chore(release): 1.4.2

close #210

.drone.yml

@@ -1,164 +0,0 @@
----
-kind: pipeline
-name: tests:node_latest
-clone:
-  disable: true
-steps:
-  - name: checkout pr
-    image: alpine/git
-    commands:
-      - git clone $DRONE_REMOTE_URL .
-      - git checkout $DRONE_SOURCE_BRANCH
-      - mv .env.ci .env
-  - name: run tests
-    image: node:latest
-    commands:
-      - yarn
-      - yarn test:ci
-trigger:
-  event:
-    - pull_request
-
----
-kind: pipeline
-type: docker
-name: build:dev
-clone:
-  disable: true
-
-steps:
-  - name: clone
-    image: alpine/git
-    commands:
-      - git clone $DRONE_REMOTE_URL .
-      - git checkout dev
-  - name: build dev
-    image: plugins/docker
-    depends_on: [clone]
-    settings:
-      username:
-        from_secret: DOCKER_REGISTRY_USER
-      password:
-        from_secret: DOCKER_REGISTRY_PASSWORD
-      repo: registry.odit.services/lfk/backend
-      tags:
-        - dev
-      registry: registry.odit.services
-  - name: run changelog export
-    depends_on: ["clone"]
-    image: node:latest
-    commands:
-      - npx auto-changelog --commit-limit false -p -u --hide-credit
-  - name: push new changelog to repo
-    depends_on: ["run changelog export"]
-    image: appleboy/drone-git-push
-    settings:
-      branch: dev
-      commit: true
-      commit_message: 🧾New changelog file version [CI SKIP] [skip ci]
-      author_email: bot@odit.services
-      remote: git@git.odit.services:lfk/backend.git
-      ssh_key:
-        from_secret: GITLAB_SSHKEY
-  - name: run full license export
-    depends_on: ["clone"]
-    image: node:14.15.1-alpine3.12
-    commands:
-      - yarn
-      - yarn licenses:export
-  - name: push new licenses file to repo
-    depends_on: ["run full license export"]
-    image: appleboy/drone-git-push
-    settings:
-      branch: dev
-      commit: true
-      commit_message: 📖New license file version [CI SKIP] [skip ci]
-      author_email: bot@odit.services
-      remote: git@git.odit.services:lfk/backend.git
-      skip_verify: true
-      ssh_key:
-        from_secret: GITLAB_SSHKEY
-
-
-trigger:
-  branch:
-    - dev
-  event:
-    - push
-
----
-kind: pipeline
-type: docker
-name: build:latest
-clone:
-  disable: true
-
-steps:
-  - name: clone
-    image: alpine/git
-    commands:
-      - git clone $DRONE_REMOTE_URL .
-      - git checkout dev
-      - git merge main
-      - git checkout main
-  - name: build latest
-    depends_on: ["clone"]
-    image: plugins/docker
-    settings:
-      username:
-        from_secret: DOCKER_REGISTRY_USER
-      password:
-        from_secret: DOCKER_REGISTRY_PASSWORD
-      repo: registry.odit.services/lfk/backend
-      tags:
-        - latest
-      registry: registry.odit.services
-  - name: push merge to repo
-    depends_on: ["clone"]
-    image: appleboy/drone-git-push
-    settings:
-      branch: dev
-      commit: false
-      remote: git@git.odit.services:lfk/backend.git
-      ssh_key:
-        from_secret: GITLAB_SSHKEY
-
-trigger:
-  branch:
-    - main
-  event:
-    - push
-
----
-kind: pipeline
-type: docker
-name: build:tags
-
-steps:
-  - name: build $DRONE_TAG
-    image: plugins/docker
-    depends_on: [clone]
-    settings:
-      username:
-        from_secret: DOCKER_REGISTRY_USER
-      password:
-        from_secret: DOCKER_REGISTRY_PASSWORD
-      repo: registry.odit.services/lfk/backend
-      tags:
-        - '${DRONE_TAG}'
-      registry: registry.odit.services
-  - name: trigger node lib build
-    image: idcooldi/drone-webhook
-    settings:
-      urls: https://ci.odit.services/api/repos/lfk/lfk-client-node/builds?SOURCE_TAG=${DRONE_TAG}
-      bearer:
-        from_secret: BOT_DRONE_KEY
-  - name: trigger js lib build
-    image: idcooldi/drone-webhook
-    settings:
-      urls: https://ci.odit.services/api/repos/lfk/lfk-client-js/builds?SOURCE_TAG=${DRONE_TAG}
-      bearer:
-        from_secret: BOT_DRONE_KEY
-trigger:
-  event:
-  - tag

.env.example

@@ -1,9 +1,11 @@
 APP_PORT=4010
-DB_TYPE=bla
+DB_TYPE=sqlite
 DB_HOST=bla
 DB_PORT=bla
 DB_USER=bla
 DB_PASSWORD=bla
-DB_NAME=bla
+DB_NAME=./test.sqlite
 NODE_ENV=production
-POSTALCODE_COUNTRYCODE=DE
+POSTALCODE_COUNTRYCODE=DE
+SEED_TEST_DATA=false
+SELFSERVICE_URL=bla

.gitea/workflows/release.yml

@@ -0,0 +1,33 @@
+name: Build release images
+on:
+  push:
+    tags:
+      - "*.*.*"
+
+jobs:
+  build-container:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 19
+      - run: npm i -g pnpm@10.7 && pnpm i
+      - run: pnpm licenses:export
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: registry.odit.services
+          username: ${{ vars.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          tags: |
+            ${{ vars.REGISTRY }}/lfk/backend:${{ github.ref_name }}
+          platforms: linux/amd64,linux/arm64

.gitignore

@@ -135,4 +135,4 @@ build
 /docs
 lib
 /oss-attribution
-*.tmp
+*.tmp

.vscode/settings.json

@@ -9,8 +9,7 @@
     "[typescript]": {
         "editor.defaultFormatter": "vscode.typescript-language-features",
         "editor.codeActionsOnSave": {
-            "source.organizeImports": true,
-            // "source.fixAll": true
+            "source.organizeImports": "explicit"
         }
     },
     "javascript.preferences.quoteStyle": "single",

Dockerfile

@@ -1,16 +1,27 @@
 # Typescript Build
-FROM node:14.15.1-alpine3.12
+FROM registry.odit.services/hub/library/node:23.10.0-alpine3.21 AS build
+ARG NPM_REGISTRY_URL=https://registry.npmjs.org
 WORKDIR /app
+
 COPY package.json ./
-RUN npm i -g pnpm
-RUN pnpm i
+COPY pnpm-workspace.yaml ./
+COPY pnpm-lock.yaml ./
+RUN npm config set registry $NPM_REGISTRY_URL && npm i -g pnpm@10.7
+RUN mkdir /pnpm && pnpm config set store-dir /pnpm && pnpm i
+
 COPY tsconfig.json ormconfig.js ./
 COPY src ./src
-RUN pnpm run build
+RUN pnpm run build \
+    && rm -rf /app/node_modules \
+    && pnpm i --production --prefer-offline
+
 # final image
-FROM node:14.15.1-alpine3.12
-COPY package.json ormconfig.js ./
-RUN npm i -g pnpm
-RUN pnpm i --prod
-COPY --from=0 /app/dist dist
-ENTRYPOINT ["node", "dist/app.js"]
+FROM registry.odit.services/hub/library/node:23.10.0-alpine3.21 AS final
+WORKDIR /app
+COPY --from=build /app/package.json /app/package.json
+COPY --from=build /app/pnpm-lock.yaml /app/pnpm-lock.yaml
+COPY --from=build /app/pnpm-workspace.yaml /app/pnpm-workspace.yaml
+COPY --from=build /app/ormconfig.js /app/ormconfig.js
+COPY --from=build /app/dist /app/dist
+COPY --from=build /app/node_modules /app/node_modules
+ENTRYPOINT ["node", "/app/dist/app.js"]

README.md

@@ -2,62 +2,87 @@
 
 Backend Server
 
+## Quickstart 🐳
+> Use this to run the backend with a postgresql db in docker
+
+1. Clone the repo or copy the docker-compose 
+2. Run in toe folder that contains the docker-compose file: `docker-compose up -d`
+3. Visit http://127.0.0.1:4010/api/docs to check if the server is running
+4. You can now use the default admin user (`demo:demo`)
+
 ## Dev Setup 🛠
+> Local dev setup utilizing sqlite3 as the database.
 
-### Local w/ sqlite
-
-1. Create a .env file in the project root containing:
-   ```
-    APP_PORT=4010
-    DB_TYPE=sqlite
-    DB_HOST=bla
-    DB_PORT=bla
-    DB_USER=bla
-    DB_PASSWORD=bla
-    DB_NAME=./test.sqlite
-   ```
+1. Rename the .env.example file to .env (you can adjust app port and other settings, if needed)
 2. Install Dependencies
-   ```bash
-   yarn
-   ```
+```bash
+pnpm i
+```
 3. Start the server
-   ```bash
-   yarn dev
-   ```
+```bash
+pnpm dev
+```
+
+### Run Tests
+```bash
+# Run tests once (server has to run)
+pnpm test
+
+# Run test in watch mode (reruns on change)
+pnpm test:watch
+
+# Run test in ci mode (automaticly starts the dev server)
+pnpm test:ci
+```
 
 ### Generate Docs
-```
-yarn docs
-```
-
-### Docker w/ postgres 🐳
-
 ```bash
-docker-compose up --build
+pnpm docs
 ```
 
+## ENV Vars
+> You can provide them via .env file or docker env vars.
+> You can use the `test:ci:generate_env` package script to generate a example env (uses bs data as test server and ignores the errors).
+
+| Name                   | Type               | Default              | Description                                                                                                    |
+| ---------------------- | ------------------ | -------------------- | -------------------------------------------------------------------------------------------------------------- |
+| APP_PORT               | Number             | 4010                 | The port the backend server listens on. Is optional.                                                           |
+| DB_TYPE                | String             | N/A                  | The type of the db u want to use. It has to be supported by typeorm. Possible: `sqlite`, `mysql`, `postgresql` |
+| DB_HOST                | String             | N/A                  | The db's host's ip-address/fqdn or file path for sqlite                                                        |
+| DB_PORT                | String             | N/A                  | The db's port                                                                                                  |
+| DB_USER                | String             | N/A                  | The user for accessing the db                                                                                  |
+| DB_PASSWORD            | String             | N/A                  | The user's password for accessing the db                                                                       |
+| DB_NAME                | String             | N/A                  | The db's name                                                                                                  |
+| NODE_ENV               | String             | dev                  | The apps env - influences debug info. Also when the env is set to "test", mailing errors get ignored.          |
+| POSTALCODE_COUNTRYCODE | String/CountryCode | N/A                  | The countrycode used to validate address's postal codes                                                        |
+| PHONE_COUNTRYCODE      | String/CountryCode | null (international) | The countrycode used to validate phone numers                                                                  |
+| SEED_TEST_DATA         | Boolean            | False                | If you want the app to seed some example data set this to true                                                 |
+| MAILER_URL             | String(Url)        | N/A                  | The mailer's base url (no trailing slash)                                                                      |
+| MAILER_KEY             | String             | N/A                  | The mailer's api key.                                                                                          |
+| SELFSERVICE_URL        | String(Url)        | N/A                  | The link to selfservice (no trailing slash)                                                                    |
+| IMPRINT_URL            | String(Url)        | /imprint             | The link to a imprint page for the system (Defaults to the frontend's imprint)                                 |
+| PRIVACY_URL            | String(Url)        | /privacy             | The link to a privacy page for the system (Defaults to the frontend's privacy page)                            |
+
+
 ## Recommended Editor
 
 [Visual Studio Code](https://code.visualstudio.com/)
 
 ### Recommended Extensions
 
-- will be automatically recommended via ./vscode/extensions.json
+* will be automatically recommended via ./vscode/extensions.json
 
-## Branches
-- main: Protected "release" branch
-- dev: Current dev branch for merging the different features - only push for merges or minor changes!
-- feature/xyz: Feature branches - `feature/issueid-title`
-- bugfix/xyz: Branches for bugfixes - `bugfix/issueid-title` (no id for readme changes needed)
-
-
-## File Structure
-
-- src/models/entities\* - database models (typeorm entities)
-- src/models/actions\* - actions models
-- src/models/responses\* - response models
-- src/controllers/\* - routing-controllers
-- src/loaders/\* - loaders for the different init steps of the api server
-- src/middlewares/\* - express middlewares (mainly auth r/n)
-- src/errors/* - our custom (http) errors
-- src/routes/\* - express routes for everything we don't do via routing-controllers (depreciated)
+## Staging
+### Branches & Tags
+* vX.Y.Z: Release tags created from the main branch
+   * The version numbers follow the semver standard
+   * A new release tag automaticly triggers the release ci pipeline
+* main: Protected "release" branch
+   * The latest tag of the docker image get's build from this
+* dev: Current dev branch for merging the different feature branches and bugfixes
+   * New releases get created as tags from this   
+   * The dev tag of the docker image get's build from this
+   * Only push minor changes to this branch!
+   * To merge a feature branch into this please create a pull request
+* feature/xyz: Feature branches - naming scheme: `feature/issueid-title`
+* bugfix/xyz: Branches for bugfixes - naming scheme:`bugfix/issueid-title`

docker-compose.yml

@@ -1,4 +1,3 @@
-version: "3"
 services:
   backend_server:
     build: .
@@ -11,8 +10,12 @@ services:
       DB_PORT: bla
       DB_USER: bla
       DB_PASSWORD: bla
-      DB_NAME: dev.sqlite
+      DB_NAME: ./db.sqlite
       NODE_ENV: production
+      POSTALCODE_COUNTRYCODE: DE
+      SEED_TEST_DATA: "true"
+      MAILER_URL: https://dev.lauf-fuer-kaya.de/mailer
+      MAILER_KEY: asdasd
       # APP_PORT: 4010
       # DB_TYPE: postgres
       # DB_HOST: backend_db

licenses.md

@@ -1,12 +1,12 @@
-# argon2
-**Author**: Ranieri Althoff <ranisalt+argon2@gmail.com>
+# @node-rs/argon2
+**Author**: undefined
 **Repo**: [object Object]
 **License**: MIT
-**Description**: An Argon2 library for Node
+**Description**: RustCrypto: Argon2 binding for Node.js
 ## License Text
-The MIT License (MIT)
+MIT License
 
-Copyright (c) 2015 Ranieri Althoff
+Copyright (c) 2020-present LongYinan
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -25,7 +25,62 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
+ 
 
+# @odit/class-validator-jsonschema
+**Author**: Aleksi Pekkala <aleksipekkala@gmail.com>
+**Repo**: git@github.com:epiphone/class-validator-jsonschema.git
+**License**: MIT
+**Description**: Convert class-validator-decorated classes into JSON schema
+## License Text
+MIT License
+
+Copyright (c) 2017 Aleksi Pekkala
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+ 
+
+# axios
+**Author**: Matt Zabriskie
+**Repo**: [object Object]
+**License**: MIT
+**Description**: Promise based HTTP client for the browser and node.js
+## License Text
+Copyright (c) 2014-present Matt Zabriskie
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
  
 
 # body-parser
@@ -59,6 +114,35 @@ TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  
 
+# check-password-strength
+**Author**: deanilvincent
+**Repo**: [object Object]
+**License**: MIT
+**Description**: A NPM Password strength checker based from Javascript RegExp. Check passphrase if it's "Weak", "Medium" or "Strong"
+## License Text
+MIT License
+
+Copyright (c) 2020 Mark Deanil Vicente
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+ 
+
 # class-transformer
 **Author**: [object Object]
 **Repo**: [object Object]
@@ -88,22 +172,15 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE. 
 
 # class-validator
-**Author**: [object Object]
+**Author**: TypeStack contributors
 **Repo**: [object Object]
 **License**: MIT
-**Description**: Class-based validation with Typescript / ES6 / ES5 using decorators or validation schemas. Supports both node.js and browser
+**Description**: Decorator-based property validation for classes.
 ## License Text
- 
 
-# class-validator-jsonschema
-**Author**: Aleksi Pekkala <aleksipekkala@gmail.com>
-**Repo**: git@github.com:epiphone/class-validator-jsonschema.git
-**License**: MIT
-**Description**: Convert class-validator-decorated classes into JSON schema
-## License Text
-MIT License
+The MIT License
 
-Copyright (c) 2017 Aleksi Pekkala
+Copyright (c) 2015-2020 TypeStack
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -112,17 +189,16 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
 
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
- 
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE. 
 
 # consola
 **Author**: undefined
@@ -332,12 +408,60 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
  
 
+# libphonenumber-js
+**Author**: catamphetamine <purecatamphetamine@gmail.com>
+**Repo**: [object Object]
+**License**: MIT
+**Description**: A simpler (and smaller) rewrite of Google Android's libphonenumber library in javascript
+## License Text
+(The MIT License)
+
+Copyright (c) 2016 @catamphetamine <purecatamphetamine@gmail.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 
+
 # mysql
 **Author**: Felix Geisendörfer <felix@debuggable.com> (http://debuggable.com/)
 **Repo**: mysqljs/mysql
 **License**: MIT
 **Description**: A node.js driver for mysql. It is written in JavaScript, does not require compiling, and is 100% MIT licensed.
 ## License Text
+Copyright (c) 2012 Felix Geisendörfer (felix@debuggable.com) and contributors
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
  
 
 # pg
@@ -590,11 +714,80 @@ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  
 
+# @faker-js/faker
+**Author**: undefined
+**Repo**: [object Object]
+**License**: MIT
+**Description**: Generate massive amounts of fake contextual data
+## License Text
+Faker - Copyright (c) 2022
+
+This software consists of voluntary contributions made by many individuals.
+For exact contribution history, see the revision history
+available at https://github.com/faker-js/faker
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+===
+
+From: https://github.com/faker-js/faker/commit/a9f98046c7d5eeaabe12fc587024c06d683800b8
+To: https://github.com/faker-js/faker/commit/29234378807c4141588861f69421bf20b5ac635e
+
+Based on faker.js, copyright Marak Squires and contributor, what follows below is the original license.
+
+===
+
+faker.js - Copyright (c) 2020
+Marak Squires
+http://github.com/marak/faker.js/
+
+faker.js was inspired by and has used data definitions from:
+
+ * https://github.com/stympy/faker/ - Copyright (c) 2007-2010 Benjamin Curtis
+ * http://search.cpan.org/~jasonk/Data-Faker-0.07/ - Copyright 2004-2005 by Jason Kohles
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ 
+
 # @odit/license-exporter
 **Author**: ODIT.Services
 **Repo**: [object Object]
 **License**: MIT
-**Description**: A simple license crawler
+**Description**: A simple license crawler for crediting open source work
 ## License Text
 MIT License Copyright (c) 2020 ODIT.Services (info@odit.services)
 
@@ -820,13 +1013,15 @@ OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
     SOFTWARE
  
 
-# axios
-**Author**: Matt Zabriskie
+# auto-changelog
+**Author**: Pete Cook <pete@cookpete.com> (https://github.com/cookpete)
 **Repo**: [object Object]
 **License**: MIT
-**Description**: Promise based HTTP client for the browser and node.js
+**Description**: Command line tool for generating a changelog from git tags and commit history
 ## License Text
-Copyright (c) 2014-present Matt Zabriskie
+The MIT License
+
+Copyright (c) 2017 Pete Cook https://cookpete.com
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -934,6 +1129,35 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
  
 
+# release-it
+**Author**: [object Object]
+**Repo**: [object Object]
+**License**: MIT
+**Description**: Generic CLI tool to automate versioning and package publishing related tasks.
+## License Text
+MIT License
+
+Copyright (c) 2018 Lars Kappert
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+ 
+
 # rimraf
 **Author**: Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me/)
 **Repo**: git://github.com/isaacs/rimraf.git

package.json

@@ -1,103 +1,114 @@
-{
-  "name": "@odit/lfk-backend",
-  "version": "0.2.0",
-  "main": "src/app.ts",
-  "repository": "https://git.odit.services/lfk/backend",
-  "author": {
-    "name": "ODIT.Services",
-    "email": "info@odit.services",
-    "url": "https://odit.services"
-  },
-  "contributors": [
-    {
-      "name": "Philipp Dormann",
-      "email": "philipp@philippdormann.de",
-      "url": "https://philippdormann.de"
-    },
-    {
-      "name": "Nicolai Ort",
-      "email": "info@nicolai-ort.com",
-      "url": "https://nicolai-ort.com"
-    }
-  ],
-  "license": "CC-BY-NC-SA-4.0",
-  "dependencies": {
-    "@odit/class-validator-jsonschema": "2.1.1",
-    "argon2": "^0.27.1",
-    "body-parser": "^1.19.0",
-    "class-transformer": "0.3.1",
-    "class-validator": "^0.13.1",
-    "consola": "^2.15.0",
-    "cookie": "^0.4.1",
-    "cookie-parser": "^1.4.5",
-    "cors": "^2.8.5",
-    "csvtojson": "^2.0.10",
-    "dotenv": "^8.2.0",
-    "express": "^4.17.1",
-    "jsonwebtoken": "^8.5.1",
-    "libphonenumber-js": "^1.9.7",
-    "mysql": "^2.18.1",
-    "pg": "^8.5.1",
-    "reflect-metadata": "^0.1.13",
-    "routing-controllers": "^0.9.0-alpha.6",
-    "routing-controllers-openapi": "^2.2.0",
-    "sqlite3": "5.0.0",
-    "typeorm": "^0.2.29",
-    "typeorm-routing-controllers-extensions": "^0.2.0",
-    "typeorm-seeding": "^1.6.1",
-    "uuid": "^8.3.2",
-    "validator": "^13.5.2"
-  },
-  "devDependencies": {
-    "@odit/license-exporter": "^0.0.9",
-    "@types/cors": "^2.8.9",
-    "@types/csvtojson": "^1.1.5",
-    "@types/express": "^4.17.9",
-    "@types/jest": "^26.0.16",
-    "@types/jsonwebtoken": "^8.5.0",
-    "@types/node": "^14.14.20",
-    "@types/uuid": "^8.3.0",
-    "axios": "^0.21.1",
-    "cp-cli": "^2.0.0",
-    "jest": "^26.6.3",
-    "nodemon": "^2.0.7",
-    "release-it": "^14.2.2",
-    "rimraf": "^3.0.2",
-    "start-server-and-test": "^1.11.7",
-    "ts-jest": "^26.4.4",
-    "ts-node": "^9.1.1",
-    "typedoc": "^0.20.14",
-    "typescript": "^4.1.3"
-  },
-  "scripts": {
-    "dev": "nodemon src/app.ts",
-    "build": "rimraf ./dist && tsc && cp-cli ./src/static ./dist/static",
-    "docs": "typedoc --out docs src",
-    "test": "jest",
-    "test:watch": "jest --watchAll",
-    "test:ci": "start-server-and-test dev http://localhost:4010/api/docs/openapi.json test",
-    "seed": "ts-node ./node_modules/typeorm/cli.js schema:sync && ts-node ./node_modules/typeorm-seeding/dist/cli.js seed",
-    "openapi:export": "ts-node scripts/openapi_export.ts",
-    "licenses:export": "license-exporter --md",
-    "release": "release-it --only-version"
-  },
-  "release-it": {
-    "git": {
-      "commit": true,
-      "requireCleanWorkingDir": false,
-      "commitMessage": "🚀Bumped version to v${version}",
-      "requireBranch": "dev",
-      "push": false,
-      "tag": false
-    },
-    "npm": {
-      "publish": false
-    }
-  },
-  "nodemonConfig": {
-    "ignore": [
-      "src/tests/*",
-      "docs/*"
-    ]
-  }
-}
+{
+  "name": "@odit/lfk-backend",
+  "version": "1.4.2",
+  "main": "src/app.ts",
+  "repository": "https://git.odit.services/lfk/backend",
+  "author": {
+    "name": "ODIT.Services",
+    "email": "info@odit.services",
+    "url": "https://odit.services"
+  },
+  "contributors": [
+    {
+      "name": "Philipp Dormann",
+      "email": "philipp@philippdormann.de",
+      "url": "https://philippdormann.de"
+    },
+    {
+      "name": "Nicolai Ort",
+      "email": "info@nicolai-ort.com",
+      "url": "https://nicolai-ort.com"
+    }
+  ],
+  "license": "CC-BY-NC-SA-4.0",
+  "dependencies": {
+    "@node-rs/argon2": "^2.0.2",
+    "@odit/class-validator-jsonschema": "2.1.1",
+    "axios": "0.21.1",
+    "body-parser": "1.19.0",
+    "check-password-strength": "2.0.2",
+    "class-transformer": "0.3.1",
+    "class-validator": "0.13.0",
+    "consola": "2.15.0",
+    "cookie": "0.4.1",
+    "cookie-parser": "1.4.5",
+    "cors": "2.8.5",
+    "csvtojson": "2.0.10",
+    "dotenv": "8.2.0",
+    "express": "4.17.1",
+    "jsonwebtoken": "8.5.1",
+    "libphonenumber-js": "1.9.9",
+    "mysql": "2.18.1",
+    "pg": "8.5.1",
+    "reflect-metadata": "0.1.13",
+    "routing-controllers": "0.9.0-alpha.6",
+    "routing-controllers-openapi": "2.2.0",
+    "sqlite3": "5.1.7",
+    "typeorm": "0.2.30",
+    "typeorm-routing-controllers-extensions": "0.2.0",
+    "typeorm-seeding": "1.6.1",
+    "uuid": "8.3.2",
+    "validator": "13.5.2"
+  },
+  "devDependencies": {
+    "@faker-js/faker": "7.6.0",
+    "@odit/license-exporter": "0.0.9",
+    "@types/cors": "2.8.9",
+    "@types/csvtojson": "1.1.5",
+    "@types/express": "4.17.11",
+    "@types/jest": "26.0.20",
+    "@types/jsonwebtoken": "8.5.0",
+    "@types/node": "14.14.22",
+    "@types/uuid": "8.3.0",
+    "auto-changelog": "2.4.0",
+    "cp-cli": "2.0.0",
+    "jest": "26.6.3",
+    "nodemon": "2.0.7",
+    "release-it": "14.2.2",
+    "rimraf": "3.0.2",
+    "start-server-and-test": "1.11.7",
+    "ts-jest": "26.5.0",
+    "ts-node": "9.1.1",
+    "typedoc": "0.20.19",
+    "typescript": "4.1.3"
+  },
+  "scripts": {
+    "dev": "nodemon src/app.ts",
+    "build": "rimraf ./dist && tsc && cp-cli ./src/static ./dist/static",
+    "docs": "typedoc --out docs src",
+    "test": "jest",
+    "test:watch": "jest --watchAll",
+    "test:ci:generate_env": "ts-node scripts/create_testenv.ts",
+    "test:ci:run": "start-server-and-test dev http://localhost:4010/api/docs/openapi.json test",
+    "test:ci": "npm run test:ci:generate_env && npm run test:ci:run",
+    "seed": "ts-node ./node_modules/typeorm/cli.js schema:sync && ts-node ./node_modules/typeorm-seeding/dist/cli.js seed",
+    "openapi:export": "ts-node scripts/openapi_export.ts",
+    "licenses:export": "license-exporter --markdown",
+    "changelog:export": "auto-changelog --commit-limit false -p -u --hide-credit",
+    "release": "release-it --only-version"
+  },
+  "release-it": {
+    "git": {
+      "commit": true,
+      "requireCleanWorkingDir": false,
+      "commitMessage": "chore(release): ${version}",
+      "requireBranch": "dev",
+      "push": true,
+      "tag": true,
+      "tagName": "${version}",
+      "tagAnnotation": "${version}"
+    },
+    "npm": {
+      "publish": false
+    },
+    "hooks": {
+      "after:bump": "npm run changelog:export && npm run licenses:export && git add CHANGELOG.md && git add licenses.md"
+    }
+  },
+  "nodemonConfig": {
+    "ignore": [
+      "src/tests/*",
+      "docs/*"
+    ]
+  }
+}

