: true })
@@ -32,7 +35,7 @@ export class RunnerCard {
   /**
    * The card's code.
    * This has to be able to being converted to something barcode compatible.
-   * could theoretically be autogenerated
+   * Will get automaticlly generated (not implemented yet).
    */
   @Column()
   @IsEAN()
@@ -49,8 +52,16 @@ export class RunnerCard {
   enabled: boolean = true;
 
   /**
-   * Used to link cards to a track scans.
+   * The card's associated scans.
+   * Used to link cards to track scans.
    */
   @OneToMany(() => TrackScan, scan => scan.track, { nullable: true })
   scans: TrackScan[];
+
+  /**
+   * Turns this entity into it's response class.
+   */
+  public toResponse() {
+    return new Error("NotImplemented");
+  }
 }

src/models/entities/RunnerGroup.ts

@@ -5,11 +5,13 @@ import {
   IsString
 } from "class-validator";
 import { Column, Entity, ManyToOne, OneToMany, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
+import { ResponseRunnerGroup } from '../responses/ResponseRunnerGroup';
 import { GroupContact } from "./GroupContact";
 import { Runner } from "./Runner";
 
 /**
- * Defines the runnerGroup interface.
+ * Defines the RunnerGroup entity.
+ * This is used to group runners together (as the name suggests).
 */
 @Entity()
 @TableInheritance({ column: { name: "type", type: "varchar" } })
@@ -31,15 +33,37 @@ export abstract class RunnerGroup {
 
   /**
    * The group's contact.
-   * Optional
+   * This is mostly a feature for the group managers and public relations.
    */
   @IsOptional()
   @ManyToOne(() => GroupContact, contact => contact.groups, { nullable: true })
   contact?: GroupContact;
 
   /**
+   * The group's associated runners.
    * Used to link runners to a runner group.
    */
   @OneToMany(() => Runner, runner => runner.group, { nullable: true })
   runners: Runner[];
+
+  /**
+   * Returns the total distance ran by this group's runners based on all their valid scans.
+  */
+  @IsInt()
+  public get distance(): number {
+    return this.runners.reduce((sum, current) => sum + current.distance, 0);
+  }
+
+  /**
+   * Returns the total donations a runner has collected based on his linked donations and distance ran.
+  */
+  @IsInt()
+  public get distanceDonationAmount(): number {
+    return this.runners.reduce((sum, current) => sum + current.distanceDonationAmount, 0);
+  }
+
+  /**
+   * Turns this entity into it's response class.
+   */
+  public abstract toResponse(): ResponseRunnerGroup;
 }

src/models/entities/RunnerOrganisation.ts

@@ -1,26 +1,65 @@
-import { IsOptional } from "class-validator";
+import { IsInt, IsOptional } from "class-validator";
 import { ChildEntity, ManyToOne, OneToMany } from "typeorm";
-import { Address } from "./Address";
+import { ResponseRunnerOrganisation } from '../responses/ResponseRunnerOrganisation';
+import { Address } from './Address';
+import { IAddressUser } from './IAddressUser';
+import { Runner } from './Runner';
 import { RunnerGroup } from "./RunnerGroup";
 import { RunnerTeam } from "./RunnerTeam";
 
 /**
- * Defines a runner organisation (business or school for example).
+ * Defines the RunnerOrganisation entity.
+ * This usually is a school, club or company.
 */
 @ChildEntity()
-export class RunnerOrganisation extends RunnerGroup {
+export class RunnerOrganisation extends RunnerGroup implements IAddressUser {
 
   /**
    * The organisations's address.
-   * Optional
    */
   @IsOptional()
-  @ManyToOne(() => Address, address => address.groups, { nullable: true })
+  @ManyToOne(() => Address, address => address.addressUsers, { nullable: true })
   address?: Address;
 