pnpm-workspace.yaml

@@ -0,0 +1,2 @@
+onlyBuiltDependencies:
+  - sqlite3

scripts/create_testenv.ts

@@ -0,0 +1,24 @@
+import consola from "consola";
+import fs from "fs";
+
+
+const env = `
+APP_PORT=4010
+DB_TYPE=sqlite
+DB_HOST=bla
+DB_PORT=bla
+DB_USER=bla
+DB_PASSWORD=bla
+DB_NAME=./test.sqlite
+NODE_ENV=test
+POSTALCODE_COUNTRYCODE=DE
+SEED_TEST_DATA=true
+MAILER_URL=https://dev.lauf-fuer-kaya.de/mailer
+MAILER_KEY=asdasd`;
+
+try {
+    fs.writeFileSync("./.env", env, { encoding: "utf-8" });
+    consola.success("Exported ci env to .env");
+} catch (error) {
+    consola.error("Couldn't export the ci env");
+}

src/apispec.ts

@@ -42,7 +42,7 @@ export function generateSpec(storage: MetadataArgsStorage, schemas) {
                 }
             },
             info: {
-                description: "The the backend API for the LfK! runner system.",
+                description: `The the backend API for the LfK! runner system. <br>[Imprint](${config.imprint_url}) & [Privacy](${config.privacy_url})`,
                 title: "LfK! Backend API",
                 version: config.version
             },

src/app.ts

@@ -20,6 +20,9 @@ const app = createExpressServer({
 
 async function main() {
   await loaders(app);
+  if (config.testing) {
+    consola.info("🛠[config]: Discovered testing env. Mailing errors will get ignored!")
+  }
   app.listen(config.internal_port, () => {
     consola.success(
       `⚡️[server]: Server is running at http://localhost:${config.internal_port}`

src/config.ts

@@ -1,3 +1,4 @@
+import consola from 'consola';
 import { config as configDotenv } from 'dotenv';
 import { CountryCode } from 'libphonenumber-js';
 import ValidatorJS from 'validator';
@@ -6,18 +7,31 @@ configDotenv();
 export const config = {
     internal_port: parseInt(process.env.APP_PORT) || 4010,
     development: process.env.NODE_ENV === "production",
+    testing: process.env.NODE_ENV === "test",
     jwt_secret: process.env.JWT_SECRET || "secretjwtsecret",
     phone_validation_countrycode: getPhoneCodeLocale(),
     postalcode_validation_countrycode: getPostalCodeLocale(),
-    version: process.env.VERSION || require('../package.json').version
+    version: process.env.VERSION || require('../package.json').version,
+    seedTestData: getDataSeeding(),
+    app_url: process.env.APP_URL || "http://localhost:8080",
+    privacy_url: process.env.PRIVACY_URL || "/privacy",
+    imprint_url: process.env.IMPRINT_URL || "/imprint",
+    mailer_url: process.env.MAILER_URL || "",
+    mailer_key: process.env.MAILER_KEY || ""
 }
 let errors = 0
 if (typeof config.internal_port !== "number") {
+    consola.error("Error: APP_PORT is not a number")
     errors++
 }
 if (typeof config.development !== "boolean") {
+    consola.error("Error: NODE_ENV is not a boolean")
     errors++
 }
+if (config.mailer_url == "" || config.mailer_key == "") {
+    consola.error("Error: invalid mailer config")
+    errors++;
+}
 function getPhoneCodeLocale(): CountryCode {
     return (process.env.PHONE_COUNTRYCODE as CountryCode);
 }
@@ -30,4 +44,11 @@ function getPostalCodeLocale(): any {
         return null;
     }
 }
+function getDataSeeding(): Boolean {
+    try {
+        return JSON.parse(process.env.SEED_TEST_DATA);
+    } catch (error) {
+        return false;
+    }
+}
 export let e = errors

src/controllers/AuthController.ts

@@ -1,103 +1,106 @@
-import { Body, CookieParam, JsonController, Param, Post, Req, Res } from 'routing-controllers';
-import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { IllegalJWTError, InvalidCredentialsError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UsernameOrEmailNeededError } from '../errors/AuthError';
-import { UserNotFoundError } from '../errors/UserErrors';
-import { CreateAuth } from '../models/actions/create/CreateAuth';
-import { CreateResetToken } from '../models/actions/create/CreateResetToken';
-import { HandleLogout } from '../models/actions/HandleLogout';
-import { RefreshAuth } from '../models/actions/RefreshAuth';
-import { ResetPassword } from '../models/actions/ResetPassword';
-import { ResponseAuth } from '../models/responses/ResponseAuth';
-import { Logout } from '../models/responses/ResponseLogout';
-
-@JsonController('/auth')
-export class AuthController {
-	constructor() {
-	}
-
-	@Post("/login")
-	@ResponseSchema(ResponseAuth)
-	@ResponseSchema(InvalidCredentialsError)
-	@ResponseSchema(UserNotFoundError)
-	@ResponseSchema(UsernameOrEmailNeededError)
-	@ResponseSchema(PasswordNeededError)
-	@ResponseSchema(InvalidCredentialsError)
-	@OpenAPI({ description: 'Login with your username/email and password. <br> You will receive: \n * access token (use it as a bearer token) \n * refresh token (will also be sent as a cookie)' })
-	async login(@Body({ validate: true }) createAuth: CreateAuth, @Res() response: any) {
-		let auth;
-		try {
-			auth = await createAuth.toAuth();
-			response.cookie('lfk_backend__refresh_token', auth.refresh_token, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
-			response.cookie('lfk_backend__refresh_token_expires_at', auth.refresh_token_expires_at, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
-			return response.send(auth)
-		} catch (error) {
-			throw error;
-		}
-	}
-
-	@Post("/logout")
-	@ResponseSchema(Logout)
-	@ResponseSchema(InvalidCredentialsError)
-	@ResponseSchema(UserNotFoundError)
-	@ResponseSchema(UsernameOrEmailNeededError)
-	@ResponseSchema(PasswordNeededError)
-	@ResponseSchema(InvalidCredentialsError)
-	@OpenAPI({ description: 'Logout using your refresh token. <br> This instantly invalidates all your access and refresh tokens.', security: [{ "RefreshTokenCookie": [] }] })
-	async logout(@Body({ validate: true }) handleLogout: HandleLogout, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any) {
-		if (refresh_token && refresh_token.length != 0 && handleLogout.token == undefined) {
-			handleLogout.token = refresh_token;
-		}
-
-		let logout;
-		try {
-			logout = await handleLogout.logout()
-			await response.cookie('lfk_backend__refresh_token', "expired", { expires: new Date(Date.now()), httpOnly: true });
-			response.cookie('lfk_backend__refresh_token_expires_at', "expired", { expires: new Date(Date.now()), httpOnly: true });
-		} catch (error) {
-			throw error;
-		}
-		return response.send(logout)
-	}
-
-	@Post("/refresh")
-	@ResponseSchema(ResponseAuth)
-	@ResponseSchema(JwtNotProvidedError)
-	@ResponseSchema(IllegalJWTError)
-	@ResponseSchema(UserNotFoundError)
-	@ResponseSchema(RefreshTokenCountInvalidError)
-	@OpenAPI({ description: 'Refresh your access and refresh tokens using a valid refresh token. <br> You will receive: \n * access token (use it as a bearer token) \n * refresh token (will also be sent as a cookie)', security: [{ "RefreshTokenCookie": [] }] })
-	async refresh(@Body({ validate: true }) refreshAuth: RefreshAuth, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any, @Req() req: any) {
-		if (refresh_token && refresh_token.length != 0 && refreshAuth.token == undefined) {
-			refreshAuth.token = refresh_token;
-		}
-		let auth;
-		try {
-			auth = await refreshAuth.toAuth();
-			response.cookie('lfk_backend__refresh_token', auth.refresh_token, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
-			response.cookie('lfk_backend__refresh_token_expires_at', auth.refresh_token_expires_at, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
-		} catch (error) {
-			throw error;
-		}
-		return response.send(auth)
-	}
-
-	@Post("/reset")
-	@ResponseSchema(ResponseAuth)
-	@ResponseSchema(UserNotFoundError)
-	@ResponseSchema(UsernameOrEmailNeededError)
-	@OpenAPI({ description: "Request a password reset token. <br> This will provide you with a reset token that you can use by posting to /api/auth/reset/{token}." })
-	async getResetToken(@Body({ validate: true }) passwordReset: CreateResetToken) {
-		//This really shouldn't just get returned, but sent via mail or sth like that. But for dev only this is fine.
-		return { "resetToken": await passwordReset.toResetToken() };
-	}
-
-	@Post("/reset/:token")
-	@ResponseSchema(ResponseAuth)
-	@ResponseSchema(UserNotFoundError)
-	@ResponseSchema(UsernameOrEmailNeededError)
-	@OpenAPI({ description: "Reset a user's utilising a valid password reset token. <br> This will set the user's password to the one you provided in the body. <br> To get a reset token post to /api/auth/reset with your username." })
-	async resetPassword(@Param("token") token: string, @Body({ validate: true }) passwordReset: ResetPassword) {
-		passwordReset.resetToken = token;
-		return await passwordReset.resetPassword();
-	}
-}
+import { Body, CookieParam, JsonController, Param, Post, QueryParam, Req, Res } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { IllegalJWTError, InvalidCredentialsError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UsernameOrEmailNeededError } from '../errors/AuthError';
+import { MailSendingError } from '../errors/MailErrors';
+import { UserNotFoundError } from '../errors/UserErrors';
+import { Mailer } from '../mailer';
+import { CreateAuth } from '../models/actions/create/CreateAuth';
+import { CreateResetToken } from '../models/actions/create/CreateResetToken';
+import { HandleLogout } from '../models/actions/HandleLogout';
+import { RefreshAuth } from '../models/actions/RefreshAuth';
+import { ResetPassword } from '../models/actions/ResetPassword';
+import { ResponseAuth } from '../models/responses/ResponseAuth';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { Logout } from '../models/responses/ResponseLogout';
+
+@JsonController('/auth')
+export class AuthController {
+
+	@Post("/login")
+	@ResponseSchema(ResponseAuth)
+	@ResponseSchema(InvalidCredentialsError)
+	@ResponseSchema(UserNotFoundError)
+	@ResponseSchema(UsernameOrEmailNeededError)
+	@ResponseSchema(PasswordNeededError)
+	@ResponseSchema(InvalidCredentialsError)
+	@OpenAPI({ description: 'Login with your username/email and password. <br> You will receive: \n * access token (use it as a bearer token) \n * refresh token (will also be sent as a cookie)' })
+	async login(@Body({ validate: true }) createAuth: CreateAuth, @Res() response: any) {
+		let auth;
+		try {
+			auth = await createAuth.toAuth();
+			response.cookie('lfk_backend__refresh_token', auth.refresh_token, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
+			response.cookie('lfk_backend__refresh_token_expires_at', auth.refresh_token_expires_at, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
+			return response.send(auth)
+		} catch (error) {
+			throw error;
+		}
+	}
+
+	@Post("/logout")
+	@ResponseSchema(Logout)
+	@ResponseSchema(InvalidCredentialsError)
+	@ResponseSchema(UserNotFoundError)
+	@ResponseSchema(UsernameOrEmailNeededError)
+	@ResponseSchema(PasswordNeededError)
+	@ResponseSchema(InvalidCredentialsError)
+	@OpenAPI({ description: 'Logout using your refresh token. <br> This instantly invalidates all your access and refresh tokens.', security: [{ "RefreshTokenCookie": [] }] })
+	async logout(@Body({ validate: true }) handleLogout: HandleLogout, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any) {
+		if (refresh_token && refresh_token.length != 0 && handleLogout.token == undefined) {
+			handleLogout.token = refresh_token;
+		}
+
+		let logout;
+		try {
+			logout = await handleLogout.logout()
+			await response.cookie('lfk_backend__refresh_token', "expired", { expires: new Date(Date.now()), httpOnly: true });
+			response.cookie('lfk_backend__refresh_token_expires_at', "expired", { expires: new Date(Date.now()), httpOnly: true });
+		} catch (error) {
+			throw error;
+		}
+		return response.send(logout)
+	}
+
+	@Post("/refresh")
+	@ResponseSchema(ResponseAuth)
+	@ResponseSchema(JwtNotProvidedError)
+	@ResponseSchema(IllegalJWTError)
+	@ResponseSchema(UserNotFoundError)
+	@ResponseSchema(RefreshTokenCountInvalidError)
+	@OpenAPI({ description: 'Refresh your access and refresh tokens using a valid refresh token. <br> You will receive: \n * access token (use it as a bearer token) \n * refresh token (will also be sent as a cookie)', security: [{ "RefreshTokenCookie": [] }] })
+	async refresh(@Body({ validate: true }) refreshAuth: RefreshAuth, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any, @Req() req: any) {
+		if (refresh_token && refresh_token.length != 0 && refreshAuth.token == undefined) {
+			refreshAuth.token = refresh_token;
+		}
+		let auth;
+		try {
+			auth = await refreshAuth.toAuth();
+			response.cookie('lfk_backend__refresh_token', auth.refresh_token, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
+			response.cookie('lfk_backend__refresh_token_expires_at', auth.refresh_token_expires_at, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
+		} catch (error) {
+			throw error;
+		}
+		return response.send(auth)
+	}
+
+	@Post("/reset")
+	@ResponseSchema(ResponseEmpty, { statusCode: 200 })
+	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
+	@ResponseSchema(UsernameOrEmailNeededError, { statusCode: 406 })
+	@ResponseSchema(MailSendingError, { statusCode: 500 })
+	@OpenAPI({ description: "Request a password reset token. <br> This will provide you with a reset token that you can use by posting to /api/auth/reset/{token}." })
+	async getResetToken(@Body({ validate: true }) passwordReset: CreateResetToken, @QueryParam("locale") locale: string = "en") {
+		const reset_token: string = await passwordReset.toResetToken();
+		await Mailer.sendResetMail(passwordReset.email, reset_token, locale);
+		return new ResponseEmpty();
+	}
+
+	@Post("/reset/:token")
+	@ResponseSchema(ResponseAuth)
+	@ResponseSchema(UserNotFoundError)
+	@ResponseSchema(UsernameOrEmailNeededError)
+	@OpenAPI({ description: "Reset a user's utilising a valid password reset token. <br> This will set the user's password to the one you provided in the body. <br> To get a reset token post to /api/auth/reset with your username." })
+	async resetPassword(@Param("token") token: string, @Body({ validate: true }) passwordReset: ResetPassword) {
+		passwordReset.resetToken = token;
+		return await passwordReset.resetPassword();
+	}
+}

src/controllers/DonationController.ts

@@ -1,9 +1,10 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnectionManager } from 'typeorm';
 import { DonationIdsNotMatchingError, DonationNotFoundError } from '../errors/DonationErrors';
 import { DonorNotFoundError } from '../errors/DonorErrors';
 import { RunnerNotFoundError } from '../errors/RunnerErrors';
+import { CreateAnonymousDonation } from '../models/actions/create/CreateAnonymousDonation';
 import { CreateDistanceDonation } from '../models/actions/create/CreateDistanceDonation';
 import { CreateFixedDonation } from '../models/actions/create/CreateFixedDonation';
 import { UpdateDistanceDonation } from '../models/actions/update/UpdateDistanceDonation';
@@ -11,6 +12,7 @@ import { UpdateFixedDonation } from '../models/actions/update/UpdateFixedDonatio
 import { DistanceDonation } from '../models/entities/DistanceDonation';
 import { Donation } from '../models/entities/Donation';
 import { FixedDonation } from '../models/entities/FixedDonation';
+import { ResponseAnonymousDonation } from '../models/responses/ResponseAnonymousDonation';
 import { ResponseDistanceDonation } from '../models/responses/ResponseDistanceDonation';
 import { ResponseDonation } from '../models/responses/ResponseDonation';
 import { ResponseEmpty } from '../models/responses/ResponseEmpty';
@@ -35,10 +37,18 @@ export class DonationController {
 	@Authorized("DONATION:GET")
 	@ResponseSchema(ResponseDonation, { isArray: true })
 	@ResponseSchema(ResponseDistanceDonation, { isArray: true })
+	@ResponseSchema(ResponseAnonymousDonation, { isArray: true })
 	@OpenAPI({ description: 'Lists all donations (fixed or distance based) from all donors. <br> This includes the donations\'s runner\'s distance ran(if distance donation).' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
 		let responseDonations: ResponseDonation[] = new Array<ResponseDonation>();
-		const donations = await this.donationRepository.find({ relations: ['runner', 'donor', 'runner.scans', 'runner.scans.track'] });
+		let donations: Array<Donation>;
+
+		if (page != undefined) {
+			donations = await this.donationRepository.find({ relations: ['runner', 'donor', 'runner.scans', 'runner.scans.track'], skip: page * page_size, take: page_size });
+		} else {
+			donations = await this.donationRepository.find({ relations: ['runner', 'donor', 'runner.scans', 'runner.scans.track'] });
+		}
+
 		donations.forEach(donation => {
 			responseDonations.push(donation.toResponse());
 		});
@@ -49,6 +59,7 @@ export class DonationController {
 	@Authorized("DONATION:GET")
 	@ResponseSchema(ResponseDonation)
 	@ResponseSchema(ResponseDistanceDonation)
+	@ResponseSchema(ResponseAnonymousDonation)
 	@ResponseSchema(DonationNotFoundError, { statusCode: 404 })
 	@OnUndefined(DonationNotFoundError)
 	@OpenAPI({ description: 'Lists all information about the donation whose id got provided. This includes the donation\'s runner\'s distance ran (if distance donation).' })
@@ -69,6 +80,17 @@ export class DonationController {
 		return (await this.donationRepository.findOne({ id: donation.id }, { relations: ['donor'] })).toResponse();
 	}
 
+	@Post('/anonymous')
+	@Authorized("DONATION:CREATE")
+	@ResponseSchema(ResponseDonation)
+	@ResponseSchema(DonorNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: 'Create a anonymous donation' })
+	async postAnonymous(@Body({ validate: true }) createDonation: CreateAnonymousDonation) {
+		let donation = await createDonation.toEntity();
+		donation = await this.fixedDonationRepository.save(donation);
+		return (await this.donationRepository.findOne({ id: donation.id })).toResponse();
+	}
+
 	@Post('/distance')
 	@Authorized("DONATION:CREATE")
 	@ResponseSchema(ResponseDistanceDonation)
@@ -78,7 +100,7 @@ export class DonationController {
 	async postDistance(@Body({ validate: true }) createDonation: CreateDistanceDonation) {
 		let donation = await createDonation.toEntity();
 		donation = await this.distanceDonationRepository.save(donation);
-		return (await this.donationRepository.findOne({ id: donation.id }, { relations: ['runner', 'donor', 'runner.scans', 'runner.scans.track'] })).toResponse();
+		return (await this.distanceDonationRepository.findOne({ id: donation.id }, { relations: ['runner', 'donor', 'runner.scans', 'runner.scans.track'] })).toResponse();
 	}
 
 	@Put('/fixed/:id')
@@ -124,7 +146,7 @@ export class DonationController {
 		}
 
 		await this.distanceDonationRepository.save(await donation.update(oldDonation));
-		return (await this.donationRepository.findOne({ id: donation.id }, { relations: ['runner', 'donor', 'runner.scans', 'runner.scans.track'] })).toResponse();
+		return (await this.distanceDonationRepository.findOne({ id: donation.id }, { relations: ['runner', 'donor', 'runner.scans', 'runner.scans.track'] })).toResponse();
 	}
 
 	@Delete('/:id')

src/controllers/DonorController.ts

@@ -1,6 +1,6 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnectionManager } from 'typeorm';
 import { DonorHasDonationsError, DonorIdsNotMatchingError, DonorNotFoundError } from '../errors/DonorErrors';
 import { CreateDonor } from '../models/actions/create/CreateDonor';
 import { UpdateDonor } from '../models/actions/update/UpdateDonor';
@@ -25,9 +25,16 @@ export class DonorController {
 	@Authorized("DONOR:GET")
 	@ResponseSchema(ResponseDonor, { isArray: true })
 	@OpenAPI({ description: 'Lists all donor. <br> This includes the donor\'s current donation amount.' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
 		let responseDonors: ResponseDonor[] = new Array<ResponseDonor>();
-		const donors = await this.donorRepository.find({ relations: ['donations', 'donations.runner', 'donations.runner.scans', 'donations.runner.scans.track'] });
+		let donors: Array<Donor>;
+
+		if (page != undefined) {
+			donors = await this.donorRepository.find({ relations: ['donations', 'donations.runner', 'donations.runner.scans', 'donations.runner.scans.track'], skip: page * page_size, take: page_size });
+		} else {
+			donors = await this.donorRepository.find({ relations: ['donations', 'donations.runner', 'donations.runner.scans', 'donations.runner.scans.track'] });
+		}
+
 		donors.forEach(donor => {
 			responseDonors.push(new ResponseDonor(donor));
 		});

src/controllers/GroupContactController.ts

@@ -1,6 +1,6 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnection, getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnection, getConnectionManager } from 'typeorm';
 import { GroupContactIdsNotMatchingError, GroupContactNotFoundError } from '../errors/GroupContactErrors';
 import { RunnerGroupNotFoundError } from '../errors/RunnerGroupErrors';
 import { CreateGroupContact } from '../models/actions/create/CreateGroupContact';
@@ -26,9 +26,16 @@ export class GroupContactController {
 	@Authorized("CONTACT:GET")
 	@ResponseSchema(ResponseGroupContact, { isArray: true })
 	@OpenAPI({ description: 'Lists all contacts. <br> This includes the contact\'s associated groups.' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
 		let responseContacts: ResponseGroupContact[] = new Array<ResponseGroupContact>();
-		const contacts = await this.contactRepository.find({ relations: ['groups'] });
+		let contacts: Array<GroupContact>;
+
+		if (page != undefined) {
+			contacts = await this.contactRepository.find({ relations: ['groups', 'groups.parentGroup'], skip: page * page_size, take: page_size });
+		} else {
+			contacts = await this.contactRepository.find({ relations: ['groups', 'groups.parentGroup'] });
+		}
+
 		contacts.forEach(contact => {
 			responseContacts.push(contact.toResponse());
 		});
@@ -42,7 +49,7 @@ export class GroupContactController {
 	@OnUndefined(GroupContactNotFoundError)
 	@OpenAPI({ description: 'Lists all information about the contact whose id got provided. <br> This includes the contact\'s associated groups.' })
 	async getOne(@Param('id') id: number) {
-		let contact = await this.contactRepository.findOne({ id: id }, { relations: ['groups'] })
+		let contact = await this.contactRepository.findOne({ id: id }, { relations: ['groups', 'groups.parentGroup'] })
 		if (!contact) { throw new GroupContactNotFoundError(); }
 		return contact.toResponse();
 	}
@@ -61,7 +68,7 @@ export class GroupContactController {
 		}
 
 		contact = await this.contactRepository.save(contact)
-		return (await this.contactRepository.findOne({ id: contact.id }, { relations: ['groups'] })).toResponse();
+		return (await this.contactRepository.findOne({ id: contact.id }, { relations: ['groups', 'groups.parentGroup'] })).toResponse();
 	}
 
 	@Put('/:id')
@@ -83,7 +90,7 @@ export class GroupContactController {
 		}
 
 		await this.contactRepository.save(await contact.update(oldContact));
-		return (await this.contactRepository.findOne({ id: contact.id }, { relations: ['groups'] })).toResponse();
+		return (await this.contactRepository.findOne({ id: contact.id }, { relations: ['groups', 'groups.parentGroup'] })).toResponse();
 	}
 
 	@Delete('/:id')
@@ -95,7 +102,7 @@ export class GroupContactController {
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let contact = await this.contactRepository.findOne({ id: id });
 		if (!contact) { return null; }
-		const responseContact = await this.contactRepository.findOne(contact, { relations: ['groups'] });
+		const responseContact = await this.contactRepository.findOne(contact, { relations: ['groups', 'groups.parentGroup'] });
 		for (let group of responseContact.groups) {
 			group.contact = null;
 			await getConnection().getRepository(RunnerGroup).save(group);

src/controllers/ImportController.ts

@@ -36,7 +36,7 @@ export class ImportController {
         return responseRunners;
     }
 
-    @Post('/organisations/:id/import')
+    @Post('/organizations/:id/import')
     @ContentType("application/json")
     @ResponseSchema(ResponseRunner, { isArray: true, statusCode: 200 })
     @ResponseSchema(RunnerGroupNotFoundError, { statusCode: 404 })
@@ -78,7 +78,7 @@ export class ImportController {
         return await this.postJSON(importRunners, groupID);
     }
 
-    @Post('/organisations/:id/import/csv')
+    @Post('/organizations/:id/import/csv')
     @ContentType("application/json")
     @UseBefore(RawBodyMiddleware)
     @ResponseSchema(ResponseRunner, { isArray: true, statusCode: 200 })

src/controllers/MeController.ts

@@ -1,7 +1,7 @@
 import { Body, CurrentUser, Delete, Get, JsonController, OnUndefined, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
-import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
 import { UpdateUser } from '../models/actions/update/UpdateUser';
 import { User } from '../models/entities/User';
 import { ResponseUser } from '../models/responses/ResponseUser';
@@ -32,7 +32,7 @@ export class MeController {
 		return new ResponseUser(user);
 	}
 
-	@Get('/')
+	@Get('/permissions')
 	@ResponseSchema(ResponseUserPermissions)
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@OnUndefined(UserNotFoundError)
@@ -48,6 +48,10 @@ export class MeController {
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
 	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
+	@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
 	@OpenAPI({ description: "Update the yourself. <br> You can't edit your own permissions or group memberships here - Please use the /api/users/:id enpoint instead. <br> Please remember that ids can't be changed." })
 	async put(@CurrentUser() currentUser: User, @Body({ validate: true }) updateUser: UpdateUser) {
 		let oldUser = await this.userRepository.findOne({ id: currentUser.id }, { relations: ['groups'] });

src/controllers/PermissionController.ts

@@ -1,6 +1,6 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnectionManager } from 'typeorm';
 import { PermissionIdsNotMatchingError, PermissionNeedsPrincipalError, PermissionNotFoundError } from '../errors/PermissionErrors';
 import { PrincipalNotFoundError } from '../errors/PrincipalErrors';
 import { CreatePermission } from '../models/actions/create/CreatePermission';
@@ -27,9 +27,16 @@ export class PermissionController {
     @Authorized("PERMISSION:GET")
     @ResponseSchema(ResponsePermission, { isArray: true })
     @OpenAPI({ description: 'Lists all permissions for all users and groups.' })
-    async getAll() {
+    async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
         let responsePermissions: ResponsePermission[] = new Array<ResponsePermission>();
-        const permissions = await this.permissionRepository.find({ relations: ['principal'] });
+        let permissions: Array<Permission>;
+
+        if (page != undefined) {
+            permissions = await this.permissionRepository.find({ relations: ['principal'], skip: page * page_size, take: page_size });
+        } else {
+            permissions = await this.permissionRepository.find({ relations: ['principal'] });
+        }
+
         permissions.forEach(permission => {
             responsePermissions.push(new ResponsePermission(permission));
         });

src/controllers/RunnerCardController.ts

@@ -1,106 +1,161 @@
-import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
-import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
-import { RunnerCardHasScansError, RunnerCardIdsNotMatchingError, RunnerCardNotFoundError } from '../errors/RunnerCardErrors';
-import { RunnerNotFoundError } from '../errors/RunnerErrors';
-import { CreateRunnerCard } from '../models/actions/create/CreateRunnerCard';
-import { UpdateRunnerCard } from '../models/actions/update/UpdateRunnerCard';
-import { RunnerCard } from '../models/entities/RunnerCard';
-import { ResponseEmpty } from '../models/responses/ResponseEmpty';
-import { ResponseRunnerCard } from '../models/responses/ResponseRunnerCard';
-import { ScanController } from './ScanController';
-
-@JsonController('/cards')
-@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
-export class RunnerCardController {
-	private cardRepository: Repository<RunnerCard>;
-
-	/**
-	 * Gets the repository of this controller's model/entity.
-	 */
-	constructor() {
-		this.cardRepository = getConnectionManager().get().getRepository(RunnerCard);
-	}
-
-	@Get()
-	@Authorized("CARD:GET")
-	@ResponseSchema(ResponseRunnerCard, { isArray: true })
-	@OpenAPI({ description: 'Lists all card.' })
-	async getAll() {
-		let responseCards: ResponseRunnerCard[] = new Array<ResponseRunnerCard>();
-		const cards = await this.cardRepository.find({ relations: ['runner'] });
-		cards.forEach(card => {
-			responseCards.push(new ResponseRunnerCard(card));
-		});
-		return responseCards;
-	}
-
-	@Get('/:id')
-	@Authorized("CARD:GET")
-	@ResponseSchema(ResponseRunnerCard)
-	@ResponseSchema(RunnerCardNotFoundError, { statusCode: 404 })
-	@OnUndefined(RunnerCardNotFoundError)
-	@OpenAPI({ description: "Lists all information about the card whose id got provided." })
-	async getOne(@Param('id') id: number) {
-		let card = await this.cardRepository.findOne({ id: id }, { relations: ['runner'] });
-		if (!card) { throw new RunnerCardNotFoundError(); }
-		return card.toResponse();
-	}
-
-	@Post()
-	@Authorized("CARD:CREATE")
-	@ResponseSchema(ResponseRunnerCard)
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@OpenAPI({ description: "Create a new card. <br> You can provide a associated runner by id but you don't have to." })
-	async post(@Body({ validate: true }) createCard: CreateRunnerCard) {
-		let card = await createCard.toEntity();
-		card = await this.cardRepository.save(card);
-		return (await this.cardRepository.findOne({ id: card.id }, { relations: ['runner'] })).toResponse();
-	}
-
-	@Put('/:id')
-	@Authorized("CARD:UPDATE")
-	@ResponseSchema(ResponseRunnerCard)
-	@ResponseSchema(RunnerCardNotFoundError, { statusCode: 404 })
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@ResponseSchema(RunnerCardIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update the card whose id you provided. <br> Scans created via this card will still be associated with the old runner. <br> Please remember that ids can't be changed." })
-	async put(@Param('id') id: number, @Body({ validate: true }) card: UpdateRunnerCard) {
-		let oldCard = await this.cardRepository.findOne({ id: id });
-
-		if (!oldCard) {
-			throw new RunnerCardNotFoundError();
-		}
-
-		if (oldCard.id != card.id) {
-			throw new RunnerCardIdsNotMatchingError();
-		}
-
-		await this.cardRepository.save(await card.update(oldCard));
-		return (await this.cardRepository.findOne({ id: id }, { relations: ['runner'] })).toResponse();
-	}
-
-	@Delete('/:id')
-	@Authorized("CARD:DELETE")
-	@ResponseSchema(ResponseRunnerCard)
-	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
-	@ResponseSchema(RunnerCardHasScansError, { statusCode: 406 })
-	@OnUndefined(204)
-	@OpenAPI({ description: "Delete the card whose id you provided. <br> If no card with this id exists it will just return 204(no content). <br> If the card still has scans associated you have to provide the force=true query param (warning: this deletes all scans associated with by this card - please disable it instead or just remove the runner association)." })
-	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
-		let card = await this.cardRepository.findOne({ id: id });
-		if (!card) { return null; }
-
-		const cardScans = (await this.cardRepository.findOne({ id: id }, { relations: ["scans"] })).scans;
-		if (cardScans.length != 0 && !force) {
-			throw new RunnerCardHasScansError();
-		}
-		const scanController = new ScanController;
-		for (let scan of cardScans) {
-			await scanController.remove(scan.id, force);
-		}
-
-		await this.cardRepository.delete(card);
-		return card.toResponse();
-	}
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { Repository, getConnectionManager } from 'typeorm';
+import { RunnerCardHasScansError, RunnerCardIdsNotMatchingError, RunnerCardNotFoundError } from '../errors/RunnerCardErrors';
+import { RunnerNotFoundError } from '../errors/RunnerErrors';
+import { CreateRunnerCard } from '../models/actions/create/CreateRunnerCard';
+import { UpdateRunnerCard } from '../models/actions/update/UpdateRunnerCard';
+import { UpdateRunnerCardByCode } from '../models/actions/update/UpdateRunnerCardByCode';
+import { RunnerCard } from '../models/entities/RunnerCard';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseRunnerCard } from '../models/responses/ResponseRunnerCard';
+import { ScanController } from './ScanController';
+
+@JsonController('/cards')
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+export class RunnerCardController {
+	private cardRepository: Repository<RunnerCard>;
+
+	/**
+	 * Gets the repository of this controller's model/entity.
+	 */
+	constructor() {
+		this.cardRepository = getConnectionManager().get().getRepository(RunnerCard);
+	}
+
+	@Get()
+	@Authorized("CARD:GET")
+	@ResponseSchema(ResponseRunnerCard, { isArray: true })
+	@OpenAPI({ description: 'Lists all card.' })
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
+		let responseCards: ResponseRunnerCard[] = new Array<ResponseRunnerCard>();
+		let cards: Array<RunnerCard>;
+
+		if (page != undefined) {
+			cards = await this.cardRepository.find({ relations: ['runner', 'runner.group', 'runner.group.parentGroup'], skip: page * page_size, take: page_size });
+		} else {
+			cards = await this.cardRepository.find({ relations: ['runner', 'runner.group', 'runner.group.parentGroup'] });
+		}
+
+		cards.forEach(card => {
+			responseCards.push(new ResponseRunnerCard(card));
+		});
+		return responseCards;
+	}
+
+	@Get('/:id')
+	@Authorized("CARD:GET")
+	@ResponseSchema(ResponseRunnerCard)
+	@ResponseSchema(RunnerCardNotFoundError, { statusCode: 404 })
+	@OnUndefined(RunnerCardNotFoundError)
+	@OpenAPI({ description: "Lists all information about the card whose id got provided." })
+	async getOne(@Param('id') id: number) {
+		let card = await this.cardRepository.findOne({ id: id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] });
+		if (!card) { throw new RunnerCardNotFoundError(); }
+		return card.toResponse();
+	}
+
+	@Post('/bulk')
+	@Authorized("CARD:CREATE")
+	@ResponseSchema(ResponseEmpty, { statusCode: 200 })
+	@OpenAPI({ description: "Create blank cards in bulk. <br> Just provide the count as a query param and wait for the 200 response. <br> You can provide the 'returnCards' query param if you want to receive the RESPONSERUNNERCARD objects in the response." })
+	async postBlancoBulk(@QueryParam("count") count: number, @QueryParam("returnCards") returnCards: boolean = false) {
+		let createPromises = new Array<any>();
+		for (let index = 0; index < count; index++) {
+			createPromises.push(this.cardRepository.save({ runner: null, enabled: true }))
+		}
+
+		const cards = await Promise.all(createPromises);
+
+		if (returnCards) {
+			let responseCards: ResponseRunnerCard[] = new Array<ResponseRunnerCard>();
+			for await (let card of cards) {
+				let dbCard = await this.cardRepository.findOne({ id: card.id });
+				responseCards.push(new ResponseRunnerCard(dbCard));
+			}
+			return responseCards;
+		}
+		let response = new ResponseEmpty();
+		response.response = `Created ${count} new blanco cards.`
+		return response;
+	}
+
+	@Post()
+	@Authorized("CARD:CREATE")
+	@ResponseSchema(ResponseRunnerCard)
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: "Create a new card. <br> You can provide a associated runner by id but you don't have to." })
+	async post(@Body({ validate: true }) createCard: CreateRunnerCard) {
+		let card = await createCard.toEntity();
+		card = await this.cardRepository.save(card);
+		return (await this.cardRepository.findOne({ id: card.id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] })).toResponse();
+	}
+
+	@Put('/:id')
+	@Authorized("CARD:UPDATE")
+	@ResponseSchema(ResponseRunnerCard)
+	@ResponseSchema(RunnerCardNotFoundError, { statusCode: 404 })
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@ResponseSchema(RunnerCardIdsNotMatchingError, { statusCode: 406 })
+	@OpenAPI({ description: "Update the card whose id you provided. <br> Scans created via this card will still be associated with the old runner. <br> Please remember that ids can't be changed." })
+	async put(@Param('id') id: number, @Body({ validate: true }) card: UpdateRunnerCard) {
+		let oldCard = await this.cardRepository.findOne({ id: id });
+
+		if (!oldCard) {
+			throw new RunnerCardNotFoundError();
+		}
+
+		if (oldCard.id != card.id) {
+			throw new RunnerCardIdsNotMatchingError();
+		}
+
+		await this.cardRepository.save(await card.update(oldCard));
+		return (await this.cardRepository.findOne({ id: id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] })).toResponse();
+	}
+
+	@Put('/:code')
+	@Authorized("CARD:UPDATE")
+	@ResponseSchema(ResponseRunnerCard)
+	@ResponseSchema(RunnerCardNotFoundError, { statusCode: 404 })
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@ResponseSchema(RunnerCardIdsNotMatchingError, { statusCode: 406 })
+	@OpenAPI({ description: "Update the card whose code you provided." })
+	async putByCode(@Param('code') code: string, @Body({ validate: true }) card: UpdateRunnerCardByCode) {
+		let oldCard = await this.cardRepository.findOne({ code: code });
+
+		if (!oldCard) {
+			throw new RunnerCardNotFoundError();
+		}
+
+		if (oldCard.code != card.code) {
+			throw new RunnerCardIdsNotMatchingError();
+		}
+
+		await this.cardRepository.save(await card.update(oldCard));
+		return (await this.cardRepository.findOne({ code: code }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] })).toResponse();
+	}
+
+	@Delete('/:id')
+	@Authorized("CARD:DELETE")
+	@ResponseSchema(ResponseRunnerCard)
+	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
+	@ResponseSchema(RunnerCardHasScansError, { statusCode: 406 })
+	@OnUndefined(204)
+	@OpenAPI({ description: "Delete the card whose id you provided. <br> If no card with this id exists it will just return 204(no content). <br> If the card still has scans associated you have to provide the force=true query param (warning: this deletes all scans associated with by this card - please disable it instead or just remove the runner association)." })
+	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
+		let card = await this.cardRepository.findOne({ id: id });
+		if (!card) { return null; }
+
+		const cardScans = (await this.cardRepository.findOne({ id: id }, { relations: ["scans"] })).scans;
+		if (cardScans.length != 0 && !force) {
+			throw new RunnerCardHasScansError();
+		}
+		const scanController = new ScanController;
+		for (let scan of cardScans) {
+			await scanController.remove(scan.id, force);
+		}
+
+		await this.cardRepository.delete(card);
+		return card.toResponse();
+	}
 }

src/controllers/RunnerController.ts

@@ -1,6 +1,6 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnectionManager } from 'typeorm';
 import { RunnerGroupNeededError, RunnerHasDistanceDonationsError, RunnerIdsNotMatchingError, RunnerNotFoundError } from '../errors/RunnerErrors';
 import { RunnerGroupNotFoundError } from '../errors/RunnerGroupErrors';
 import { CreateRunner } from '../models/actions/create/CreateRunner';
@@ -8,6 +8,8 @@ import { UpdateRunner } from '../models/actions/update/UpdateRunner';
 import { Runner } from '../models/entities/Runner';
 import { ResponseEmpty } from '../models/responses/ResponseEmpty';
 import { ResponseRunner } from '../models/responses/ResponseRunner';
+import { ResponseScan } from '../models/responses/ResponseScan';
+import { ResponseTrackScan } from '../models/responses/ResponseTrackScan';
 import { DonationController } from './DonationController';
 import { RunnerCardController } from './RunnerCardController';
 import { ScanController } from './ScanController';
@@ -28,11 +30,25 @@ export class RunnerController {
 	@Authorized("RUNNER:GET")
 	@ResponseSchema(ResponseRunner, { isArray: true })
 	@OpenAPI({ description: 'Lists all runners from all teams/orgs. <br> This includes the runner\'s group and distance ran.' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100, @QueryParam("created_via", { required: false }) created_via: string = "all", @QueryParam("selfservice_links", { required: false }) selfservice_links: boolean = false) {
 		let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
-		const runners = await this.runnerRepository.find({ relations: ['scans', 'group', 'scans.track', 'cards'] });
+		let runners: Array<Runner>;
+
+		console.log("call to RunnerController.getAll() with page: " + page + " and page_size: " + page_size + " and created_via: " + created_via + " and selfservice_links: " + selfservice_links);
+		if (page != undefined) {
+			runners = await this.runnerRepository.find({ relations: ['scans', 'group', 'group.parentGroup', 'scans.track'], skip: page * page_size, take: page_size });
+		} else {
+			runners = await this.runnerRepository.find({ relations: ['scans', 'group', 'group.parentGroup', 'scans.track'] });
+		}
+
 		runners.forEach(runner => {
-			responseRunners.push(new ResponseRunner(runner));
+			if (created_via === "all") {
+				responseRunners.push(new ResponseRunner(runner, selfservice_links));
+			} else {
+				if (runner.created_via === created_via) {
+					responseRunners.push(new ResponseRunner(runner, selfservice_links));
+				}
+			}
 		});
 		return responseRunners;
 	}
@@ -44,9 +60,34 @@ export class RunnerController {
 	@OnUndefined(RunnerNotFoundError)
 	@OpenAPI({ description: 'Lists all information about the runner whose id got provided.' })
 	async getOne(@Param('id') id: number) {
-		let runner = await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'scans.track', 'cards'] })
+		let runner = await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] })
 		if (!runner) { throw new RunnerNotFoundError(); }
-		return new ResponseRunner(runner);
+		return new ResponseRunner(runner, true);
+	}
+
+	@Get('/:id/scans')
+	@Authorized(["RUNNER:GET", "SCAN:GET"])
+	@ResponseSchema(ResponseScan, { isArray: true })
+	@ResponseSchema(ResponseTrackScan, { isArray: true })
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: 'Lists all scans of the runner whose id got provided. <br> If you only want the valid scans just add the ?onlyValid=true query param.' })
+	async getScans(@Param('id') id: number, onlyValid?: boolean) {
+		let responseScans: ResponseScan[] = new Array<ResponseScan>();
+		let runner = await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'scans.track', 'scans.station', 'scans.runner'] })
+		if (!runner) { throw new RunnerNotFoundError(); }
+
+		if (!onlyValid) {
+			for (let scan of runner.scans) {
+				responseScans.push(scan.toResponse());
+			}
+		}
+		else {
+			for (let scan of runner.validScans) {
+				responseScans.push(scan.toResponse());
+			}
+		}
+
+		return responseScans;
 	}
 
 	@Post()
@@ -64,7 +105,7 @@ export class RunnerController {
 		}
 
 		runner = await this.runnerRepository.save(runner)
-		return new ResponseRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'scans.track', 'cards'] }));
+		return new ResponseRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] }), true);
 	}
 
 	@Put('/:id')
@@ -85,7 +126,7 @@ export class RunnerController {
 		}
 
 		await this.runnerRepository.save(await runner.update(oldRunner));
-		return new ResponseRunner(await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'scans.track', 'cards'] }));
+		return new ResponseRunner(await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] }), true);
 	}
 