   /**
- * Used to link teams to runner groups.
- */
+   * The organisation's teams.
+   * Used to link teams to a organisation.
+   */
   @OneToMany(() => RunnerTeam, team => team.parentGroup, { nullable: true })
   teams: RunnerTeam[];
+
+  /**
+   * Returns all runners associated with this organisation (directly or indirectly via teams).
+   */
+  public get allRunners(): Runner[] {
+    let returnRunners: Runner[] = new Array<Runner>();
+    returnRunners.push(...this.runners);
+    for (let team of this.teams) {
+      returnRunners.push(...team.runners)
+    }
+    return returnRunners;
+  }
+
+  /**
+   * Returns the total distance ran by this group's runners based on all their valid scans.
+  */
+  @IsInt()
+  public get distance(): number {
+    return this.allRunners.reduce((sum, current) => sum + current.distance, 0);
+  }
+
+  /**
+   * Returns the total donations a runner has collected based on his linked donations and distance ran.
+  */
+  @IsInt()
+  public get distanceDonationAmount(): number {
+    return this.allRunners.reduce((sum, current) => sum + current.distanceDonationAmount, 0);
+  }
+
+  /**
+   * Turns this entity into it's response class.
+   */
+  public toResponse(): ResponseRunnerOrganisation {
+    return new ResponseRunnerOrganisation(this);
+  }
 }

src/models/entities/RunnerTeam.ts

@@ -1,19 +1,28 @@
 import { IsNotEmpty } from "class-validator";
 import { ChildEntity, ManyToOne } from "typeorm";
+import { ResponseRunnerTeam } from '../responses/ResponseRunnerTeam';
 import { RunnerGroup } from "./RunnerGroup";
 import { RunnerOrganisation } from "./RunnerOrganisation";
 
 /**
- * Defines a runner team (class or deparment for example).
+ * Defines the RunnerTeam entity.
+ * This usually is a school class or department in a company.
 */
 @ChildEntity()
 export class RunnerTeam extends RunnerGroup {
 
   /**
    * The team's parent group.
-   * Optional
+   * Every team has to be part of a runnerOrganisation - this get's checked on creation and update.
    */
   @IsNotEmpty()
   @ManyToOne(() => RunnerOrganisation, org => org.teams, { nullable: true })
   parentGroup?: RunnerOrganisation;
+
+  /**
+   * Turns this entity into it's response class.
+   */
+  public toResponse(): ResponseRunnerTeam {
+    return new ResponseRunnerTeam(this);
+  }
 }

src/models/entities/Scan.ts

@@ -6,14 +6,16 @@ import {
   IsPositive
 } from "class-validator";
 import { Column, Entity, ManyToOne, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
+import { ResponseScan } from '../responses/ResponseScan';
 import { Runner } from "./Runner";
 
 /**
- * Defines the scan interface.
+ * Defines the Scan entity.
+ * A scan basicly adds a certain distance to a runner's total ran distance.
 */
 @Entity()
 @TableInheritance({ column: { name: "type", type: "varchar" } })
-export abstract class Scan {
+export class Scan {
   /**
    * Autogenerated unique id (primary key).
    */
@@ -22,24 +24,52 @@ export abstract class Scan {
   id: number;
 
   /**
-   * The associated runner.
+   * The scan's associated runner.
+   * This is important to link ran distances to runners.
    */
   @IsNotEmpty()
   @ManyToOne(() => Runner, runner => runner.scans, { nullable: false })
   runner: Runner;
 
   /**
-   * The scan's distance in meters.
+   * Is the scan valid (for fraud reasons).
+   * The determination of validity will work differently for every child class.
+   * Default: true
    */
-  @IsInt()
-  @IsPositive()
-  abstract distance: number;
-
-  /**
- * Is the scan valid (for fraud reasons).
- * Default: true
- */
   @Column()
   @IsBoolean()
   valid: boolean = true;
+
+  /**
+   * The scan's distance in meters.
+   * This is the "real" value used by "normal" scans..
+   */
+  @Column({ nullable: true })
+  @IsInt()
+  private _distance?: number;
+
+  /**
+   * The scan's distance in meters.
+   * Can be set manually or derived from another object.
+   */
+  @IsInt()
+  @IsPositive()
+  public get distance(): number {
+    return this._distance;
+  }
+
+  /**
+   * The scan's distance in meters.
+   * Can be set manually or derived from another object.
+   */
+  public set distance(value: number) {
+    this._distance = value;
+  }
+
+  /**
+   * Turns this entity into it's response class.
+   */
+  public toResponse(): ResponseScan {
+    return new ResponseScan(this);
+  }
 }

src/models/entities/ScanStation.ts

@@ -6,11 +6,13 @@ import {
   IsString
 } from "class-validator";
 import { Column, Entity, ManyToOne, OneToMany, PrimaryGeneratedColumn } from "typeorm";
+import { ResponseScanStation } from '../responses/ResponseScanStation';
 import { Track } from "./Track";
 import { TrackScan } from "./TrackScan";
 