 	@Delete('/:id')
@@ -98,7 +139,7 @@ export class RunnerController {
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let runner = await this.runnerRepository.findOne({ id: id });
 		if (!runner) { return null; }
-		const responseRunner = await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'scans.track', 'cards'] });
+		const responseRunner = await this.runnerRepository.findOne(runner);
 
 		if (!runner) {
 			throw new RunnerNotFoundError();

src/controllers/RunnerOrganisationController.ts

@@ -1,127 +0,0 @@
-import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
-import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
-import { RunnerOrganisationHasRunnersError, RunnerOrganisationHasTeamsError, RunnerOrganisationIdsNotMatchingError, RunnerOrganisationNotFoundError } from '../errors/RunnerOrganisationErrors';
-import { CreateRunnerOrganisation } from '../models/actions/create/CreateRunnerOrganisation';
-import { UpdateRunnerOrganisation } from '../models/actions/update/UpdateRunnerOrganisation';
-import { RunnerOrganisation } from '../models/entities/RunnerOrganisation';
-import { ResponseEmpty } from '../models/responses/ResponseEmpty';
-import { ResponseRunnerOrganisation } from '../models/responses/ResponseRunnerOrganisation';
-import { RunnerController } from './RunnerController';
-import { RunnerTeamController } from './RunnerTeamController';
-
-
-@JsonController('/organisations')
-@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
-export class RunnerOrganisationController {
-	private runnerOrganisationRepository: Repository<RunnerOrganisation>;
-
-	/**
-	 * Gets the repository of this controller's model/entity.
-	 */
-	constructor() {
-		this.runnerOrganisationRepository = getConnectionManager().get().getRepository(RunnerOrganisation);
-	}
-
-	@Get()
-	@Authorized("ORGANISATION:GET")
-	@ResponseSchema(ResponseRunnerOrganisation, { isArray: true })
-	@OpenAPI({ description: 'Lists all organisations. <br> This includes their address, contact and teams (if existing/associated).' })
-	async getAll() {
-		let responseTeams: ResponseRunnerOrganisation[] = new Array<ResponseRunnerOrganisation>();
-		const runners = await this.runnerOrganisationRepository.find({ relations: ['contact', 'teams'] });
-		runners.forEach(runner => {
-			responseTeams.push(new ResponseRunnerOrganisation(runner));
-		});
-		return responseTeams;
-	}
-
-	@Get('/:id')
-	@Authorized("ORGANISATION:GET")
-	@ResponseSchema(ResponseRunnerOrganisation)
-	@ResponseSchema(RunnerOrganisationNotFoundError, { statusCode: 404 })
-	@OnUndefined(RunnerOrganisationNotFoundError)
-	@OpenAPI({ description: 'Lists all information about the organisation whose id got provided.' })
-	async getOne(@Param('id') id: number) {
-		let runnerOrg = await this.runnerOrganisationRepository.findOne({ id: id }, { relations: ['contact', 'teams'] });
-		if (!runnerOrg) { throw new RunnerOrganisationNotFoundError(); }
-		return new ResponseRunnerOrganisation(runnerOrg);
-	}
-
-	@Post()
-	@Authorized("ORGANISATION:CREATE")
-	@ResponseSchema(ResponseRunnerOrganisation)
-	@OpenAPI({ description: 'Create a new organsisation.' })
-	async post(@Body({ validate: true }) createRunnerOrganisation: CreateRunnerOrganisation) {
-		let runnerOrganisation;
-		try {
-			runnerOrganisation = await createRunnerOrganisation.toEntity();
-		} catch (error) {
-			throw error;
-		}
-
-		runnerOrganisation = await this.runnerOrganisationRepository.save(runnerOrganisation);
-
-		return new ResponseRunnerOrganisation(await this.runnerOrganisationRepository.findOne(runnerOrganisation, { relations: ['contact', 'teams'] }));
-	}
-
-	@Put('/:id')
-	@Authorized("ORGANISATION:UPDATE")
-	@ResponseSchema(ResponseRunnerOrganisation)
-	@ResponseSchema(RunnerOrganisationNotFoundError, { statusCode: 404 })
-	@ResponseSchema(RunnerOrganisationIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update the organisation whose id you provided. <br> Please remember that ids can't be changed." })
-	async put(@Param('id') id: number, @Body({ validate: true }) updateOrganisation: UpdateRunnerOrganisation) {
-		let oldRunnerOrganisation = await this.runnerOrganisationRepository.findOne({ id: id });
-
-		if (!oldRunnerOrganisation) {
-			throw new RunnerOrganisationNotFoundError();
-		}
-
-		if (oldRunnerOrganisation.id != updateOrganisation.id) {
-			throw new RunnerOrganisationIdsNotMatchingError();
-		}
-
-		await this.runnerOrganisationRepository.save(await updateOrganisation.update(oldRunnerOrganisation));
-
-		return new ResponseRunnerOrganisation(await this.runnerOrganisationRepository.findOne(id, { relations: ['contact', 'teams'] }));
-	}
-
-	@Delete('/:id')
-	@Authorized("ORGANISATION:DELETE")
-	@ResponseSchema(ResponseRunnerOrganisation)
-	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
-	@ResponseSchema(RunnerOrganisationHasTeamsError, { statusCode: 406 })
-	@ResponseSchema(RunnerOrganisationHasRunnersError, { statusCode: 406 })
-	@OnUndefined(204)
-	@OpenAPI({ description: 'Delete the organsisation whose id you provided. <br> If the organisation still has runners and/or teams associated this will fail. <br> To delete the organisation with all associated runners and teams set the force QueryParam to true (cascading deletion might take a while). <br> This won\'t delete the associated contact. <br> If no organisation with this id exists it will just return 204(no content).' })
-	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
-		let organisation = await this.runnerOrganisationRepository.findOne({ id: id });
-		if (!organisation) { return null; }
-		let runnerOrganisation = await this.runnerOrganisationRepository.findOne(organisation, { relations: ['contact', 'runners', 'teams'] });
-
-		if (!force) {
-			if (runnerOrganisation.teams.length != 0) {
-				throw new RunnerOrganisationHasTeamsError();
-			}
-		}
-		const teamController = new RunnerTeamController()
-		for (let team of runnerOrganisation.teams) {
-			await teamController.remove(team.id, true);
-		}
-
-		if (!force) {
-			if (runnerOrganisation.runners.length != 0) {
-				throw new RunnerOrganisationHasRunnersError();
-			}
-		}
-		const runnerController = new RunnerController()
-		for (let runner of runnerOrganisation.runners) {
-			await runnerController.remove(runner.id, true);
-		}
-
-		const responseOrganisation = new ResponseRunnerOrganisation(runnerOrganisation);
-		await this.runnerOrganisationRepository.delete(organisation);
-		return responseOrganisation;
-	}
-}

src/controllers/RunnerOrganizationController.ts

@@ -0,0 +1,156 @@
+import { Authorized, BadRequestError, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { Repository, getConnectionManager } from 'typeorm';
+import { RunnerOrganizationHasRunnersError, RunnerOrganizationHasTeamsError, RunnerOrganizationIdsNotMatchingError, RunnerOrganizationNotFoundError } from '../errors/RunnerOrganizationErrors';
+import { CreateRunnerOrganization } from '../models/actions/create/CreateRunnerOrganization';
+import { UpdateRunnerOrganization } from '../models/actions/update/UpdateRunnerOrganization';
+import { Runner } from '../models/entities/Runner';
+import { RunnerOrganization } from '../models/entities/RunnerOrganization';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseRunner } from '../models/responses/ResponseRunner';
+import { ResponseRunnerOrganization } from '../models/responses/ResponseRunnerOrganization';
+import { RunnerController } from './RunnerController';
+import { RunnerTeamController } from './RunnerTeamController';
+
+
+@JsonController('/organizations')
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+export class RunnerOrganizationController {
+	private runnerOrganizationRepository: Repository<RunnerOrganization>;
+
+	/**
+	 * Gets the repository of this controller's model/entity.
+	 */
+	constructor() {
+		this.runnerOrganizationRepository = getConnectionManager().get().getRepository(RunnerOrganization);
+	}
+
+	@Get()
+	@Authorized("ORGANIZATION:GET")
+	@ResponseSchema(ResponseRunnerOrganization, { isArray: true })
+	@OpenAPI({ description: 'Lists all organizations. <br> This includes their address, contact and teams (if existing/associated).' })
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
+		let responseOrgs: ResponseRunnerOrganization[] = new Array<ResponseRunnerOrganization>();
+		let orgs: Array<RunnerOrganization>;
+
+		if (page != undefined) {
+			orgs = await this.runnerOrganizationRepository.find({ relations: ['contact', 'teams'], skip: page * page_size, take: page_size });
+		} else {
+			orgs = await this.runnerOrganizationRepository.find({ relations: ['contact', 'teams'] });
+		}
+
+		orgs.forEach(org => {
+			responseOrgs.push(new ResponseRunnerOrganization(org));
+		});
+		return responseOrgs;
+	}
+
+	@Get('/:id')
+	@Authorized("ORGANIZATION:GET")
+	@ResponseSchema(ResponseRunnerOrganization)
+	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
+	@OnUndefined(RunnerOrganizationNotFoundError)
+	@OpenAPI({ description: 'Lists all information about the organization whose id got provided.' })
+	async getOne(@Param('id') id: number) {
+		let runnerOrg = await this.runnerOrganizationRepository.findOne({ id: id }, { relations: ['contact', 'teams', 'teams.runners', 'teams.runners.scans', 'teams.runners.scans.track', 'runners', 'runners.scans', 'runners.scans.track'] });
+		if (!runnerOrg) { throw new RunnerOrganizationNotFoundError(); }
+		return new ResponseRunnerOrganization(runnerOrg);
+	}
+
+	@Get('/:id/runners')
+	@Authorized(["RUNNER:GET", "SCAN:GET"])
+	@ResponseSchema(ResponseRunner, { isArray: true })
+	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: 'Lists all runners from this org and it\'s teams (if you don\'t provide the ?onlyDirect=true param). <br> This includes the runner\'s group and distance ran.' })
+	async getRunners(@Param('id') id: number, @QueryParam('onlyDirect') onlyDirect: boolean, @QueryParam("selfservice_links", { required: false }) selfservice_links: boolean = false) {
+		let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
+		let runners: Runner[];
+		if (!onlyDirect) { runners = (await this.runnerOrganizationRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.group.parentGroup', 'runners.scans', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.group', 'teams.runners.group.parentGroup', 'teams.runners.scans', 'teams.runners.scans.track'] })).allRunners; }
+		else { runners = (await this.runnerOrganizationRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.group.parentGroup', 'runners.scans', 'runners.scans.track'] })).runners; }
+		runners.forEach(runner => {
+			responseRunners.push(new ResponseRunner(runner, selfservice_links));
+		});
+		return responseRunners;
+	}
+
+	@Post()
+	@Authorized("ORGANIZATION:CREATE")
+	@ResponseSchema(ResponseRunnerOrganization)
+	@OpenAPI({ description: 'Create a new organsisation.' })
+	async post(@Body({ validate: true }) createRunnerOrganization: CreateRunnerOrganization) {
+		let runnerOrganization;
+		try {
+			runnerOrganization = await createRunnerOrganization.toEntity();
+		} catch (error) {
+			throw error;
+		}
+
+		runnerOrganization = await this.runnerOrganizationRepository.save(runnerOrganization);
+
+		return new ResponseRunnerOrganization(await this.runnerOrganizationRepository.findOne(runnerOrganization, { relations: ['contact', 'teams'] }));
+	}
+
+	@Put('/:id')
+	@Authorized("ORGANIZATION:UPDATE")
+	@ResponseSchema(ResponseRunnerOrganization)
+	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
+	@ResponseSchema(RunnerOrganizationIdsNotMatchingError, { statusCode: 406 })
+	@OpenAPI({ description: "Update the organization whose id you provided. <br> Please remember that ids can't be changed." })
+	async put(@Param('id') id: number, @Body({ validate: true }) updateOrganization: UpdateRunnerOrganization) {
+		let oldRunnerOrganization = await this.runnerOrganizationRepository.findOne({ id: id });
+
+		if (!oldRunnerOrganization) {
+			throw new RunnerOrganizationNotFoundError();
+		}
+
+		if (oldRunnerOrganization.id != updateOrganization.id) {
+			throw new RunnerOrganizationIdsNotMatchingError();
+		}
+
+		await this.runnerOrganizationRepository.save(await updateOrganization.update(oldRunnerOrganization));
+
+		return new ResponseRunnerOrganization(await this.runnerOrganizationRepository.findOne(id, { relations: ['contact', 'teams'] }));
+	}
+
+	@Delete('/:id')
+	@Authorized("ORGANIZATION:DELETE")
+	@ResponseSchema(ResponseRunnerOrganization)
+	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
+	@ResponseSchema(RunnerOrganizationHasTeamsError, { statusCode: 406 })
+	@ResponseSchema(RunnerOrganizationHasRunnersError, { statusCode: 406 })
+	@OnUndefined(204)
+	@OpenAPI({ description: 'Delete the organsisation whose id you provided. <br> If the organization still has runners and/or teams associated this will fail. <br> To delete the organization with all associated runners and teams set the force QueryParam to true (cascading deletion might take a while). <br> This won\'t delete the associated contact. <br> If no organization with this id exists it will just return 204(no content).' })
+	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
+		if (id == 1) {
+			throw new BadRequestError("You can't delete the citizen runner org.");
+		}
+
+		let organization = await this.runnerOrganizationRepository.findOne({ id: id });
+		if (!organization) { return null; }
+		let runnerOrganization = await this.runnerOrganizationRepository.findOne(organization, { relations: ['contact', 'runners', 'teams'] });
+
+		if (!force) {
+			if (runnerOrganization.teams.length != 0) {
+				throw new RunnerOrganizationHasTeamsError();
+			}
+		}
+		const teamController = new RunnerTeamController()
+		for (let team of runnerOrganization.teams) {
+			await teamController.remove(team.id, true);
+		}
+
+		if (!force) {
+			if (runnerOrganization.runners.length != 0) {
+				throw new RunnerOrganizationHasRunnersError();
+			}
+		}
+		const runnerController = new RunnerController()
+		for (let runner of runnerOrganization.runners) {
+			await runnerController.remove(runner.id, true);
+		}
+
+		const responseOrganization = new ResponseRunnerOrganization(runnerOrganization);
+		await this.runnerOrganizationRepository.delete(organization);
+		return responseOrganization;
+	}
+}

src/controllers/RunnerSelfServiceController.ts

@@ -0,0 +1,244 @@
+import { Request } from "express";
+import * as jwt from "jsonwebtoken";
+import { BadRequestError, Body, Delete, Get, JsonController, OnUndefined, Param, Post, QueryParam, Req, UseBefore } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnectionManager, Repository } from 'typeorm';
+import { config } from '../config';
+import { InvalidCredentialsError, JwtNotProvidedError } from '../errors/AuthError';
+import { MailSendingError } from '../errors/MailErrors';
+import { RunnerEmailNeededError, RunnerHasDistanceDonationsError, RunnerNotFoundError, RunnerSelfserviceTimeoutError } from '../errors/RunnerErrors';
+import { RunnerOrganizationNotFoundError } from '../errors/RunnerOrganizationErrors';
+import { ScanStationNotFoundError } from '../errors/ScanStationErrors';
+import { JwtCreator } from '../jwtcreator';
+import { Mailer } from '../mailer';
+import ScanAuth from '../middlewares/ScanAuth';
+import { CreateSelfServiceCitizenRunner } from '../models/actions/create/CreateSelfServiceCitizenRunner';
+import { CreateSelfServiceRunner } from '../models/actions/create/CreateSelfServiceRunner';
+import { Runner } from '../models/entities/Runner';
+import { RunnerGroup } from '../models/entities/RunnerGroup';
+import { RunnerOrganization } from '../models/entities/RunnerOrganization';
+import { ScanStation } from '../models/entities/ScanStation';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseScanStation } from '../models/responses/ResponseScanStation';
+import { ResponseSelfServiceOrganisation } from '../models/responses/ResponseSelfServiceOrganisation';
+import { ResponseSelfServiceRunner } from '../models/responses/ResponseSelfServiceRunner';
+import { ResponseSelfServiceScan } from '../models/responses/ResponseSelfServiceScan';
+import { DonationController } from './DonationController';
+import { RunnerCardController } from './RunnerCardController';
+import { ScanController } from './ScanController';
+
+@JsonController()
+export class RunnerSelfServiceController {
+	private runnerRepository: Repository<Runner>;
+	private orgRepository: Repository<RunnerOrganization>;
+	private stationRepository: Repository<ScanStation>;
+
+	/**
+	 * Gets the repository of this controller's model/entity.
+	 */
+	constructor() {
+		this.runnerRepository = getConnectionManager().get().getRepository(Runner);
+		this.orgRepository = getConnectionManager().get().getRepository(RunnerOrganization);
+		this.stationRepository = getConnectionManager().get().getRepository(ScanStation);
+	}
+
+	@Get('/runners/me/:jwt')
+	@ResponseSchema(ResponseSelfServiceRunner)
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OnUndefined(RunnerNotFoundError)
+	@OpenAPI({ description: 'Lists all information about yourself. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please use the forgot endpoint.' })
+	async get(@Param('jwt') token: string) {
+		return (new ResponseSelfServiceRunner(await this.getRunner(token)));
+	}
+
+	@Delete('/runners/me/:jwt')
+	@ResponseSchema(ResponseSelfServiceRunner)
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OnUndefined(RunnerNotFoundError)
+	@OpenAPI({ description: 'Deletes all information about yourself. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please use the forgot endpoint.' })
+	async remove(@Param('jwt') token: string, @QueryParam("force") force: boolean) {
+		const responseRunner = await this.getRunner(token);
+		let runner = await this.runnerRepository.findOne({ id: responseRunner.id });
+
+		if (!runner) { return null; }
+		if (!runner) {
+			throw new RunnerNotFoundError();
+		}
+
+		const runnerDonations = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["distanceDonations"] })).distanceDonations;
+		if (runnerDonations.length > 0 && !force) {
+			throw new RunnerHasDistanceDonationsError();
+		}
+		const donationController = new DonationController();
+		for (let donation of runnerDonations) {
+			await donationController.remove(donation.id, force);
+		}
+
+		const runnerCards = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["cards"] })).cards;
+		const cardController = new RunnerCardController;
+		for (let card of runnerCards) {
+			await cardController.remove(card.id, force);
+		}
+
+		const runnerScans = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["scans"] })).scans;
+		const scanController = new ScanController;
+		for (let scan of runnerScans) {
+			await scanController.remove(scan.id, force);
+		}
+
+		await this.runnerRepository.delete(runner);
+		return new ResponseSelfServiceRunner(responseRunner);
+	}
+
+	@Get('/runners/me/:jwt/scans')
+	@ResponseSchema(ResponseSelfServiceScan, { isArray: true })
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OnUndefined(RunnerNotFoundError)
+	@OpenAPI({ description: 'Lists all your (runner) scans. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please contact support.' })
+	async getScans(@Param('jwt') token: string) {
+		const scans = (await this.getRunner(token)).scans;
+		let responseScans = new Array<ResponseSelfServiceScan>()
+		for (let scan of scans) {
+			responseScans.push(new ResponseSelfServiceScan(scan));
+		}
+		return responseScans;
+	}
+
+	@Get('/stations/me')
+	@UseBefore(ScanAuth)
+	@ResponseSchema(ResponseScanStation)
+	@ResponseSchema(ScanStationNotFoundError, { statusCode: 404 })
+	@OnUndefined(ScanStationNotFoundError)
+	@OpenAPI({ description: 'Lists basic information about the station whose token got provided. <br> This includes it\'s associated track.', security: [{ "StationApiToken": [] }] })
+	async getStationMe(@Req() req: Request) {
+		let scan = await this.stationRepository.findOne({ id: parseInt(req.headers["station_id"].toString()) }, { relations: ['track'] })
+		if (!scan) { throw new ScanStationNotFoundError(); }
+		return scan.toResponse();
+	}
+
+	@Post('/runners/login')
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OnUndefined(ResponseEmpty)
+	@OpenAPI({ description: 'Use this endpoint to reuqest a new selfservice magic-login-link to be sent to your mail address (rate limited to one mail every 15mins).' })
+	async requestNewToken(@QueryParam('mail') mail: string, @QueryParam("locale") locale: string = "en") {
+		if (!mail) {
+			throw new RunnerNotFoundError();
+		}
+		const runner = await this.runnerRepository.findOne({ email: mail });
+		if (!runner) { throw new RunnerNotFoundError(); }
+
+		if (runner.resetRequestedTimestamp > (Math.floor(Date.now() / 1000) - 30)) { throw new RunnerSelfserviceTimeoutError(); }
+		const token = JwtCreator.createSelfService(runner);
+
+		try {
+			await Mailer.sendSelfserviceForgottenMail(runner.email, runner.id, runner.firstname, runner.middlename, runner.lastname, token, locale)
+		} catch (error) {
+			throw new MailSendingError();
+		}
+
+		runner.resetRequestedTimestamp = Math.floor(Date.now() / 1000);
+		await this.runnerRepository.save(runner);
+
+		return { token };
+	}
+
+	@Post('/runners/register')
+	@ResponseSchema(ResponseSelfServiceRunner)
+	@ResponseSchema(RunnerEmailNeededError, { statusCode: 406 })
+	@OpenAPI({ description: 'Create a new selfservice runner in the citizen org. <br> This endpoint shoud be used to allow "everyday citizen" to register themselves. <br> You have to provide a mail address, b/c the future we\'ll implement email verification.' })
+	async registerRunner(@Body({ validate: true }) createRunner: CreateSelfServiceCitizenRunner, @QueryParam("locale") locale: string = "en") {
+		let runner = await createRunner.toEntity();
+		if (await this.getRunnerExistsByMail(runner.email)) {
+			throw new BadRequestError("E-Mail already registered")
+		}
+		runner = await this.runnerRepository.save(runner);
+
+		let response = new ResponseSelfServiceRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] }));
+		response.token = JwtCreator.createSelfService(runner);
+
+		try {
+			await Mailer.sendSelfserviceWelcomeMail(runner.email, runner.id, runner.firstname, runner.middlename, runner.lastname, response.token, locale)
+		} catch (error) {
+			throw new MailSendingError();
+		}
+
+		return response;
+	}
+
+	@Post('/runners/register/:token')
+	@ResponseSchema(ResponseSelfServiceRunner)
+	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: 'Create a new selfservice runner in a provided org. <br> The orgs get provided and authorized via api tokens that can be optained via the /organizations endpoint.' })
+	async registerOrganizationRunner(@Param('token') token: string, @Body({ validate: true }) createRunner: CreateSelfServiceRunner, @QueryParam("locale") locale: string = "en") {
+		const org = await this.getOrgansisation(token);
+
+		let runner = await createRunner.toEntity(org);
+		if (await this.getRunnerExistsByMail(runner.email)) {
+			throw new BadRequestError("E-Mail already registered")
+		}
+		runner = await this.runnerRepository.save(runner);
+
+		let response = new ResponseSelfServiceRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] }));
+		response.token = JwtCreator.createSelfService(runner);
+
+		try {
+			await Mailer.sendSelfserviceWelcomeMail(runner.email, runner.id, runner.firstname, runner.middlename, runner.lastname, response.token, locale)
+		} catch (error) {
+			throw new MailSendingError();
+		}
+
+		return response;
+	}
+
+	@Get('/organizations/selfservice/:token')
+	@ResponseSchema(ResponseSelfServiceOrganisation, { isArray: false })
+	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: 'Get the basic info and teams for a org.' })
+	async getSelfserviceOrg(@Param('token') token: string) {
+		const orgid = (await this.getOrgansisation(token)).id;
+		const org = await this.orgRepository.findOne({ id: orgid }, { relations: ['teams'] })
+
+		return new ResponseSelfServiceOrganisation(<RunnerOrganization>org);
+	}
+
+	/**
+	 * Get's a runner by a provided jwt token.
+	 * @param token The runner jwt provided by the runner to identitfy themselves.
+	 */
+	private async getRunner(token: string): Promise<Runner> {
+		if (token == "") { throw new JwtNotProvidedError(); }
+		let jwtPayload = undefined
+		try {
+			jwtPayload = <any>jwt.verify(token, config.jwt_secret);
+		} catch (error) {
+			throw new InvalidCredentialsError();
+		}
+
+		const runner = await this.runnerRepository.findOne({ id: jwtPayload["id"] }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] });
+		if (!runner) { throw new RunnerNotFoundError() }
+		return runner;
+	}
+
+	/**
+	 * Get's a runner org by a provided registration api key.
+	 * @param token The organization's registration api token.
+	 */
+	private async getOrgansisation(token: string): Promise<RunnerGroup> {
+		token = Buffer.from(token, 'base64').toString('utf8');
+
+		const organization = await this.orgRepository.findOne({ key: token });
+		if (!organization) { throw new RunnerOrganizationNotFoundError; }
+
+		return organization;
+	}
+
+	/**
+	 * Checks if a runner already exists
+	 * @param email The runner's email address
+	 * @returns Boolean (true if exists, false if not)
+	 */
+	private async getRunnerExistsByMail(email: string): Promise<boolean> {
+		const runner = await this.runnerRepository.findOne({ email });
+		return runner != undefined
+	}
+}

src/controllers/RunnerTeamController.ts

@@ -1,11 +1,12 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnectionManager } from 'typeorm';
 import { RunnerTeamHasRunnersError, RunnerTeamIdsNotMatchingError, RunnerTeamNotFoundError } from '../errors/RunnerTeamErrors';
 import { CreateRunnerTeam } from '../models/actions/create/CreateRunnerTeam';
 import { UpdateRunnerTeam } from '../models/actions/update/UpdateRunnerTeam';
 import { RunnerTeam } from '../models/entities/RunnerTeam';
 import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseRunner } from '../models/responses/ResponseRunner';
 import { ResponseRunnerTeam } from '../models/responses/ResponseRunnerTeam';
 import { RunnerController } from './RunnerController';
 
@@ -25,12 +26,19 @@ export class RunnerTeamController {
 	@Get()
 	@Authorized("TEAM:GET")
 	@ResponseSchema(ResponseRunnerTeam, { isArray: true })
-	@OpenAPI({ description: 'Lists all teams. <br> This includes their parent organisation and contact (if existing/associated).' })
-	async getAll() {
+	@OpenAPI({ description: 'Lists all teams. <br> This includes their parent organization and contact (if existing/associated).' })
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
 		let responseTeams: ResponseRunnerTeam[] = new Array<ResponseRunnerTeam>();
-		const runners = await this.runnerTeamRepository.find({ relations: ['parentGroup', 'contact'] });
-		runners.forEach(runner => {
-			responseTeams.push(new ResponseRunnerTeam(runner));
+		let teams: Array<RunnerTeam>;
+
+		if (page != undefined) {
+			teams = await this.runnerTeamRepository.find({ relations: ['parentGroup', 'contact'], skip: page * page_size, take: page_size });
+		} else {
+			teams = await this.runnerTeamRepository.find({ relations: ['parentGroup', 'contact'] });
+		}
+
+		teams.forEach(team => {
+			responseTeams.push(new ResponseRunnerTeam(team));
 		});
 		return responseTeams;
 	}
@@ -42,11 +50,25 @@ export class RunnerTeamController {
 	@OnUndefined(RunnerTeamNotFoundError)
 	@OpenAPI({ description: 'Lists all information about the team whose id got provided.' })
 	async getOne(@Param('id') id: number) {
-		let runnerTeam = await this.runnerTeamRepository.findOne({ id: id }, { relations: ['parentGroup', 'contact'] });
+		let runnerTeam = await this.runnerTeamRepository.findOne({ id: id }, { relations: ['parentGroup', 'contact', 'runners', 'runners.scans', 'runners.scans.track'] });
 		if (!runnerTeam) { throw new RunnerTeamNotFoundError(); }
 		return new ResponseRunnerTeam(runnerTeam);
 	}
 
+	@Get('/:id/runners')
+	@Authorized(["RUNNER:GET", "SCAN:GET"])
+	@ResponseSchema(ResponseRunner, { isArray: true })
+	@ResponseSchema(RunnerTeamNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: 'Lists all runners from this team. <br> This includes the runner\'s group and distance ran.' })
+	async getRunners(@Param('id') id: number, @QueryParam("selfservice_links", { required: false }) selfservice_links: boolean = false) {
+		let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
+		const runners = (await this.runnerTeamRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.group.parentGroup', 'runners.scans', 'runners.scans.track'] })).runners;
+		runners.forEach(runner => {
+			responseRunners.push(new ResponseRunner(runner, selfservice_links));
+		});
+		return responseRunners;
+	}
+
 	@Post()
 	@Authorized("TEAM:CREATE")
 	@ResponseSchema(ResponseRunnerTeam)
@@ -97,7 +119,7 @@ export class RunnerTeamController {
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let team = await this.runnerTeamRepository.findOne({ id: id });
 		if (!team) { return null; }
-		let runnerTeam = await this.runnerTeamRepository.findOne(team, { relations: ['parentGroup', 'contact', 'runners'] });
+		let runnerTeam = await this.runnerTeamRepository.findOne(team, { relations: ['runners'] });
 
 		if (!force) {
 			if (runnerTeam.runners.length != 0) {

src/controllers/ScanController.ts

@@ -1,6 +1,7 @@
-import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam, UseBefore } from 'routing-controllers';
+import { Request } from "express";
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam, Req, UseBefore } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnectionManager } from 'typeorm';
 import { RunnerNotFoundError } from '../errors/RunnerErrors';
 import { ScanIdsNotMatchingError, ScanNotFoundError } from '../errors/ScanErrors';
 import { ScanStationNotFoundError } from '../errors/ScanStationErrors';
@@ -14,7 +15,6 @@ import { TrackScan } from '../models/entities/TrackScan';
 import { ResponseEmpty } from '../models/responses/ResponseEmpty';
 import { ResponseScan } from '../models/responses/ResponseScan';
 import { ResponseTrackScan } from '../models/responses/ResponseTrackScan';
-
 @JsonController('/scans')
 @OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 export class ScanController {
@@ -34,9 +34,16 @@ export class ScanController {
 	@ResponseSchema(ResponseScan, { isArray: true })
 	@ResponseSchema(ResponseTrackScan, { isArray: true })
 	@OpenAPI({ description: 'Lists all scans (normal or track) from all runners. <br> This includes the scan\'s runner\'s distance ran.' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
 		let responseScans: ResponseScan[] = new Array<ResponseScan>();
-		const scans = await this.scanRepository.find({ relations: ['runner', 'track', 'runner.scans', 'runner.scans.track', 'card', 'station'] });
+		let scans: Array<Scan>;
+
+		if (page != undefined) {
+			scans = await this.scanRepository.find({ relations: ['runner', 'track'], skip: page * page_size, take: page_size });
+		} else {
+			scans = await this.scanRepository.find({ relations: ['runner', 'track'] });
+		}
+
 		scans.forEach(scan => {
 			responseScans.push(scan.toResponse());
 		});
@@ -51,7 +58,7 @@ export class ScanController {
 	@OnUndefined(ScanNotFoundError)
 	@OpenAPI({ description: 'Lists all information about the scan whose id got provided. This includes the scan\'s runner\'s distance ran.' })
 	async getOne(@Param('id') id: number) {
-		let scan = await this.scanRepository.findOne({ id: id }, { relations: ['runner', 'track', 'runner.scans', 'runner.scans.track', 'card', 'station'] })
+		let scan = await this.scanRepository.findOne({ id: id }, { relations: ['runner', 'track', 'runner.group', 'card', 'station'] })
 		if (!scan) { throw new ScanNotFoundError(); }
 		return scan.toResponse();
 	}
@@ -60,22 +67,26 @@ export class ScanController {
 	@UseBefore(ScanAuth)
 	@ResponseSchema(ResponseScan)
 	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@OpenAPI({ description: 'Create a new scan (not track scan - use /scans/trackscans instead). <br> Please rmemember to provide the scan\'s runner\'s id and distance.', security: [{ "ScanApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+	@OpenAPI({ description: 'Create a new scan (not track scan - use /scans/trackscans instead). <br> Please rmemember to provide the scan\'s runner\'s id and distance.', security: [{ "StationApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 	async post(@Body({ validate: true }) createScan: CreateScan) {
 		let scan = await createScan.toEntity();
 		scan = await this.scanRepository.save(scan);
-		return (await this.scanRepository.findOne({ id: scan.id }, { relations: ['runner', 'track', 'runner.scans', 'runner.scans.track', 'card', 'station'] })).toResponse();
+		return (await this.scanRepository.findOne({ id: scan.id }, { relations: ['runner', 'track', 'runner.scans', 'runner.group', 'runner.scans.track', 'card', 'station'] })).toResponse();
 	}
 
 	@Post("/trackscans")
 	@UseBefore(ScanAuth)
 	@ResponseSchema(ResponseTrackScan)
 	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@OpenAPI({ description: 'Create a new track scan (for "normal" scans use /scans instead). <br> Please remember that to provide the scan\'s card\'s station\'s id.', security: [{ "ScanApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
-	async postTrackScans(@Body({ validate: true }) createScan: CreateTrackScan) {
+	@OpenAPI({ description: 'Create a new track scan (for "normal" scans use /scans instead). <br> Please remember that to provide the scan\'s card\'s station\'s id.', security: [{ "StationApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+	async postTrackScans(@Body({ validate: true }) createScan: CreateTrackScan, @Req() req: Request) {
+		const station_id = req.headers["station_id"];
+		if (station_id) {
+			createScan.station = parseInt(station_id.toString());
+		}
 		let scan = await createScan.toEntity();
 		scan = await this.trackScanRepository.save(scan);
-		return (await this.scanRepository.findOne({ id: scan.id }, { relations: ['runner', 'track', 'runner.scans', 'runner.scans.track', 'card', 'station'] })).toResponse();
+		return (await this.scanRepository.findOne({ id: scan.id }, { relations: ['runner', 'track', 'runner.scans', 'runner.group', 'runner.scans.track', 'card', 'station'] })).toResponse();
 	}
 
 	@Put('/:id')
@@ -97,7 +108,7 @@ export class ScanController {
 		}
 
 		await this.scanRepository.save(await scan.update(oldScan));
-		return (await this.scanRepository.findOne({ id: id }, { relations: ['runner', 'track', 'runner.scans', 'runner.scans.track', 'card', 'station'] })).toResponse();
+		return (await this.scanRepository.findOne({ id: id }, { relations: ['runner', 'track', 'runner.scans', 'runner.group', 'runner.scans.track', 'card', 'station'] })).toResponse();
 	}
 
 	@Put('/trackscans/:id')
@@ -120,7 +131,7 @@ export class ScanController {
 		}
 
 		await this.trackScanRepository.save(await scan.update(oldScan));
-		return (await this.scanRepository.findOne({ id: id }, { relations: ['runner', 'track', 'runner.scans', 'runner.scans.track', 'card', 'station'] })).toResponse();
+		return (await this.scanRepository.findOne({ id: id }, { relations: ['runner', 'track', 'runner.scans', 'runner.group', 'runner.scans.track', 'card', 'station'] })).toResponse();
 	}
 
 	@Delete('/:id')
@@ -132,7 +143,7 @@ export class ScanController {
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let scan = await this.scanRepository.findOne({ id: id });
 		if (!scan) { return null; }
-		const responseScan = await this.scanRepository.findOne({ id: scan.id }, { relations: ['runner', 'track', 'runner.scans', 'runner.scans.track', 'card', 'station'] });
+		const responseScan = await this.scanRepository.findOne({ id: scan.id }, { relations: ['runner', 'track', 'runner.scans', 'runner.group', 'runner.scans.track', 'card', 'station'] });
 
 		await this.scanRepository.delete(scan);
 		return responseScan.toResponse();

src/controllers/ScanStationController.ts

@@ -1,6 +1,6 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnectionManager } from 'typeorm';
 import { ScanStationHasScansError, ScanStationIdsNotMatchingError, ScanStationNotFoundError } from '../errors/ScanStationErrors';
 import { TrackNotFoundError } from '../errors/TrackErrors';
 import { CreateScanStation } from '../models/actions/create/CreateScanStation';
@@ -26,9 +26,16 @@ export class ScanStationController {
 	@Authorized("STATION:GET")
 	@ResponseSchema(ResponseScanStation, { isArray: true })
 	@OpenAPI({ description: 'Lists all stations. <br> This includes their associated tracks.' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
 		let responseStations: ResponseScanStation[] = new Array<ResponseScanStation>();
-		const stations = await this.stationRepository.find({ relations: ['track'] });
+		let stations: Array<ScanStation>;
+
+		if (page != undefined) {
+			stations = await this.stationRepository.find({ relations: ['track'], skip: page * page_size, take: page_size });
+		} else {
+			stations = await this.stationRepository.find({ relations: ['track'] });
+		}
+
 		stations.forEach(station => {
 			responseStations.push(station.toResponse());
 		});

src/controllers/StatsClientController.ts

@@ -1,6 +1,6 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnectionManager } from 'typeorm';
 import { StatsClientNotFoundError } from '../errors/StatsClientErrors';
 import { TrackNotFoundError } from "../errors/TrackErrors";
 import { CreateStatsClient } from '../models/actions/create/CreateStatsClient';
@@ -24,9 +24,16 @@ export class StatsClientController {
 	@Authorized("STATSCLIENT:GET")
 	@ResponseSchema(ResponseStatsClient, { isArray: true })
 	@OpenAPI({ description: 'Lists all stats clients. Please remember that the key can only be viewed on creation.' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
 		let responseClients: ResponseStatsClient[] = new Array<ResponseStatsClient>();
-		const clients = await this.clientRepository.find();
+		let clients: Array<StatsClient>;
+
+		if (page != undefined) {
+			clients = await this.clientRepository.find({ skip: page * page_size, take: page_size });
+		} else {
+			clients = await this.clientRepository.find();
+		}
+
 		clients.forEach(clients => {
 			responseClients.push(new ResponseStatsClient(clients));
 		});

src/controllers/StatsController.ts

@@ -1,15 +1,17 @@
-import { Get, JsonController, UseBefore } from 'routing-controllers';
+import { Get, JsonController, QueryParam, UseBefore } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnection } from 'typeorm';
 import StatsAuth from '../middlewares/StatsAuth';
 import { Donation } from '../models/entities/Donation';
+import { Donor } from '../models/entities/Donor';
 import { Runner } from '../models/entities/Runner';
-import { RunnerOrganisation } from '../models/entities/RunnerOrganisation';
+import { RunnerOrganization } from '../models/entities/RunnerOrganization';
 import { RunnerTeam } from '../models/entities/RunnerTeam';
 import { Scan } from '../models/entities/Scan';
+import { TrackScan } from '../models/entities/TrackScan';
 import { User } from '../models/entities/User';
 import { ResponseStats } from '../models/responses/ResponseStats';
-import { ResponseStatsOrgnisation } from '../models/responses/ResponseStatsOrganisation';
+import { ResponseStatsOrgnisation } from '../models/responses/ResponseStatsOrganization';
 import { ResponseStatsRunner } from '../models/responses/ResponseStatsRunner';
 import { ResponseStatsTeam } from '../models/responses/ResponseStatsTeam';
 
@@ -20,14 +22,28 @@ export class StatsController {
     @ResponseSchema(ResponseStats)
     @OpenAPI({ description: "A very basic stats endpoint providing basic counters for a dashboard or simmilar" })
     async get() {
-        let connection = getConnection();
-        let runners = await connection.getRepository(Runner).find({ relations: ['scans', 'scans.track'] });
-        let teams = await connection.getRepository(RunnerTeam).find();
-        let orgs = await connection.getRepository(RunnerOrganisation).find();
-        let users = await connection.getRepository(User).find();
-        let scans = await connection.getRepository(Scan).find();
+        const connection = getConnection();
+        const runnersViaSelfservice = await connection.getRepository(Runner).count({ where: { created_via: "selfservice" } });
+        const runnersViaKiosk = await connection.getRepository(Runner).count({ where: { created_via: "kiosk" } });
+        const runners = await connection.getRepository(Runner).count();
+        const teams = await connection.getRepository(RunnerTeam).count();
+        const orgs = await connection.getRepository(RunnerOrganization).count();
+        const users = await connection.getRepository(User).count();
+        const scans = await connection.getRepository(Scan).count({ where: { valid: true } });
+
+        const distance_query = await connection.getRepository(Scan).createQueryBuilder('scan')
+            .leftJoinAndSelect("scan.track", "track").where("scan.valid = TRUE")
+            .select("SUM(track.distance)", "sum_track").addSelect("SUM(_distance)", "sum_distance")
+            .getRawOne();
+        let distace = parseInt(distance_query.sum_track)
+        if (distance_query.sum_distance) {
+            distace += parseInt(distance_query.sum_distance)
+        }
+
         let donations = await connection.getRepository(Donation).find({ relations: ['runner', 'runner.scans', 'runner.scans.track'] });
-        return new ResponseStats(runners, teams, orgs, users, scans, donations)
+        const donors = await connection.getRepository(Donor).count();
+
+        return new ResponseStats(runnersViaSelfservice, runners, teams, orgs, users, scans, donations, distace, donors, runnersViaKiosk)
     }
 
     @Get("/runners/distance")
@@ -36,7 +52,10 @@ export class StatsController {
     @OpenAPI({ description: "Returns the top ten runners by distance.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
     async getTopRunnersByDistance() {
         let runners = await getConnection().getRepository(Runner).find({ relations: ['scans', 'group', 'distanceDonations', 'scans.track'] });
-        let topRunners = runners.sort((runner1, runner2) => runner1.distance - runner2.distance).slice(0, 9);
+        if (!runners || runners.length == 0) {
+            return [];
+        }
+        let topRunners = runners.sort((runner1, runner2) => runner2.distance - runner1.distance).slice(0, 10);
         let responseRunners: ResponseStatsRunner[] = new Array<ResponseStatsRunner>();
         topRunners.forEach(runner => {
             responseRunners.push(new ResponseStatsRunner(runner));
@@ -49,8 +68,11 @@ export class StatsController {
     @ResponseSchema(ResponseStatsRunner, { isArray: true })
     @OpenAPI({ description: "Returns the top ten runners by donations.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
     async getTopRunnersByDonations() {
-        let runners = await getConnection().getRepository(Runner).find({ relations: ['scans', 'group', 'distanceDonations', 'scans.track'] });
-        let topRunners = runners.sort((runner1, runner2) => runner1.distanceDonationAmount - runner2.distanceDonationAmount).slice(0, 9);
+        let runners = await getConnection().getRepository(Runner).find({ relations: ['group', 'distanceDonations', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] });
+        if (!runners || runners.length == 0) {
+            return [];
+        }
+        let topRunners = runners.sort((runner1, runner2) => runner2.distanceDonationAmount - runner1.distanceDonationAmount).slice(0, 10);
         let responseRunners: ResponseStatsRunner[] = new Array<ResponseStatsRunner>();
         topRunners.forEach(runner => {
             responseRunners.push(new ResponseStatsRunner(runner));
@@ -58,6 +80,34 @@ export class StatsController {
         return responseRunners;
     }
 
+    @Get("/runners/laptime")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsRunner, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten runners by fastest laptime on your selected track (track by id).", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopRunnersByLaptime(@QueryParam("track") track: number) {
+        let scans = await getConnection().getRepository(TrackScan).find({ relations: ['track', 'runner', 'runner.group', 'runner.scans', 'runner.scans.track', 'runner.distanceDonations'] });
+        if (!scans || scans.length == 0) {
+            return [];
+        }
+        scans = scans.filter((s) => { return s.track.id == track && s.valid == true && s.lapTime != 0 }).sort((scan1, scan2) => scan1.lapTime - scan2.lapTime);
+
+        let topScans = new Array<TrackScan>();
+        let knownRunners = new Array<number>();
+        for (let i = 0; i < scans.length && topScans.length < 10; i++) {
+            const element = scans[i];
+            if (!knownRunners.includes(element.runner.id)) {
+                topScans.push(element);
+                knownRunners.push(element.runner.id);
+            }
+        }
+
+        let responseRunners: ResponseStatsRunner[] = new Array<ResponseStatsRunner>();
+        topScans.forEach(scan => {
+            responseRunners.push(new ResponseStatsRunner(scan.runner, scan.lapTime));
+        });
+        return responseRunners;
+    }
+
     @Get("/scans")
     @UseBefore(StatsAuth)
     @ResponseSchema(ResponseStatsRunner, { isArray: true })
@@ -71,8 +121,11 @@ export class StatsController {
     @ResponseSchema(ResponseStatsTeam, { isArray: true })
     @OpenAPI({ description: "Returns the top ten teams by distance.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
     async getTopTeamsByDistance() {
-        let teams = await getConnection().getRepository(RunnerTeam).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track'] });
-        let topTeams = teams.sort((team1, team2) => team1.distance - team2.distance).slice(0, 9);
+        let teams = await getConnection().getRepository(RunnerTeam).find({ relations: ['parentGroup', 'runners', 'runners.scans', 'runners.scans.track'] });
+        if (!teams || teams.length == 0) {
+            return [];
+        }
+        let topTeams = teams.sort((team1, team2) => team2.distance - team1.distance).slice(0, 10);
         let responseTeams: ResponseStatsTeam[] = new Array<ResponseStatsTeam>();
         topTeams.forEach(team => {
             responseTeams.push(new ResponseStatsTeam(team));
@@ -85,8 +138,11 @@ export class StatsController {
     @ResponseSchema(ResponseStatsTeam, { isArray: true })
     @OpenAPI({ description: "Returns the top ten teams by donations.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
     async getTopTeamsByDonations() {
-        let teams = await getConnection().getRepository(RunnerTeam).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track'] });
-        let topTeams = teams.sort((team1, team2) => team1.distanceDonationAmount - team2.distanceDonationAmount).slice(0, 9);
+        let teams = await getConnection().getRepository(RunnerTeam).find({ relations: ['parentGroup', 'runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track'] });
+        if (!teams || teams.length == 0) {
+            return [];
+        }
+        let topTeams = teams.sort((team1, team2) => team2.distanceDonationAmount - team1.distanceDonationAmount).slice(0, 10);
         let responseTeams: ResponseStatsTeam[] = new Array<ResponseStatsTeam>();
         topTeams.forEach(team => {
             responseTeams.push(new ResponseStatsTeam(team));
@@ -94,13 +150,16 @@ export class StatsController {
         return responseTeams;
     }
 
-    @Get("/organisations/distance")
+    @Get("/organizations/distance")
     @UseBefore(StatsAuth)
     @ResponseSchema(ResponseStatsOrgnisation, { isArray: true })
-    @OpenAPI({ description: "Returns the top ten organisations by distance.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    @OpenAPI({ description: "Returns the top ten organizations by distance.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
     async getTopOrgsByDistance() {
-        let orgs = await getConnection().getRepository(RunnerOrganisation).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.scans', 'teams.runners.distanceDonations', 'teams.runners.scans.track'] });
-        let topOrgs = orgs.sort((org1, org2) => org1.distance - org2.distance).slice(0, 9);
+        let orgs = await getConnection().getRepository(RunnerOrganization).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.scans', 'teams.runners.distanceDonations', 'teams.runners.scans.track'] });
+        if (!orgs || orgs.length == 0) {
+            return [];
+        }
+        let topOrgs = orgs.sort((org1, org2) => org2.distance - org1.distance).slice(0, 10);
         let responseOrgs: ResponseStatsOrgnisation[] = new Array<ResponseStatsOrgnisation>();
         topOrgs.forEach(org => {
             responseOrgs.push(new ResponseStatsOrgnisation(org));
@@ -108,13 +167,16 @@ export class StatsController {
         return responseOrgs;
     }
 
-    @Get("/organisations/donations")
+    @Get("/organizations/donations")
     @UseBefore(StatsAuth)
     @ResponseSchema(ResponseStatsOrgnisation, { isArray: true })
-    @OpenAPI({ description: "Returns the top ten organisations by donations.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    @OpenAPI({ description: "Returns the top ten organizations by donations.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
     async getTopOrgsByDonations() {
-        let orgs = await getConnection().getRepository(RunnerOrganisation).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.scans', 'teams.runners.distanceDonations', 'teams.runners.scans.track'] });
-        let topOrgs = orgs.sort((org1, org2) => org1.distanceDonationAmount - org2.distanceDonationAmount).slice(0, 9);
+        let orgs = await getConnection().getRepository(RunnerOrganization).find({ relations: ['runners', 'runners.distanceDonations', 'runners.distanceDonations.runner', 'runners.distanceDonations.runner.scans', 'runners.distanceDonations.runner.scans.track', 'teams', 'teams.runners', 'teams.runners.distanceDonations', 'teams.runners.distanceDonations.runner', 'teams.runners.distanceDonations.runner.scans', 'teams.runners.distanceDonations.runner.scans.track'] });
+        if (!orgs || orgs.length == 0) {
+            return [];
+        }
+        let topOrgs = orgs.sort((org1, org2) => org2.distanceDonationAmount - org1.distanceDonationAmount).slice(0, 10);
         let responseOrgs: ResponseStatsOrgnisation[] = new Array<ResponseStatsOrgnisation>();
         topOrgs.forEach(org => {
             responseOrgs.push(new ResponseStatsOrgnisation(org));

src/controllers/TrackController.ts

@@ -1,6 +1,6 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnectionManager } from 'typeorm';
 import { TrackHasScanStationsError, TrackIdsNotMatchingError, TrackLapTimeCantBeNegativeError, TrackNotFoundError } from "../errors/TrackErrors";
 import { CreateTrack } from '../models/actions/create/CreateTrack';
 import { UpdateTrack } from '../models/actions/update/UpdateTrack';
@@ -25,9 +25,17 @@ export class TrackController {
 	@Authorized("TRACK:GET")
 	@ResponseSchema(ResponseTrack, { isArray: true })
 	@OpenAPI({ description: 'Lists all tracks.' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
 		let responseTracks: ResponseTrack[] = new Array<ResponseTrack>();
-		const tracks = await this.trackRepository.find();
+		let tracks: Array<Track>;
+
+		if (page != undefined) {
+			tracks = await this.trackRepository.find({ skip: page * page_size, take: page_size });
+		}
+		else {
+			tracks = await this.trackRepository.find();
+		}
+
 		tracks.forEach(track => {
 			responseTracks.push(new ResponseTrack(track));
 		});

src/controllers/UserController.ts

@@ -1,7 +1,7 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
-import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
+import { Repository, getConnectionManager } from 'typeorm';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UserNotFoundError, UsernameContainsIllegalCharacterError } from '../errors/UserErrors';
 import { UserGroupNotFoundError } from '../errors/UserGroupErrors';
 import { CreateUser } from '../models/actions/create/CreateUser';
 import { UpdateUser } from '../models/actions/update/UpdateUser';
@@ -28,9 +28,17 @@ export class UserController {
 	@Authorized("USER:GET")
 	@ResponseSchema(ResponseUser, { isArray: true })
 	@OpenAPI({ description: 'Lists all users. <br> This includes their groups and permissions granted to them.' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
 		let responseUsers: ResponseUser[] = new Array<ResponseUser>();
-		const users = await this.userRepository.find({ relations: ['permissions', 'groups', 'groups.permissions'] });
+		let users: Array<User>;
+
+		if (page != undefined) {
+			users = await this.userRepository.find({ relations: ['permissions', 'groups', 'groups.permissions'], skip: page * page_size, take: page_size });
+		}
+		else {
+			users = await this.userRepository.find({ relations: ['permissions', 'groups', 'groups.permissions'] });
+		}
+
 		users.forEach(user => {
 			responseUsers.push(new ResponseUser(user));
 		});
@@ -66,6 +74,10 @@ export class UserController {
 	@ResponseSchema(ResponseUser)
 	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
+	@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
 	@OpenAPI({ description: 'Create a new user. <br> If you want to grant permissions to the user you have to create them seperately by posting to /api/permissions after creating the user.' })
 	async post(@Body({ validate: true }) createUser: CreateUser) {
 		let user;
@@ -85,6 +97,10 @@ export class UserController {
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
 	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
+	@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
 	@OpenAPI({ description: "Update the user whose id you provided. <br> To change the permissions directly granted to the user please use /api/permissions instead. <br> Please remember that ids can't be changed." })
 	async put(@Param('id') id: number, @Body({ validate: true }) updateUser: UpdateUser) {
 		let oldUser = await this.userRepository.findOne({ id: id });

src/controllers/UserGroupController.ts

@@ -1,13 +1,13 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
-import { EntityFromBody } from 'typeorm-routing-controllers-extensions';
+import { Repository, getConnectionManager } from 'typeorm';
 import { UserGroupIdsNotMatchingError, UserGroupNotFoundError } from '../errors/UserGroupErrors';
 import { CreateUserGroup } from '../models/actions/create/CreateUserGroup';
 import { UpdateUserGroup } from '../models/actions/update/UpdateUserGroup';
 import { UserGroup } from '../models/entities/UserGroup';
 import { ResponseEmpty } from '../models/responses/ResponseEmpty';
 import { ResponseUserGroup } from '../models/responses/ResponseUserGroup';
+import { ResponseUserGroupPermissions } from '../models/responses/ResponseUserGroupPermissions';
 import { PermissionController } from './PermissionController';
 