 /**
- * ScannerStations have the ability to create scans for specific tracks.
+ * Defines the ScanStation entity.
+ * ScanStations get used to create TrackScans for runners based on a scan of their runnerCard.
 */
 @Entity()
 export class ScanStation {
@@ -23,6 +25,7 @@ export class ScanStation {
 
   /**
    * The station's description.
+   * Mostly for better UX when traceing back stuff.
    */
   @Column({ nullable: true })
   @IsOptional()
@@ -31,13 +34,23 @@ export class ScanStation {
 
   /**
    * The track this station is associated with.
+   * All scans created by this station will also be associated with this track.
    */
   @IsNotEmpty()
   @ManyToOne(() => Track, track => track.stations, { nullable: false })
   track: Track;
 
+  /**
+   * The client's api key prefix.
+   * This is used identitfy a client by it's api key.
+   */
+  @Column({ unique: true })
+  @IsString()
+  prefix: string;
+
   /**
    * The station's api key.
+   * This is used to authorize a station against the api (not implemented yet).
    */
   @Column()
   @IsNotEmpty()
@@ -45,16 +58,30 @@ export class ScanStation {
   key: string;
 
   /**
-   * Is the station enabled (for fraud reasons)?
-   * Default: true
+   * The client's api key in plain text.
+   * This will only be used to display the full key on creation and updates.
    */
-  @Column()
-  @IsBoolean()
-  enabled: boolean = true;
+  @IsString()
+  @IsOptional()
+  cleartextkey?: string;
 
   /**
    * Used to link track scans to a scan station.
    */
   @OneToMany(() => TrackScan, scan => scan.track, { nullable: true })
   scans: TrackScan[];
+
+  /**
+  * Is this station enabled?
+  */
+  @Column({ nullable: true })
+  @IsBoolean()
+  enabled?: boolean = true;
+
+  /**
+   * Turns this entity into it's response class.
+   */
+  public toResponse(): ResponseScanStation {
+    return new ResponseScanStation(this);
+  }
 }

src/models/entities/StatsClient.ts

@@ -0,0 +1,56 @@
+import { IsInt, IsOptional, IsString } from "class-validator";
+import { Column, Entity, PrimaryGeneratedColumn } from "typeorm";
+import { ResponseStatsClient } from '../responses/ResponseStatsClient';
+/**
+ * Defines the StatsClient entity.
+ * StatsClients can be used to access the protected parts of the stats api (top runners, donators and so on).
+*/
+@Entity()
+export class StatsClient {
+    /**
+     * Autogenerated unique id (primary key).
+     */
+    @PrimaryGeneratedColumn()
+    @IsInt()
+    id: number;
+
+    /**
+     * The clients's description.
+     * Mostly for better UX when traceing back stuff.
+     */
+    @Column({ nullable: true })
+    @IsOptional()
+    @IsString()
+    description?: string;
+
+    /**
+     * The client's api key prefix.
+     * This is used identitfy a client by it's api key.
+     */
+    @Column({ unique: true })
+    @IsString()
+    prefix: string;
+
+    /**
+     * The client's api key hash.
+     * The api key can be used to authenticate against the /stats/** routes.
+     */
+    @Column()
+    @IsString()
+    key: string;
+
+    /**
+     * The client's api key in plain text.
+     * This will only be used to display the full key on creation and updates.
+     */
+    @IsString()
+    @IsOptional()
+    cleartextkey?: string;
+
+    /**
+   * Turns this entity into it's response class.
+   */
+    public toResponse(): ResponseStatsClient {
+        return new ResponseStatsClient(this);
+    }
+}

src/models/entities/Track.ts

@@ -1,16 +1,17 @@
 import {
   IsInt,
   IsNotEmpty,
-
+  IsOptional,
   IsPositive,
   IsString
 } from "class-validator";
 import { Column, Entity, OneToMany, PrimaryGeneratedColumn } from "typeorm";
+import { ResponseTrack } from '../responses/ResponseTrack';
 import { ScanStation } from "./ScanStation";
 import { TrackScan } from "./TrackScan";
 