 
@@ -25,20 +25,44 @@ export class UserGroupController {
 
 	@Get()
 	@Authorized("USERGROUP:GET")
-	@ResponseSchema(UserGroup, { isArray: true })
+	@ResponseSchema(ResponseUserGroup, { isArray: true })
 	@OpenAPI({ description: 'Lists all groups. <br> The information provided might change while the project continues to evolve.' })
-	getAll() {
-		return this.userGroupsRepository.find({ relations: ["permissions"] });
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
+		let responseGroups: ResponseUserGroup[] = new Array<ResponseUserGroup>();
+		let groups: Array<UserGroup>;
+
+		if (page != undefined) {
+			groups = await this.userGroupsRepository.find({ relations: ['permissions'], skip: page * page_size, take: page_size });
+		} else {
+			groups = await this.userGroupsRepository.find({ relations: ['permissions'] });
+		}
+
+		groups.forEach(group => {
+			responseGroups.push(group.toResponse());
+		});
+		return responseGroups;
 	}
 
 	@Get('/:id')
 	@Authorized("USERGROUP:GET")
-	@ResponseSchema(UserGroup)
+	@ResponseSchema(ResponseUserGroup)
 	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
 	@OnUndefined(UserGroupNotFoundError)
 	@OpenAPI({ description: 'Lists all information about the group whose id got provided. <br> The information provided might change while the project continues to evolve.' })
-	getOne(@Param('id') id: number) {
-		return this.userGroupsRepository.findOne({ id: id }, { relations: ["permissions"] });
+	async getOne(@Param('id') id: number) {
+		return await (await (this.userGroupsRepository.findOne({ id: id }, { relations: ["permissions"] }))).toResponse();
+	}
+
+	@Get('/:id/permissions')
+	@Authorized("USERGROUP:GET")
+	@ResponseSchema(ResponseUserGroupPermissions)
+	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
+	@OnUndefined(UserGroupNotFoundError)
+	@OpenAPI({ description: 'Lists all permissions granted to the group as permission response objects.' })
+	async getPermissions(@Param('id') id: number) {
+		let group = await this.userGroupsRepository.findOne({ id: id }, { relations: ['permissions', 'permissions.principal'] })
+		if (!group) { throw new UserGroupNotFoundError(); }
+		return new ResponseUserGroupPermissions(group);
 	}
 
 	@Post()
@@ -54,7 +78,8 @@ export class UserGroupController {
 			throw error;
 		}
 
-		return this.userGroupsRepository.save(userGroup);
+		userGroup = await this.userGroupsRepository.save(userGroup);
+		return (await (this.userGroupsRepository.findOne({ id: userGroup.id }, { relations: ["permissions"] }))).toResponse();
 	}
 
 	@Put('/:id')
@@ -63,7 +88,7 @@ export class UserGroupController {
 	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserGroupIdsNotMatchingError, { statusCode: 406 })
 	@OpenAPI({ description: "Update the group whose id you provided. <br> To change the permissions granted to the group please use /api/permissions instead. <br> Please remember that ids can't be changed." })
-	async put(@Param('id') id: number, @EntityFromBody() updateGroup: UpdateUserGroup) {
+	async put(@Param('id') id: number, @Body({ validate: true }) updateGroup: UpdateUserGroup) {
 		let oldGroup = await this.userGroupsRepository.findOne({ id: id });
 
 		if (!oldGroup) {
@@ -75,7 +100,7 @@ export class UserGroupController {
 		}
 		await this.userGroupsRepository.save(await updateGroup.update(oldGroup));
 
-		return (await this.userGroupsRepository.findOne({ id: id }, { relations: ['permissions', 'groups'] })).toResponse();
+		return (await this.userGroupsRepository.findOne({ id: id }, { relations: ['permissions'] })).toResponse();
 	}
 
 	@Delete('/:id')
@@ -85,7 +110,7 @@ export class UserGroupController {
 	@OnUndefined(204)
 	@OpenAPI({ description: 'Delete the group whose id you provided. <br> If there are any permissions directly granted to the group they will get deleted as well. <br> Users associated with this group won\'t get deleted - just deassociated. <br> If no group with this id exists it will just return 204(no content).' })
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
-		let group = await this.userGroupsRepository.findOne({ id: id }, { relations: ["permissions"] });
+		let group = await this.userGroupsRepository.findOne({ id: id });
 		if (!group) { return null; }
 		const responseGroup = await this.userGroupsRepository.findOne({ id: id }, { relations: ['permissions'] });
 

src/errors/MailErrors.ts

@@ -0,0 +1,17 @@
+import { IsString } from 'class-validator';
+import { InternalServerError } from 'routing-controllers';
+
+/**
+ * Error to throw when a permission couldn't be found.
+ */
+export class MailSendingError extends InternalServerError {
+    @IsString()
+    name = "MailSendingError"
+
+    @IsString()
+    message = "We had a problem sending the mail!"
+
+    constructor() {
+        super("We had a problem sending the mail!");
+    }
+}

src/errors/RunnerErrors.ts

@@ -32,7 +32,29 @@ export class RunnerGroupNeededError extends NotAcceptableError {
 	name = "RunnerGroupNeededError"
 
 	@IsString()
-	message = "Runner's need to be part of one group (team or organisation)! \n You provided neither."
+	message = "Runner's need to be part of one group (team or organization)! \n You provided neither."
+}
+
+/**
+ * Error to throw when a citizen runner has no mail-address.
+ */
+export class RunnerEmailNeededError extends NotAcceptableError {
+	@IsString()
+	name = "RunnerEmailNeededError"
+
+	@IsString()
+	message = "Citizenrunners have to provide an email address for verification and contacting."
+}
+
+/**
+ * Error to throw when a runner already requested a new selfservice link in the last 30s.
+ */
+export class RunnerSelfserviceTimeoutError extends NotAcceptableError {
+	@IsString()
+	name = "RunnerSelfserviceTimeoutError"
+
+	@IsString()
+	message = "You can only reqest a new token every 30s."
 }
 
 /**

src/errors/RunnerOrganisationErrors.ts

@@ -1,58 +0,0 @@
-import { IsString } from 'class-validator';
-import { NotAcceptableError, NotFoundError } from 'routing-controllers';
-
-/**
- * Error to throw when a runner organisation couldn't be found.
- */
-export class RunnerOrganisationNotFoundError extends NotFoundError {
-	@IsString()
-	name = "RunnerOrganisationNotFoundError"
-
-	@IsString()
-	message = "RunnerOrganisation not found!"
-}
-
-/**
- * Error to throw when two runner organisation's ids don't match.
- * Usually occurs when a user tries to change a runner organisation's id.
- */
-export class RunnerOrganisationIdsNotMatchingError extends NotAcceptableError {
-	@IsString()
-	name = "RunnerOrganisationIdsNotMatchingError"
-
-	@IsString()
-	message = "The ids don't match! \n And if you wanted to change a runner organisation's id: This isn't allowed!"
-}
-
-/**
- * Error to throw when a organisation still has runners associated.
- */
-export class RunnerOrganisationHasRunnersError extends NotAcceptableError {
-	@IsString()
-	name = "RunnerOrganisationHasRunnersError"
-
-	@IsString()
-	message = "This organisation still has runners associated with it. \n If you want to delete this organisation with all it's runners and teams add `?force` to your query."
-}
-
-/**
- * Error to throw when a organisation still has teams associated.
- */
-export class RunnerOrganisationHasTeamsError extends NotAcceptableError {
-	@IsString()
-	name = "RunnerOrganisationHasTeamsError"
-
-	@IsString()
-	message = "This organisation still has teams associated with it. \n If you want to delete this organisation with all it's runners and teams add `?force` to your query."
-}
-
-/**
- * Error to throw, when a provided runnerOrganisation doesn't belong to the accepted types.
- */
-export class RunnerOrganisationWrongTypeError extends NotAcceptableError {
-	@IsString()
-	name = "RunnerOrganisationWrongTypeError"
-
-	@IsString()
-	message = "The runner organisation must be an existing organisation's id. \n You provided a object of another type."
-}

src/errors/RunnerOrganizationErrors.ts

@@ -0,0 +1,58 @@
+import { IsString } from 'class-validator';
+import { NotAcceptableError, NotFoundError } from 'routing-controllers';
+
+/**
+ * Error to throw when a runner organization couldn't be found.
+ */
+export class RunnerOrganizationNotFoundError extends NotFoundError {
+	@IsString()
+	name = "RunnerOrganizationNotFoundError"
+
+	@IsString()
+	message = "RunnerOrganization not found!"
+}
+
+/**
+ * Error to throw when two runner organization's ids don't match.
+ * Usually occurs when a user tries to change a runner organization's id.
+ */
+export class RunnerOrganizationIdsNotMatchingError extends NotAcceptableError {
+	@IsString()
+	name = "RunnerOrganizationIdsNotMatchingError"
+
+	@IsString()
+	message = "The ids don't match! \n And if you wanted to change a runner organization's id: This isn't allowed!"
+}
+
+/**
+ * Error to throw when a organization still has runners associated.
+ */
+export class RunnerOrganizationHasRunnersError extends NotAcceptableError {
+	@IsString()
+	name = "RunnerOrganizationHasRunnersError"
+
+	@IsString()
+	message = "This organization still has runners associated with it. \n If you want to delete this organization with all it's runners and teams add `?force` to your query."
+}
+
+/**
+ * Error to throw when a organization still has teams associated.
+ */
+export class RunnerOrganizationHasTeamsError extends NotAcceptableError {
+	@IsString()
+	name = "RunnerOrganizationHasTeamsError"
+
+	@IsString()
+	message = "This organization still has teams associated with it. \n If you want to delete this organization with all it's runners and teams add `?force` to your query."
+}
+
+/**
+ * Error to throw, when a provided runnerOrganization doesn't belong to the accepted types.
+ */
+export class RunnerOrganizationWrongTypeError extends NotAcceptableError {
+	@IsString()
+	name = "RunnerOrganizationWrongTypeError"
+
+	@IsString()
+	message = "The runner organization must be an existing organization's id. \n You provided a object of another type."
+}

src/errors/RunnerTeamErrors.ts

@@ -43,5 +43,5 @@ export class RunnerTeamNeedsParentError extends NotAcceptableError {
 	name = "RunnerTeamNeedsParentError"
 
 	@IsString()
-	message = "You provided no runner organisation as this team's parent group."
+	message = "You provided no runner organization as this team's parent group."
 }

src/errors/UserErrors.ts

@@ -71,4 +71,33 @@ export class UserDeletionNotConfirmedError extends NotAcceptableError {
 
 	@IsString()
 	message = "You are trying to delete a user! \n If you're sure about doing this: provide the ?force=true query param."
+}
+
+export class PasswordMustContainUppercaseLetterError extends NotAcceptableError {
+	@IsString()
+	name = "PasswordMustContainUppercaseLetterError"
+
+	@IsString()
+	message = "Passwords must contain at least one uppercase letter."
+}
+export class PasswordMustContainLowercaseLetterError extends NotAcceptableError {
+	@IsString()
+	name = "PasswordMustContainLowercaseLetterError"
+
+	@IsString()
+	message = "Passwords must contain at least one lowercase letter."
+}
+export class PasswordMustContainNumberError extends NotAcceptableError {
+	@IsString()
+	name = "PasswordMustContainNumberError"
+
+	@IsString()
+	message = "Passwords must contain at least one number."
+}
+export class PasswordTooShortError extends NotAcceptableError {
+	@IsString()
+	name = "PasswordTooShortError"
+
+	@IsString()
+	message = "Passwords must be at least ten characters long."
 }

src/jwtcreator.ts

@@ -1,6 +1,7 @@
 import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsString, IsUUID } from 'class-validator';
 import * as jsonwebtoken from "jsonwebtoken";
 import { config } from './config';
+import { Runner } from './models/entities/Runner';
 import { User } from './models/entities/User';
 
 /**
@@ -34,6 +35,19 @@ export class JwtCreator {
         }, config.jwt_secret)
     }
 
+    /**
+     * Creates a new selfservice token for a given runner.
+     * @param runner Runner entity that the access token shall be created for.
+     * @param expiry_timestamp Timestamp for the token expiry. Will be set about 9999 years if none provided.
+     */
+    public static createSelfService(runner: Runner, expiry_timestamp?: number) {
+        if (!expiry_timestamp) { expiry_timestamp = Math.floor(Date.now() / 1000) + 36000 * 60 * 24 * 365 * 9999; }
+        return jsonwebtoken.sign({
+            id: runner.id,
+            exp: expiry_timestamp
+        }, config.jwt_secret)
+    }
+
     /**
      * Creates a new password reset token for a given user.
      * The token is valid for 15 minutes or 1 use - whatever comes first.

src/loaders/database.ts

@@ -1,6 +1,9 @@
 import { createConnection } from "typeorm";
 import { runSeeder } from 'typeorm-seeding';
-import { User } from '../models/entities/User';
+import { config } from '../config';
+import { ConfigFlag } from '../models/entities/ConfigFlags';
+import SeedPublicOrg from '../seeds/SeedPublicOrg';
+import SeedTestRunners from '../seeds/SeedTestRunners';
 import SeedUsers from '../seeds/SeedUsers';
 /**
  * Loader for the database that creates the database connection and initializes the database tabels.
@@ -9,8 +12,20 @@ import SeedUsers from '../seeds/SeedUsers';
 export default async () => {
     const connection = await createConnection();
     await connection.synchronize();
-    if (await connection.getRepository(User).count() === 0) {
+
+    //The data seeding part
+    if (!(await connection.getRepository(ConfigFlag).findOne({ option: "seeded:user", value: "true" }))) {
         await runSeeder(SeedUsers);
+        await connection.getRepository(ConfigFlag).save({ option: "seeded:user", value: "true" });
     }
+    if (!(await connection.getRepository(ConfigFlag).findOne({ option: "seeded:citizenorg", value: "true" }))) {
+        await runSeeder(SeedPublicOrg);
+        await connection.getRepository(ConfigFlag).save({ option: "seeded:citizenorg", value: "true" });
+    }
+    if (!(await connection.getRepository(ConfigFlag).findOne({ option: "seeded:testdata", value: "true" })) && config.seedTestData == true) {
+        await runSeeder(SeedTestRunners);
+        await connection.getRepository(ConfigFlag).save({ option: "seeded:testdata", value: "true" });
+    }
+
     return connection;
 };

src/mailer.ts

@@ -0,0 +1,102 @@
+import axios from 'axios';
+import { config } from './config';
+import { MailSendingError } from './errors/MailErrors';
+
+/**
+ * This class is responsible for all things mail sending.
+ * This uses axios to communicate with the mailer api (https://git.odit.services/lfk/mailer).
+ */
+export class Mailer {
+    public static base: string = config.mailer_url;
+    public static key: string = config.mailer_key;
+    public static testing: boolean = config.testing;
+
+    /**
+     * Function for sending a password reset mail.
+     * @param to_address The address the mail will be sent to. Should always get pulled from a user object.
+     * @param token The requested password reset token - will be combined with the app_url to generate a password reset link.
+     */
+    public static async sendResetMail(to_address: string, token: string, locale: string = "en") {
+        try {
+            await axios.request({
+                method: 'POST',
+                url: `${Mailer.base}/api/v1/email`,
+                headers: {
+                    authorization: `Bearer ${Mailer.key}`,
+                    'content-type': 'application/json'
+                },
+                data: {
+                    to: to_address,
+                    templateName: 'password-reset',
+                    language: locale,
+                    data: { token: token }
+                }
+            });
+        } catch (error) {
+            if (Mailer.testing) { return true; }
+            throw new MailSendingError();
+        }
+    }
+
+    /**
+     * Function for sending a runner selfservice welcome mail.
+     * @param to_address The address the mail will be sent to. Should always get pulled from a runner object.
+     * @param token The requested selfservice token - will be combined with the app_url to generate a selfservice profile link.
+    */
+    public static async sendSelfserviceWelcomeMail(to_address: string, runner_id: number, firstname: string, middlename: string, lastname: string, token: string, locale: string = "en") {
+        try {
+            await axios.request({
+                method: 'POST',
+                url: `${Mailer.base}/api/v1/email`,
+                headers: {
+                    authorization: `Bearer ${Mailer.key}`,
+                    'content-type': 'application/json'
+                },
+                data: {
+                    to: to_address,
+                    templateName: 'welcome',
+                    language: locale,
+                    data: {
+                        name: `${firstname} ${middlename} ${lastname}`,
+                        barcode_content: `${runner_id}`,
+                        link: `${process.env.SELFSERVICE_URL}/profile/${token}`
+                    }
+                }
+            });
+        } catch (error) {
+            if (Mailer.testing) { return true; }
+            throw new MailSendingError();
+        }
+    }
+
+    /**
+     * Function for sending a runner selfservice link forgotten mail.
+     * @param to_address The address the mail will be sent to. Should always get pulled from a runner object.
+     * @param token The requested selfservice token - will be combined with the app_url to generate a selfservice profile link.
+    */
+    public static async sendSelfserviceForgottenMail(to_address: string, runner_id: number, firstname: string, middlename: string, lastname: string, token: string, locale: string = "en") {
+        try {
+            await axios.request({
+                method: 'POST',
+                url: `${Mailer.base}/api/v1/email`,
+                headers: {
+                    authorization: `Bearer ${Mailer.key}`,
+                    'content-type': 'application/json'
+                },
+                data: {
+                    to: to_address,
+                    templateName: 'welcome',
+                    language: locale,
+                    data: {
+                        name: `${firstname} ${middlename} ${lastname}`,
+                        barcode_content: `${runner_id}`,
+                        link: `${process.env.SELFSERVICE_URL}/profile/${token}`
+                    }
+                }
+            });
+        } catch (error) {
+            if (Mailer.testing) { return true; }
+            throw new MailSendingError();
+        }
+    }
+}

src/middlewares/ScanAuth.ts

@@ -1,4 +1,4 @@
-import * as argon2 from "argon2";
+import { verify } from '@node-rs/argon2';
 import { Request, Response } from 'express';
 import { getConnectionManager } from 'typeorm';
 import { ScanStation } from '../models/entities/ScanStation';
@@ -15,14 +15,14 @@ import authchecker from './authchecker';
 const ScanAuth = async (req: Request, res: Response, next: () => void) => {
     let provided_token: string = req.headers["authorization"];
     if (provided_token == "" || provided_token === undefined || provided_token === null) {
-        res.status(401).send("No api token provided.");
+        res.status(401).send({ http_code: 401, short: "no_token", message: "No api token provided." });
         return;
     }
 
     try {
         provided_token = provided_token.replace("Bearer ", "");
     } catch (error) {
-        res.status(401).send("No valid jwt or api token provided.");
+        res.status(401).send({ http_code: 401, short: "no_token", message: "No valid jwt or api token provided." });
         return;
     }
 
@@ -32,7 +32,7 @@ const ScanAuth = async (req: Request, res: Response, next: () => void) => {
     }
     finally {
         if (prefix == "" || prefix == undefined || prefix == null) {
-            res.status(401).send("Api token non-existent or invalid syntax.");
+            res.status(401).send({ http_code: 401, short: "invalid_token", message: "Api token non-existent or invalid syntax." });
             return;
         }
     }
@@ -46,7 +46,7 @@ const ScanAuth = async (req: Request, res: Response, next: () => void) => {
         }
         finally {
             if (user_authorized == false) {
-                res.status(401).send("Api token non-existent or invalid syntax.");
+                res.status(401).send({ http_code: 401, short: "invalid_token", message: "Api token non-existent or invalid syntax." });
                 return;
             }
             else {
@@ -56,13 +56,13 @@ const ScanAuth = async (req: Request, res: Response, next: () => void) => {
     }
     else {
         if (station.enabled == false) {
-            res.status(401).send("Station disabled.");
+            res.status(401).send({ http_code: 401, short: "station_disabled", message: "Station is disabled." });
         }
-        if (!(await argon2.verify(station.key, provided_token))) {
-            res.status(401).send("Api token invalid.");
+        if (!(await verify(station.key, provided_token))) {
+            res.status(401).send({ http_code: 401, short: "invalid_token", message: "Api token non-existent or invalid syntax." });
             return;
         }
-
+        req.headers["station_id"] = station.id.toString();
         next();
     }
 }

src/middlewares/StatsAuth.ts

@@ -1,4 +1,4 @@
-import * as argon2 from "argon2";
+import { verify } from '@node-rs/argon2';
 import { Request, Response } from 'express';
 import { getConnectionManager } from 'typeorm';
 import { StatsClient } from '../models/entities/StatsClient';
@@ -42,7 +42,7 @@ const StatsAuth = async (req: Request, res: Response, next: () => void) => {
         let user_authorized = false;
         try {
             let action = { request: req, response: res, context: null, next: next }
-            user_authorized = await authchecker(action, ["RUNNER:GET", "TEAM:GET", "ORGANISATION:GET"]);
+            user_authorized = await authchecker(action, ["RUNNER:GET", "TEAM:GET", "ORGANIZATION:GET"]);
         }
         finally {
             if (user_authorized == false) {
@@ -55,7 +55,7 @@ const StatsAuth = async (req: Request, res: Response, next: () => void) => {
         }
     }
     else {
-        if (!(await argon2.verify(client.key, provided_token))) {
+        if (!(await verify(client.key, provided_token))) {
             res.status(401).send("Api token invalid.");
             return;
         }

src/models/actions/ImportRunner.ts

@@ -1,9 +1,9 @@
 import { IsNotEmpty, IsOptional, IsString } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import { RunnerGroupNeededError } from '../../errors/RunnerErrors';
-import { RunnerOrganisationNotFoundError } from '../../errors/RunnerOrganisationErrors';
+import { RunnerOrganizationNotFoundError } from '../../errors/RunnerOrganizationErrors';
 import { RunnerGroup } from '../entities/RunnerGroup';
-import { RunnerOrganisation } from '../entities/RunnerOrganisation';
+import { RunnerOrganization } from '../entities/RunnerOrganization';
 import { RunnerTeam } from '../entities/RunnerTeam';
 import { CreateRunner } from './create/CreateRunner';
 
@@ -78,9 +78,9 @@ export class ImportRunner {
         let team = await getConnectionManager().get().getRepository(RunnerTeam).findOne({ id: groupID });
         if (team) { return team; }
 
-        let org = await getConnectionManager().get().getRepository(RunnerOrganisation).findOne({ id: groupID });
+        let org = await getConnectionManager().get().getRepository(RunnerOrganization).findOne({ id: groupID });
         if (!org) {
-            throw new RunnerOrganisationNotFoundError();
+            throw new RunnerOrganizationNotFoundError();
         }
         if (this.team === undefined) { return org; }
 

src/models/actions/ResetPassword.ts

@@ -1,4 +1,4 @@
-import * as argon2 from "argon2";
+import { hash } from '@node-rs/argon2';
 import { IsNotEmpty, IsOptional, IsString } from 'class-validator';
 import * as jsonwebtoken from 'jsonwebtoken';
 import { getConnectionManager } from 'typeorm';
@@ -49,7 +49,7 @@ export class ResetPassword {
         if (found_user.refreshTokenCount !== decoded["refreshTokenCount"]) { throw new RefreshTokenCountInvalidError(); }
 
         found_user.refreshTokenCount = found_user.refreshTokenCount + 1;
-        found_user.password = await argon2.hash(this.password + found_user.uuid);
+        found_user.password = await hash(this.password + found_user.uuid);
         await getConnectionManager().get().getRepository(User).save(found_user);
 
         return "password reset successfull";

src/models/actions/create/CreateAnonymousDonation.ts

@@ -0,0 +1,29 @@
+import { IsInt, IsPositive } from 'class-validator';
+import { FixedDonation } from '../../entities/FixedDonation';
+import { CreateDonation } from './CreateDonation';
+
+/**
+ * This class is used to create a new FixedDonation entity from a json body (post request).
+ */
+export class CreateAnonymousDonation extends CreateDonation {
+
+    /**
+     * The donation's amount.
+     * The unit is your currency's smallest unit (default: euro cent).
+     */
+    @IsInt()
+    @IsPositive()
+    amount: number;
+
+    /**
+     * Creates a new FixedDonation entity from this.
+     */
+    public async toEntity(): Promise<FixedDonation> {
+        let newDonation = new FixedDonation;
+
+        newDonation.amount = this.amount;
+        newDonation.paidAmount = this.amount;
+
+        return newDonation;
+    }
+}

src/models/actions/create/CreateAuth.ts

@@ -1,4 +1,4 @@
-import * as argon2 from "argon2";
+import { verify } from '@node-rs/argon2';
 import { IsEmail, IsNotEmpty, IsOptional, IsString } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import { InvalidCredentialsError, PasswordNeededError, UserDisabledError, UserNotFoundError } from '../../../errors/AuthError';
@@ -56,16 +56,16 @@ export class CreateAuth {
             throw new UserNotFoundError();
         }
         if (found_user.enabled == false) { throw new UserDisabledError(); }
-        if (!(await argon2.verify(found_user.password, this.password + found_user.uuid))) {
+        if (!(await verify(found_user.password, this.password + found_user.uuid))) {
             throw new InvalidCredentialsError();
         }
 
         //Create the access token
-        const timestamp_accesstoken_expiry = Math.floor(Date.now() / 1000) + 5 * 60
+        const timestamp_accesstoken_expiry = Math.floor(Date.now() / 1000) + 24 * 60 * 60
         newAuth.access_token = JwtCreator.createAccess(found_user, timestamp_accesstoken_expiry);
         newAuth.access_token_expires_at = timestamp_accesstoken_expiry
         //Create the refresh token
-        const timestamp_refresh_expiry = Math.floor(Date.now() / 1000) + 10 * 36000
+        const timestamp_refresh_expiry = Math.floor(Date.now() / 1000) + 7 * 24 * 60 * 60
         newAuth.refresh_token = JwtCreator.createRefresh(found_user, timestamp_refresh_expiry);
         newAuth.refresh_token_expires_at = timestamp_refresh_expiry
         return newAuth;

src/models/actions/create/CreateDistanceDonation.ts

@@ -1,4 +1,4 @@
-import { IsInt, IsPositive } from 'class-validator';
+import { IsInt, IsOptional, IsPositive } from 'class-validator';
 import { getConnection } from 'typeorm';
 import { RunnerNotFoundError } from '../../../errors/RunnerErrors';
 import { DistanceDonation } from '../../entities/DistanceDonation';
@@ -10,6 +10,21 @@ import { CreateDonation } from './CreateDonation';
  */
 export class CreateDistanceDonation extends CreateDonation {
 
+    /**
+     * The donation's associated donor's id.
+     * This is important to link donations to donors.
+     */
+    @IsInt()
+    @IsPositive()
+    donor: number;
+
+    /**
+     * The donation's paid amount in the smalles unit of your currency (default: euro cent).
+     */
+    @IsInt()
+    @IsOptional()
+    paidAmount?: number;
+
     /**
      * The donation's associated runner's id.
      * This is important to link the runner's distance ran to the donation.
@@ -33,6 +48,7 @@ export class CreateDistanceDonation extends CreateDonation {
         let newDonation = new DistanceDonation;
 
         newDonation.amountPerDistance = this.amountPerDistance;
+        newDonation.paidAmount = this.paidAmount;
         newDonation.donor = await this.getDonor();
         newDonation.runner = await this.getRunner();
 

src/models/actions/create/CreateDonation.ts

@@ -1,6 +1,5 @@
-import { IsInt, IsPositive } from 'class-validator';
+import { IsInt, IsOptional } from 'class-validator';
 import { getConnection } from 'typeorm';
-import { DonorNotFoundError } from '../../../errors/DonorErrors';
 import { Donation } from '../../entities/Donation';
 import { Donor } from '../../entities/Donor';
 
@@ -8,14 +7,14 @@ import { Donor } from '../../entities/Donor';
  * This class is used to create a new Donation entity from a json body (post request).
  */
 export abstract class CreateDonation {
-    /**
-     * The donation's associated donor's id.
-     * This is important to link donations to donors.
-     */
     @IsInt()
-    @IsPositive()
+    @IsOptional()
     donor: number;
 
+    @IsInt()
+    @IsOptional()
+    paidAmount?: number;
+
     /**
      * Creates a new Donation entity from this.
      */
@@ -26,9 +25,6 @@ export abstract class CreateDonation {
      */
     public async getDonor(): Promise<Donor> {
         const donor = await getConnection().getRepository(Donor).findOne({ id: this.donor });
-        if (!donor) {
-            throw new DonorNotFoundError();
-        }
         return donor;
     }
 }

src/models/actions/create/CreateFixedDonation.ts

@@ -6,6 +6,21 @@ import { CreateDonation } from './CreateDonation';
  * This class is used to create a new FixedDonation entity from a json body (post request).
  */
 export class CreateFixedDonation extends CreateDonation {
+
+    /**
+     * The donation's associated donor's id.
+     * This is important to link donations to donors.
+     */
+    @IsInt()
+    @IsPositive()
+    donor: number;
+
+    /**
+     * The donation's paid amount in the smalles unit of your currency (default: euro cent).
+     */
+    @IsInt()
+    paidAmount?: number;
+
     /**
      * The donation's amount.
      * The unit is your currency's smallest unit (default: euro cent).
@@ -21,6 +36,7 @@ export class CreateFixedDonation extends CreateDonation {
         let newDonation = new FixedDonation;
 
         newDonation.amount = this.amount;
+        newDonation.paidAmount = this.paidAmount;
         newDonation.donor = await this.getDonor();
 
         return newDonation;

src/models/actions/create/CreateParticipant.ts

@@ -50,4 +50,11 @@ export abstract class CreateParticipant {
     @IsOptional()
     @IsObject()
     address?: Address;
+
+    /**
+     * how the participant got into the system
+     */
+    @IsOptional()
+    @IsString()
+    created_via?: string;
 }

src/models/actions/create/CreateResetToken.ts

@@ -1,39 +1,33 @@
-import { IsEmail, IsOptional, IsString } from 'class-validator';
+import { IsEmail, IsNotEmpty, IsString } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import { ResetAlreadyRequestedError, UserDisabledError, UserNotFoundError } from '../../../errors/AuthError';
-import { UsernameOrEmailNeededError } from '../../../errors/UserErrors';
+import { UserEmailNeededError } from '../../../errors/UserErrors';
 import { JwtCreator } from '../../../jwtcreator';
 import { User } from '../../entities/User';
 
 /**
- * This calss is used to create password reset tokens for users.
+ * This class is used to create password reset tokens for users.
  * These password reset token can be used to set a new password for the user for the next 15mins.
  */
 export class CreateResetToken {
-    /**
-     * The username of the user that wants to reset their password.
-     */
-    @IsOptional()
-    @IsString()
-    username?: string;
 
     /**
      * The email address of the user that wants to reset their password.
      */
-    @IsOptional()
+    @IsNotEmpty()
     @IsEmail()
     @IsString()
-    email?: string;
+    email: string;
 
 
     /**
      * Create a password reset token based on this.
      */
-    public async toResetToken(): Promise<any> {
-        if (this.email === undefined && this.username === undefined) {
-            throw new UsernameOrEmailNeededError();
+    public async toResetToken(): Promise<string> {
+        if (!this.email) {
+            throw new UserEmailNeededError();
         }
-        let found_user = await getConnectionManager().get().getRepository(User).findOne({ where: [{ username: this.username }, { email: this.email }] });
+        let found_user = await getConnectionManager().get().getRepository(User).findOne({ where: [{ email: this.email }] });
         if (!found_user) { throw new UserNotFoundError(); }
         if (found_user.enabled == false) { throw new UserDisabledError(); }
         if (found_user.resetRequestedTimestamp > (Math.floor(Date.now() / 1000) - 15 * 60)) { throw new ResetAlreadyRequestedError(); }
@@ -43,7 +37,7 @@ export class CreateResetToken {
         await getConnectionManager().get().getRepository(User).save(found_user);
 
         //Create the reset token
-        let reset_token = JwtCreator.createReset(found_user);
+        let reset_token: string = JwtCreator.createReset(found_user);
 
         return reset_token;
     }

src/models/actions/create/CreateRunner.ts

@@ -1,7 +1,7 @@
 import { IsInt } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import { RunnerGroupNotFoundError } from '../../../errors/RunnerGroupErrors';
-import { RunnerOrganisationWrongTypeError } from '../../../errors/RunnerOrganisationErrors';
+import { RunnerOrganizationWrongTypeError } from '../../../errors/RunnerOrganizationErrors';
 import { RunnerTeamNeedsParentError } from '../../../errors/RunnerTeamErrors';
 import { Address } from '../../entities/Address';
 import { Runner } from '../../entities/Runner';
@@ -32,6 +32,9 @@ export class CreateRunner extends CreateParticipant {
         newRunner.email = this.email;
         newRunner.group = await this.getGroup();
         newRunner.address = this.address;
+        if (this.created_via) {
+            newRunner.created_via = this.created_via;
+        }
         Address.validate(newRunner.address);
 
         return newRunner;
@@ -50,6 +53,6 @@ export class CreateRunner extends CreateParticipant {
             return group;
         }
 
-        throw new RunnerOrganisationWrongTypeError;
+        throw new RunnerOrganizationWrongTypeError;
     }
 }

src/models/actions/create/CreateRunnerOrganisation.ts

@@ -1,30 +0,0 @@
-import { IsObject, IsOptional } from 'class-validator';
-import { Address } from '../../entities/Address';
-import { RunnerOrganisation } from '../../entities/RunnerOrganisation';
-import { CreateRunnerGroup } from './CreateRunnerGroup';
-
-/**
- * This classed is used to create a new RunnerOrganisation entity from a json body (post request).
- */
-export class CreateRunnerOrganisation extends CreateRunnerGroup {
-    /**
-     * The new organisation's address.
-     */
-    @IsOptional()
-    @IsObject()
-    address?: Address;
-
-    /**
-     * Creates a new RunnerOrganisation entity from this.
-     */
-    public async toEntity(): Promise<RunnerOrganisation> {
-        let newRunnerOrganisation: RunnerOrganisation = new RunnerOrganisation();
-
-        newRunnerOrganisation.name = this.name;
-        newRunnerOrganisation.contact = await this.getContact();
-        newRunnerOrganisation.address = this.address;
-        Address.validate(newRunnerOrganisation.address);
-
-        return newRunnerOrganisation;
-    }
-}

src/models/actions/create/CreateRunnerOrganization.ts

@@ -0,0 +1,43 @@
+import { IsBoolean, IsObject, IsOptional } from 'class-validator';
+import * as uuid from 'uuid';
+import { Address } from '../../entities/Address';
+import { RunnerOrganization } from '../../entities/RunnerOrganization';
+import { CreateRunnerGroup } from './CreateRunnerGroup';
+
+
+/**
+ * This classed is used to create a new RunnerOrganization entity from a json body (post request).
+ */
+export class CreateRunnerOrganization extends CreateRunnerGroup {
+    /**
+     * The new organization's address.
+     */
+    @IsOptional()
+    @IsObject()
+    address?: Address;
+
+    /**
+     * Is registration enabled for the new organization?
+     */
+    @IsOptional()
+    @IsBoolean()
+    registrationEnabled?: boolean = false;
+
+    /**
+     * Creates a new RunnerOrganization entity from this.
+     */
+    public async toEntity(): Promise<RunnerOrganization> {
+        let newRunnerOrganization: RunnerOrganization = new RunnerOrganization();
+
+        newRunnerOrganization.name = this.name;
+        newRunnerOrganization.contact = await this.getContact();
+        newRunnerOrganization.address = this.address;
+        Address.validate(newRunnerOrganization.address);
+
+        if (this.registrationEnabled) {
+            newRunnerOrganization.key = uuid.v4().toUpperCase();
+        }
+
+        return newRunnerOrganization;
+    }
+}

src/models/actions/create/CreateRunnerTeam.ts

@@ -1,8 +1,8 @@
 import { IsInt, IsNotEmpty } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
-import { RunnerOrganisationNotFoundError } from '../../../errors/RunnerOrganisationErrors';
+import { RunnerOrganizationNotFoundError } from '../../../errors/RunnerOrganizationErrors';
 import { RunnerTeamNeedsParentError } from '../../../errors/RunnerTeamErrors';
-import { RunnerOrganisation } from '../../entities/RunnerOrganisation';
+import { RunnerOrganization } from '../../entities/RunnerOrganization';
 import { RunnerTeam } from '../../entities/RunnerTeam';
 import { CreateRunnerGroup } from './CreateRunnerGroup';
 
@@ -21,12 +21,12 @@ export class CreateRunnerTeam extends CreateRunnerGroup {
     /**
      * Gets the new team's parent org based on it's id.
      */
-    public async getParent(): Promise<RunnerOrganisation> {
+    public async getParent(): Promise<RunnerOrganization> {
         if (this.parentGroup === undefined || this.parentGroup === null) {
             throw new RunnerTeamNeedsParentError();
         }
-        let parentGroup = await getConnectionManager().get().getRepository(RunnerOrganisation).findOne({ id: this.parentGroup });
-        if (!parentGroup) { throw new RunnerOrganisationNotFoundError();; }
+        let parentGroup = await getConnectionManager().get().getRepository(RunnerOrganization).findOne({ id: this.parentGroup });
+        if (!parentGroup) { throw new RunnerOrganizationNotFoundError();; }
         return parentGroup;
     }
 

src/models/actions/create/CreateScanStation.ts

@@ -1,4 +1,4 @@
-import * as argon2 from "argon2";
+import { hash } from '@node-rs/argon2';
 import { IsBoolean, IsInt, IsOptional, IsPositive, IsString } from 'class-validator';
 import crypto from 'crypto';
 import { getConnection } from 'typeorm';
@@ -44,7 +44,7 @@ export class CreateScanStation {
 
         let newUUID = uuid.v4().toUpperCase();
         newStation.prefix = crypto.createHash("sha3-512").update(newUUID).digest('hex').substring(0, 7).toUpperCase();
-        newStation.key = await argon2.hash(newStation.prefix + "." + newUUID);
+        newStation.key = await hash(newStation.prefix + "." + newUUID);
         newStation.cleartextkey = newStation.prefix + "." + newUUID;
 
         return newStation;

src/models/actions/create/CreateSelfServiceCitizenRunner.ts

@@ -0,0 +1,53 @@
+import { IsEmail, IsNotEmpty, IsString } from 'class-validator';
+import { getConnection } from 'typeorm';
+import { RunnerEmailNeededError } from '../../../errors/RunnerErrors';
+import { Address } from '../../entities/Address';
+import { Runner } from '../../entities/Runner';
+import { RunnerOrganization } from '../../entities/RunnerOrganization';
+import { CreateParticipant } from './CreateParticipant';
+
+/**
+ * This classed is used to create a new Runner entity from a json body (post request).
+ */
+export class CreateSelfServiceCitizenRunner extends CreateParticipant {
+
+    /**
+     * The new runners's e-mail address.
+     * Must be provided for email-verification to work.
+     */
+    @IsString()
+    @IsNotEmpty()
+    @IsEmail()
+    email: string;
+
+    /**
+     * Creates a new Runner entity from this.
+     */
+    public async toEntity(): Promise<Runner> {
+        let newRunner: Runner = new Runner();
+
+        newRunner.created_via = "selfservice";
+        newRunner.firstname = this.firstname;
+        newRunner.middlename = this.middlename;
+        newRunner.lastname = this.lastname;
+        newRunner.phone = this.phone;
+        newRunner.email = this.email;
+
+        if (!newRunner.email) {
+            throw new RunnerEmailNeededError();
+        }
+
+        newRunner.group = await this.getGroup();
+        newRunner.address = this.address;
+        Address.validate(newRunner.address);
+
+        return newRunner;
+    }
+
+    /**
+     * Gets the new runner's group by it's id.
+     */
+    public async getGroup(): Promise<RunnerOrganization> {
+        return await getConnection().getRepository(RunnerOrganization).findOne({ id: 1 });
+    }
+}

src/models/actions/create/CreateSelfServiceRunner.ts

@@ -0,0 +1,56 @@
+import { IsInt, IsOptional } from 'class-validator';
+import { getConnection } from 'typeorm';
+import { RunnerTeamNotFoundError } from '../../../errors/RunnerTeamErrors';
+import { Address } from '../../entities/Address';
+import { Runner } from '../../entities/Runner';
+import { RunnerGroup } from '../../entities/RunnerGroup';
+import { RunnerTeam } from '../../entities/RunnerTeam';
+import { CreateParticipant } from './CreateParticipant';
+
+/**
+ * This classed is used to create a new Runner entity from a json body (post request).
+ */
+export class CreateSelfServiceRunner extends CreateParticipant {
+
+    /**
+     * The new runner's team's id.
+     * The team has to be a part of the runner's org.
+     * The team property may get ignored.
+     * If no team get's provided the runner's group will be their org.
+     */
+    @IsInt()
+    @IsOptional()
+    team?: number;
+
+    /**
+     * Creates a new Runner entity from this.
+     */
+    public async toEntity(group: RunnerGroup): Promise<Runner> {
+        let newRunner: Runner = new Runner();
+
+        newRunner.created_via = "selfservice";
+        newRunner.firstname = this.firstname;
+        newRunner.middlename = this.middlename;
+        newRunner.lastname = this.lastname;
+        newRunner.phone = this.phone;
+        newRunner.email = this.email;
+        newRunner.group = await this.getGroup(group);
+        newRunner.address = this.address;
+        Address.validate(newRunner.address);
+
+        return newRunner;
+    }
+
+    /**
+     * Gets the new runner's group by it's id.
+     */
+    public async getGroup(group: RunnerGroup): Promise<RunnerGroup> {
+        if (!this.team) {
+            return group;
+        }
+        const team = await getConnection().getRepository(RunnerTeam).findOne({ id: this.team }, { relations: ["parentGroup"] });
+        if (!team) { throw new RunnerTeamNotFoundError(); }
+        if (team.parentGroup.id != group.id) { throw new RunnerTeamNotFoundError(); }
+        return team;
+    }
+}

src/models/actions/create/CreateStatsClient.ts

@@ -1,4 +1,4 @@
-import * as argon2 from "argon2";
+import { hash } from '@node-rs/argon2';
 import { IsOptional, IsString } from 'class-validator';
 import crypto from 'crypto';
 import * as uuid from 'uuid';
@@ -25,7 +25,7 @@ export class CreateStatsClient {
 
         let newUUID = uuid.v4().toUpperCase();
         newClient.prefix = crypto.createHash("sha3-512").update(newUUID).digest('hex').substring(0, 7).toUpperCase();
-        newClient.key = await argon2.hash(newClient.prefix + "." + newUUID);
+        newClient.key = await hash(newClient.prefix + "." + newUUID);
         newClient.cleartextkey = newClient.prefix + "." + newUUID;
 
         return newClient;

src/models/actions/create/CreateTrackScan.ts

@@ -1,4 +1,5 @@
-import { IsInt, IsPositive } from 'class-validator';
+import { IsInt, IsOptional, IsPositive } from 'class-validator';
+import { BadRequestError } from 'routing-controllers';
 import { getConnection } from 'typeorm';
 import { RunnerCardNotFoundError } from '../../../errors/RunnerCardErrors';
 import { RunnerNotFoundError } from '../../../errors/RunnerErrors';
@@ -22,10 +23,12 @@ export class CreateTrackScan {
     /**
      * The scanning station's id that created the scan.
      * Mainly used for logging and traceing back scans (or errors).
+     * You don't have to provide the station if you're authenticateing via a scanstation token (The server takes care of it for you).
      */
     @IsInt()
     @IsPositive()
-    station: number;
+    @IsOptional()
+    station?: number;
 
     /**
      * Creates a new Track entity from this.
@@ -44,20 +47,32 @@ export class CreateTrackScan {
         }
 
         newScan.timestamp = Math.round(new Date().getTime() / 1000);
-        newScan.valid = await this.validateScan(newScan);
+        newScan = await this.validateScan(newScan);
 
         return newScan;
     }
 
+    /**
+     * Get's a runnerCard entity via the provided id.
+     * @returns The runnerCard whom's id you provided.
+     */
     public async getCard(): Promise<RunnerCard> {
-        const track = await getConnection().getRepository(RunnerCard).findOne({ id: this.card }, { relations: ["runner"] });
-        if (!track) {
+        const id = this.card % 200000000000;
+        const runnerCard = await getConnection().getRepository(RunnerCard).findOne({ id: id }, { relations: ["runner"] });
+        if (!runnerCard) {
             throw new RunnerCardNotFoundError();
         }
-        return track;
+        return runnerCard;
     }
 
+    /**
+     * Get's a scanstation entity via the provided id.
+     * @returns The scanstation whom's id you provided.
+     */
     public async getStation(): Promise<ScanStation> {
+        if (!this.station) {
+            throw new BadRequestError("You are missing the station's id!")
+        }
         const station = await getConnection().getRepository(ScanStation).findOne({ id: this.station }, { relations: ["track"] });
         if (!station) {
             throw new ScanStationNotFoundError();
@@ -65,15 +80,21 @@ export class CreateTrackScan {
         return station;
     }
 
-    public async validateScan(scan: TrackScan): Promise<boolean> {
-        const scans = await getConnection().getRepository(TrackScan).find({ where: { runner: scan.runner, valid: true }, relations: ["track"] });
-        if (scans.length == 0) { return true; }
-
-        const newestScan = scans[scans.length - 1];
-        if ((scan.timestamp - newestScan.timestamp) > scan.track.minimumLapTime) {
-            return true;
+    /**
+     * Validates the scan and sets it's lap time;
+     * @param scan The scan you want to validate
+     * @returns The validated scan with it's laptime set.
+     */
+    public async validateScan(scan: TrackScan): Promise<TrackScan> {
+        const latestScan = await getConnection().getRepository(TrackScan).findOne({ where: { runner: scan.runner, valid: true }, relations: ["track"], order: { id: 'DESC' } });
+        if (!latestScan) {
+            scan.lapTime = 0;
+            scan.valid = true;
         }
-
-        return false;
+        else {
+            scan.lapTime = scan.timestamp - latestScan.timestamp;
+            scan.valid = (scan.lapTime > scan.track.minimumLapTime);
+        }
+        return scan;
     }
 }

src/models/actions/create/CreateUser.ts

@@ -1,9 +1,10 @@
-import * as argon2 from "argon2";
+import { hash } from "@node-rs/argon2";
+import { passwordStrength } from "check-password-strength";
 import { IsBoolean, IsEmail, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import * as uuid from 'uuid';
 import { config } from '../../../config';
-import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
 import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
 import { User } from '../../entities/User';
 import { UserGroup } from '../../entities/UserGroup';
@@ -94,7 +95,13 @@ export class CreateUser {
         if (!this.email) {
             throw new UserEmailNeededError();
         }
-        if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
+        if (this.username?.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
+
+        let password_strength = passwordStrength(this.password);
+        if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
+        if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
+        if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
+        if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
 
         newUser.email = this.email
         newUser.username = this.username
@@ -103,11 +110,11 @@ export class CreateUser {
         newUser.lastname = this.lastname
         newUser.uuid = uuid.v4()
         newUser.phone = this.phone
-        newUser.password = await argon2.hash(this.password + newUser.uuid);
+        newUser.password = await hash(this.password + newUser.uuid);
         newUser.groups = await this.getGroups();
         newUser.enabled = this.enabled;
 