 /**
- * Defines a track of given length.
+ * Defines the Track entity.
 */
 @Entity()
 export class Track {
@@ -19,10 +20,11 @@ export class Track {
    */
   @PrimaryGeneratedColumn()
   @IsInt()
-  id: number;;
+  id: number;
 
   /**
    * The track's name.
+   * Mainly here for UX.
    */
   @Column()
   @IsString()
@@ -31,6 +33,7 @@ export class Track {
 
   /**
    * The track's length/distance in meters.
+   * Will be used to calculate runner's ran distances.
    */
   @Column()
   @IsInt()
@@ -38,14 +41,32 @@ export class Track {
   distance: number;
 
   /**
-   * Used to link scan stations to track.
+   * The minimum time a runner should take to run a lap on this track (in seconds).
+   * Will be used for fraud detection.
+   */
+  @Column({ nullable: true })
+  @IsInt()
+  @IsOptional()
+  minimumLapTime?: number;
+
+  /**
+   * Used to link scan stations to a certain track.
+   * This makes the configuration of the scan stations easier.
    */
   @OneToMany(() => ScanStation, station => station.track, { nullable: true })
   stations: ScanStation[];
 
   /**
    * Used to link track scans to a track.
+   * The scan will derive it's distance from the track's distance.
    */
   @OneToMany(() => TrackScan, scan => scan.track, { nullable: true })
   scans: TrackScan[];
+
+  /**
+   * Turns this entity into it's response class.
+   */
+  public toResponse(): ResponseTrack {
+    return new ResponseTrack(this);
+  }
 }

src/models/entities/TrackScan.ts

@@ -6,32 +6,37 @@ import {
   IsPositive
 } from "class-validator";
 import { ChildEntity, Column, ManyToOne } from "typeorm";
+import { ResponseTrackScan } from '../responses/ResponseTrackScan';
 import { RunnerCard } from "./RunnerCard";
 import { Scan } from "./Scan";
 import { ScanStation } from "./ScanStation";
 import { Track } from "./Track";
 
 /**
- * Defines the scan interface.
+ * Defines the TrackScan entity.
+ * A track scan usaually get's generated by a scan station.
 */
 @ChildEntity()
 export class TrackScan extends Scan {
   /**
-   * The associated track.
+   * The scan's associated track.
+   * This is used to determine the scan's distance.
    */
   @IsNotEmpty()
   @ManyToOne(() => Track, track => track.scans, { nullable: true })
   track: Track;
 
   /**
-   * The associated card.
+   * The runnerCard associated with the scan.
+   * This get's saved for documentation and management purposes.
    */
   @IsNotEmpty()
   @ManyToOne(() => RunnerCard, card => card.scans, { nullable: true })
   card: RunnerCard;
 
   /**
-   * The scanning station.
+   * The scanning station that created the scan.
+   * Mainly used for logging and traceing back scans (or errors)
    */
   @IsNotEmpty()
   @ManyToOne(() => ScanStation, station => station.scans, { nullable: true })
@@ -39,6 +44,7 @@ export class TrackScan extends Scan {
 
   /**
    * The scan's distance in meters.
+   * This just get's loaded from it's track.
    */
   @IsInt()
   @IsPositive()
@@ -48,9 +54,17 @@ export class TrackScan extends Scan {
 
   /**
    * The scan's creation timestamp.
+   * Will be used to implement fraud detection.
    */
   @Column()
   @IsDateString()
   @IsNotEmpty()
   timestamp: string;
+
+  /**
+   * Turns this entity into it's response class.
+   */
+  public toResponse(): ResponseTrackScan {
+    return new ResponseTrackScan(this);
+  }
 }