-        if (!this.profilePic) { newUser.profilePic = `https://dev.lauf-fuer-kaya.de/lfk-logo.png`; }
+        if (!this.profilePic) { newUser.profilePic = `https://lauf-fuer-kaya.de/lfk-logo.png`; }
         else { newUser.profilePic = this.profilePic; }
 
         return newUser;

src/models/actions/update/UpdateDistanceDonation.ts

@@ -32,6 +32,7 @@ export class UpdateDistanceDonation extends UpdateDonation {
      */
     public async update(donation: DistanceDonation): Promise<DistanceDonation> {
         donation.amountPerDistance = this.amountPerDistance;
+        donation.paidAmount = this.paidAmount;
         donation.donor = await this.getDonor();
         donation.runner = await this.getRunner();
 

src/models/actions/update/UpdateDonation.ts

@@ -1,4 +1,4 @@
-import { IsInt, IsPositive } from 'class-validator';
+import { IsInt, IsOptional, IsPositive } from 'class-validator';
 import { getConnection } from 'typeorm';
 import { DonorNotFoundError } from '../../../errors/DonorErrors';
 import { Donation } from '../../entities/Donation';
@@ -23,6 +23,13 @@ export abstract class UpdateDonation {
     @IsPositive()
     donor: number;
 
+    /**
+     * The donation's paid amount in the smalles unit of your currency (default: euro cent).
+     */
+    @IsInt()
+    @IsOptional()
+    paidAmount?: number;
+
     /**
      * Creates a new Donation entity from this.
      */

src/models/actions/update/UpdateFixedDonation.ts

@@ -20,6 +20,7 @@ export class UpdateFixedDonation extends UpdateDonation {
      */
     public async update(donation: FixedDonation): Promise<FixedDonation> {
         donation.amount = this.amount;
+        donation.paidAmount = this.paidAmount;
         donation.donor = await this.getDonor();
 
         return donation;

src/models/actions/update/UpdateRunnerCardByCode.ts

@@ -0,0 +1,50 @@
+import { IsBoolean, IsInt, IsNotEmpty, IsOptional, IsString } from 'class-validator';
+import { getConnection } from 'typeorm';
+import { RunnerNotFoundError } from '../../../errors/RunnerErrors';
+import { Runner } from '../../entities/Runner';
+import { RunnerCard } from '../../entities/RunnerCard';
+
+/**
+ * This class is used to update a RunnerCard entity (via put request).
+ */
+export class UpdateRunnerCardByCode {
+    /**
+     * The card's code.
+     */
+    @IsString()
+    @IsNotEmpty()
+    code?: string;
+
+    /**
+     * The runner's id.
+     */
+    @IsInt()
+    @IsOptional()
+    runner?: number;
+
+    /**
+     * Is the updated card enabled (for fraud reasons)?
+     * Default: true
+     */
+    @IsBoolean()
+    enabled: boolean = true;
+
+    /**
+     * Creates a new RunnerCard entity from this.
+     */
+    public async update(card: RunnerCard): Promise<RunnerCard> {
+        card.enabled = this.enabled;
+        card.runner = await this.getRunner();
+
+        return card;
+    }
+
+    public async getRunner(): Promise<Runner> {
+        if (!this.runner) { return null; }
+        const runner = await getConnection().getRepository(Runner).findOne({ id: this.runner });
+        if (!runner) {
+            throw new RunnerNotFoundError();
+        }
+        return runner;
+    }
+}

src/models/actions/update/UpdateRunnerOrganisation.ts

@@ -1,38 +0,0 @@
-import { IsInt, IsObject, IsOptional } from 'class-validator';
-import { Address } from '../../entities/Address';
-import { RunnerOrganisation } from '../../entities/RunnerOrganisation';
-import { CreateRunnerGroup } from '../create/CreateRunnerGroup';
-
-/**
- * This class is used to update a RunnerOrganisation entity (via put request).
- */
-export class UpdateRunnerOrganisation extends CreateRunnerGroup {
-
-    /**
-     * The updated orgs's id.
-     * This shouldn't have changed but it is here in case anyone ever wants to enable id changes (whyever they would want to).
-     */
-    @IsInt()
-    id: number;
-
-    /**
-     * The updated organisation's address.
-     */
-    @IsOptional()
-    @IsObject()
-    address?: Address;
-
-    /**
-     * Updates a provided RunnerOrganisation entity based on this.
-     */
-    public async update(organisation: RunnerOrganisation): Promise<RunnerOrganisation> {
-
-        organisation.name = this.name;
-        organisation.contact = await this.getContact();
-        if (!this.address) { organisation.address.reset(); }
-        else { organisation.address = this.address; }
-        Address.validate(organisation.address);
-
-        return organisation;
-    }
-}

src/models/actions/update/UpdateRunnerOrganization.ts

@@ -0,0 +1,53 @@
+import { IsBoolean, IsInt, IsObject, IsOptional } from 'class-validator';
+import * as uuid from 'uuid';
+import { Address } from '../../entities/Address';
+import { RunnerOrganization } from '../../entities/RunnerOrganization';
+import { CreateRunnerGroup } from '../create/CreateRunnerGroup';
+
+/**
+ * This class is used to update a RunnerOrganization entity (via put request).
+ */
+export class UpdateRunnerOrganization extends CreateRunnerGroup {
+
+    /**
+     * The updated orgs's id.
+     * This shouldn't have changed but it is here in case anyone ever wants to enable id changes (whyever they would want to).
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The updated organization's address.
+     */
+    @IsOptional()
+    @IsObject()
+    address?: Address;
+
+    /**
+     * Is registration enabled for the updated organization?
+     */
+    @IsOptional()
+    @IsBoolean()
+    registrationEnabled?: boolean = false;
+
+    /**
+     * Updates a provided RunnerOrganization entity based on this.
+     */
+    public async update(organization: RunnerOrganization): Promise<RunnerOrganization> {
+
+        organization.name = this.name;
+        organization.contact = await this.getContact();
+        if (!this.address) { organization.address.reset(); }
+        else { organization.address = this.address; }
+        Address.validate(organization.address);
+
+        if (this.registrationEnabled && !organization.key) {
+            organization.key = uuid.v4().toUpperCase();
+        }
+        else {
+            organization.key = null;
+        }
+
+        return organization;
+    }
+}

src/models/actions/update/UpdateRunnerTeam.ts

@@ -1,8 +1,8 @@
 import { IsInt, IsPositive } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
-import { RunnerOrganisationNotFoundError } from '../../../errors/RunnerOrganisationErrors';
+import { RunnerOrganizationNotFoundError } from '../../../errors/RunnerOrganizationErrors';
 import { RunnerTeamNeedsParentError } from '../../../errors/RunnerTeamErrors';
-import { RunnerOrganisation } from '../../entities/RunnerOrganisation';
+import { RunnerOrganization } from '../../entities/RunnerOrganization';
 import { RunnerTeam } from '../../entities/RunnerTeam';
 import { CreateRunnerGroup } from '../create/CreateRunnerGroup';
 
@@ -28,12 +28,12 @@ export class UpdateRunnerTeam extends CreateRunnerGroup {
     /**
      * Loads the updated teams's parentGroup based on it's id.
      */
-    public async getParent(): Promise<RunnerOrganisation> {
+    public async getParent(): Promise<RunnerOrganization> {
         if (this.parentGroup === undefined || this.parentGroup === null) {
             throw new RunnerTeamNeedsParentError();
         }
-        let parentGroup = await getConnectionManager().get().getRepository(RunnerOrganisation).findOne({ id: this.parentGroup });
-        if (!parentGroup) { throw new RunnerOrganisationNotFoundError();; }
+        let parentGroup = await getConnectionManager().get().getRepository(RunnerOrganization).findOne({ id: this.parentGroup });
+        if (!parentGroup) { throw new RunnerOrganizationNotFoundError();; }
         return parentGroup;
     }
 

src/models/actions/update/UpdateTrackScan.ts

@@ -1,9 +1,9 @@
 import { IsBoolean, IsInt, IsOptional, IsPositive } from 'class-validator';
 import { getConnection } from 'typeorm';
 import { RunnerNotFoundError } from '../../../errors/RunnerErrors';
-import { ScanStationNotFoundError } from '../../../errors/ScanStationErrors';
+import { TrackNotFoundError } from '../../../errors/TrackErrors';
 import { Runner } from '../../entities/Runner';
-import { ScanStation } from '../../entities/ScanStation';
+import { Track } from '../../entities/Track';
 import { TrackScan } from '../../entities/TrackScan';
 
 /**
@@ -38,7 +38,7 @@ export abstract class UpdateTrackScan {
      */
     @IsInt()
     @IsPositive()
-    public station: number;
+    public track: number;
 
     /**
      * Update a TrackScan entity based on this.
@@ -47,8 +47,7 @@ export abstract class UpdateTrackScan {
     public async update(scan: TrackScan): Promise<TrackScan> {
         scan.valid = this.valid;
         scan.runner = await this.getRunner();
-        scan.station = await this.getStation();
-        scan.track = scan.station.track;
+        scan.track = await this.getTrack();
 
         return scan;
     }
@@ -67,11 +66,11 @@ export abstract class UpdateTrackScan {
     /**
      * Gets a runner based on the runner id provided via this.runner.
      */
-    public async getStation(): Promise<ScanStation> {
-        const station = await getConnection().getRepository(ScanStation).findOne({ id: this.station }, { relations: ['track'] });
-        if (!station) {
-            throw new ScanStationNotFoundError();
+    public async getTrack(): Promise<Track> {
+        const track = await getConnection().getRepository(Track).findOne({ id: this.track });
+        if (!track) {
+            throw new TrackNotFoundError();
         }
-        return station;
+        return track;
     }
 }

src/models/actions/update/UpdateUser.ts

@@ -1,12 +1,14 @@
-import * as argon2 from "argon2";
+import { hash } from '@node-rs/argon2';
+import { passwordStrength } from "check-password-strength";
 import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import { config } from '../../../config';
-import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
 import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
 import { User } from '../../entities/User';
 import { UserGroup } from '../../entities/UserGroup';
 
+
 /**
  * This class is used to update a User entity (via put request).
  */
@@ -104,7 +106,12 @@ export class UpdateUser {
         if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
 
         if (this.password) {
-            user.password = await argon2.hash(this.password + user.uuid);
+            let password_strength = passwordStrength(this.password);
+            if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
+            if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
+            if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
+            if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
+            user.password = await hash(this.password + user.uuid);
             user.refreshTokenCount = user.refreshTokenCount + 1;
         }
 
@@ -117,7 +124,7 @@ export class UpdateUser {
         user.phone = this.phone;
         user.groups = await this.getGroups();
 
-        if (!this.profilePic) { user.profilePic = `https://dev.lauf-fuer-kaya.de/lfk-logo.png`; }
+        if (!this.profilePic) { user.profilePic = `https://lauf-fuer-kaya.de/lfk-logo.png`; }
         else { user.profilePic = this.profilePic; }
 
         return user;

src/models/entities/ConfigFlags.ts

@@ -0,0 +1,27 @@
+import {
+    IsNotEmpty,
+    IsString
+} from "class-validator";
+import { Column, Entity, PrimaryColumn } from "typeorm";
+
+/**
+ * Defines the ConfigFlag entity.
+ * This entity can be used to set some flags on db init.
+*/
+@Entity()
+export class ConfigFlag {
+    /**
+     * The flag's name (primary).
+     */
+    @PrimaryColumn()
+    @IsString()
+    option: string;
+
+    /**
+     * The flag's value.
+     */
+    @Column()
+    @IsString()
+    @IsNotEmpty()
+    value: string;
+}

src/models/entities/Donation.ts

@@ -1,8 +1,7 @@
 import {
-  IsInt,
-  IsNotEmpty
+  IsInt
 } from "class-validator";
-import { Entity, ManyToOne, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
+import { Column, Entity, ManyToOne, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
 import { ResponseDonation } from '../responses/ResponseDonation';
 import { Donor } from './Donor';
 
@@ -24,7 +23,6 @@ export abstract class Donation {
   /**
    * The donations's donor.
    */
-  @IsNotEmpty()
   @ManyToOne(() => Donor, donor => donor.donations)
   donor: Donor;
 
@@ -34,6 +32,13 @@ export abstract class Donation {
    */
   public abstract get amount(): number;
 
+  /**
+   * The donation's paid amount in cents (or whatever your currency's smallest unit is.).
+   * Used to mark donations as paid.
+   */
+  @Column({ nullable: true })
+  @IsInt()
+  paidAmount: number;
 
   /**
    * Turns this entity into it's response class.

src/models/entities/Donor.ts

@@ -33,6 +33,15 @@ export class Donor extends Participant {
     return this.donations.reduce((sum, current) => sum + current.amount, 0);
   }
 
+  /**
+   * Returns the total paid donations of a donor based on his linked donations.
+  */
+  @IsInt()
+  public get paidDonationAmount(): number {
+    if (!this.donations) { return 0; }
+    return this.donations.reduce((sum, current) => sum + current.paidAmount, 0);
+  }
+
   /**
    * Turns this entity into it's response class.
    */

src/models/entities/Participant.ts

@@ -75,6 +75,14 @@ export abstract class Participant {
   @IsEmail()
   email?: string;
 
+  /**
+   * how the participant got into the system
+   */
+  @Column({ nullable: true, default: "backend" })
+  @IsOptional()
+  @IsString()
+  created_via?: string;
+
   /**
    * Turns this entity into it's response class.
    */

src/models/entities/Runner.ts

@@ -1,5 +1,5 @@
-import { IsInt, IsNotEmpty } from "class-validator";
-import { ChildEntity, ManyToOne, OneToMany } from "typeorm";
+import { IsInt, IsNotEmpty, IsOptional, IsString } from "class-validator";
+import { ChildEntity, Column, ManyToOne, OneToMany } from "typeorm";
 import { ResponseRunner } from '../responses/ResponseRunner';
 import { DistanceDonation } from "./DistanceDonation";
 import { Participant } from "./Participant";
@@ -16,7 +16,7 @@ import { Scan } from "./Scan";
 export class Runner extends Participant {
   /**
    * The runner's associated group.
-   * Can be a runner team or organisation.
+   * Can be a runner team or organization.
    */
   @IsNotEmpty()
   @ManyToOne(() => RunnerGroup, group => group.runners)
@@ -43,12 +43,24 @@ export class Runner extends Participant {
   @OneToMany(() => Scan, scan => scan.runner, { nullable: true })
   scans: Scan[];
 
+  /**
+  * The last time the runner requested a selfservice link.
+  * Used to prevent spamming of the selfservice link forgotten route.
+  */
+  @Column({ nullable: true, unique: false })
+  @IsString()
+  @IsOptional()
+  resetRequestedTimestamp?: number;
+
   /**
    * Returns all valid scans associated with this runner.
    * This is implemented here to avoid duplicate code in other files.
    */
   public get validScans(): Scan[] {
-    return this.scans.filter(scan => scan.valid == true);
+    if (this.scans) {
+      return this.scans.filter(scan => scan.valid == true);
+    }
+    return []
   }
 
   /**
@@ -65,13 +77,13 @@ export class Runner extends Participant {
   */
   @IsInt()
   public get distanceDonationAmount(): number {
-    return this.distanceDonations.reduce((sum, current) => sum + current.amountPerDistance, 0) * this.distance;
+    return this.distanceDonations.reduce((sum, current) => sum + current.amount, 0);
   }
 
   /**
    * Turns this entity into it's response class.
    */
   public toResponse(): ResponseRunner {
-    return new ResponseRunner(this);
+    return new ResponseRunner(this, true);
   }
 }

src/models/entities/RunnerCard.ts

@@ -52,13 +52,7 @@ export class RunnerCard {
    * Generates a ean-13 compliant string for barcode generation.
    */
   public get code(): string {
-    const multiply = [1, 3];
-    let total = 0;
-    this.paddedId.split('').forEach((letter, index) => {
-      total += parseInt(letter, 10) * multiply[index % 2];
-    });
-    const checkSum = (Math.ceil(total / 10) * 10) - total;
-    return this.paddedId + checkSum.toString();
+    return this.paddedId
   }
 
   /**
@@ -67,10 +61,11 @@ export class RunnerCard {
   private get paddedId(): string {
     let id: string = this.id.toString();
 
-    if (id.length > 12) {
+    if (id.length > 11) {
       throw new RunnerCardIdOutOfRangeError();
     }
-    while (id.length < 12) { id = '0' + id; }
+    while (id.length < 11) { id = '0' + id; }
+    id = '2' + id;
 
     return id;
   }

src/models/entities/RunnerGroup.ts

@@ -51,6 +51,9 @@ export abstract class RunnerGroup {
   */
   @IsInt()
   public get distance(): number {
+    if (!this.runners || this.runners.length == 0) {
+      return 0;
+    }
     return this.runners.reduce((sum, current) => sum + current.distance, 0);
   }
 

src/models/entities/RunnerOrganization.ts

@@ -1,34 +1,44 @@
-import { IsInt, IsOptional } from "class-validator";
+import { IsInt, IsOptional, IsString } from "class-validator";
 import { ChildEntity, Column, OneToMany } from "typeorm";
-import { ResponseRunnerOrganisation } from '../responses/ResponseRunnerOrganisation';
+import { ResponseRunnerOrganization } from '../responses/ResponseRunnerOrganization';
 import { Address } from './Address';
 import { Runner } from './Runner';
 import { RunnerGroup } from "./RunnerGroup";
 import { RunnerTeam } from "./RunnerTeam";
 
 /**
- * Defines the RunnerOrganisation entity.
+ * Defines the RunnerOrganization entity.
  * This usually is a school, club or company.
 */
 @ChildEntity()
-export class RunnerOrganisation extends RunnerGroup {
+export class RunnerOrganization extends RunnerGroup {
 
   /**
-   * The organisations's address.
+   * The organizations's address.
    */
   @IsOptional()
   @Column(type => Address)
   address?: Address;
 
   /**
-   * The organisation's teams.
-   * Used to link teams to a organisation.
+   * The organization's teams.
+   * Used to link teams to a organization.
    */
   @OneToMany(() => RunnerTeam, team => team.parentGroup, { nullable: true })
   teams: RunnerTeam[];
 
   /**
-   * Returns all runners associated with this organisation (directly or indirectly via teams).
+   * The organization's api key for self-service registration.
+   * The api key can be used for the /runners/register/:token endpoint.
+   * Is has to be base64 encoded if used via the api (to keep url-safety).
+   */
+  @Column({ nullable: true, unique: true })
+  @IsString()
+  @IsOptional()
+  key?: string;
+
+  /**
+   * Returns all runners associated with this organization (directly or indirectly via teams).
    */
   public get allRunners(): Runner[] {
     let returnRunners: Runner[] = new Array<Runner>();
@@ -58,7 +68,7 @@ export class RunnerOrganisation extends RunnerGroup {
   /**
    * Turns this entity into it's response class.
    */
-  public toResponse(): ResponseRunnerOrganisation {
-    return new ResponseRunnerOrganisation(this);
+  public toResponse(): ResponseRunnerOrganization {
+    return new ResponseRunnerOrganization(this);
   }
 }

src/models/entities/RunnerTeam.ts

@@ -2,7 +2,7 @@ import { IsNotEmpty } from "class-validator";
 import { ChildEntity, ManyToOne } from "typeorm";
 import { ResponseRunnerTeam } from '../responses/ResponseRunnerTeam';
 import { RunnerGroup } from "./RunnerGroup";
-import { RunnerOrganisation } from "./RunnerOrganisation";
+import { RunnerOrganization } from "./RunnerOrganization";
 
 /**
  * Defines the RunnerTeam entity.
@@ -13,11 +13,11 @@ export class RunnerTeam extends RunnerGroup {
 
   /**
    * The team's parent group.
-   * Every team has to be part of a runnerOrganisation - this get's checked on creation and update.
+   * Every team has to be part of a runnerOrganization - this get's checked on creation and update.
    */
   @IsNotEmpty()
-  @ManyToOne(() => RunnerOrganisation, org => org.teams, { nullable: true })
-  parentGroup?: RunnerOrganisation;
+  @ManyToOne(() => RunnerOrganization, org => org.teams, { nullable: true })
+  parentGroup?: RunnerOrganization;
 
   /**
    * Turns this entity into it's response class.

src/models/entities/TrackScan.ts

@@ -2,6 +2,8 @@ import {
   IsInt,
   IsNotEmpty,
 
+  IsNumber,
+
   IsPositive
 } from "class-validator";
 import { ChildEntity, Column, ManyToOne } from "typeorm";
@@ -59,6 +61,14 @@ export class TrackScan extends Scan {
   @IsInt()
   timestamp: number;
 
+  /**
+   * The scan's lap time.
+   * This simply get's calculated from the last lap time;
+   */
+  @Column()
+  @IsNumber()
+  lapTime: number;
+
   /**
    * Turns this entity into it's response class.
    */

src/models/entities/UserGroup.ts

@@ -4,7 +4,6 @@ import {
   IsString
 } from "class-validator";
 import { ChildEntity, Column } from "typeorm";
-import { ResponsePrincipal } from '../responses/ResponsePrincipal';
 import { ResponseUserGroup } from '../responses/ResponseUserGroup';
 import { Principal } from './Principal';
 
@@ -34,7 +33,7 @@ export class UserGroup extends Principal {
   /**
    * Turns this entity into it's response class.
    */
-  public toResponse(): ResponsePrincipal {
+  public toResponse(): ResponseUserGroup {
     return new ResponseUserGroup(this);
   }
 }

src/models/enums/DonationStatus.ts

@@ -0,0 +1,7 @@
+/**
+ * This enum contains all status a donation can inherit regarding it's payment status.
+ */
+export enum DonationStatus {
+    OPEN = 'OPEN',
+    PAID = 'PAID'
+}

src/models/enums/PermissionTargets.ts

@@ -3,7 +3,7 @@
  */
 export enum PermissionTarget {
     RUNNER = 'RUNNER',
-    ORGANISATION = 'ORGANISATION',
+    ORGANIZATION = 'ORGANIZATION',
     TEAM = 'TEAM',
     TRACK = 'TRACK',
     USER = 'USER',
@@ -15,5 +15,6 @@ export enum PermissionTarget {
     STATION = 'STATION',
     CARD = 'CARD',
     DONATION = 'DONATION',
-    CONTACT = 'CONTACT'
+    CONTACT = 'CONTACT',
+    MAIL = 'MAIL'
 }

src/models/enums/ResponseObjectType.ts

@@ -0,0 +1,39 @@
+/**
+ * This enum contains all object types/entities a response can contain.
+ */
+export enum ResponseObjectType {
+    AUTH = 'AUTH',
+    DISTANCEDONATION = 'DISTANCEDONATION',
+    DONATION = 'DONATION',
+    DONOR = 'DONOR',
+    EMPTY = 'EMPTY',
+    GROUPCONTACT = 'GROUPCONTACT',
+    LOGOUT = 'LOGOUT',
+    PARTICIPANT = 'PARTICIPANT',
+    PERMISSION = 'PERMISSION',
+    PRINCIPAL = 'PRINCIPAL',
+    RUNNER = 'RUNNER',
+    RUNNERCARD = 'RUNNERCARD',
+    RUNNERGROUP = 'RUNNERGROUP',
+    RUNNERORGANIZATION = 'RUNNERORGANIZATION',
+    RUNNERTEAM = 'RUNNERTEAM',
+    SCAN = 'SCAN',
+    SCANSTATION = 'SCANSTATION',
+    SELFSERVICEDONATION = 'SELFSERVICEDONATION',
+    SELFSERVICERUNNER = 'SELFSERVICRUNNER',
+    SELFSERVICESCAN = 'SELFSERVICESCAN',
+    SELFSERVICETRACKSCAN = 'SELFSERVICETRACKSCAN',
+    SELFSERVICETEAM = 'SELFSERVICETEAM',
+    SELFSERVICEORGANIZATION = 'SELFSERVICEORGANIZATION',
+    STATS = 'STATS',
+    STATSCLIENT = 'STATSCLIENT',
+    STATSORGANIZATION = 'STATSORGANIZATION',
+    STATSRUNNER = 'STATSRUNNER',
+    STATSTEAM = 'STATSTEAM',
+    TRACK = 'TRACK',
+    TRACKSCAN = 'TRACKSCAN',
+    USER = 'USER',
+    USERGROUP = 'USERGROUP',
+    USERPERMISSIONS = 'USERPERMISSIONS',
+    SELFSERVICEDONOR = 'SELFSERVICEDONOR'
+}

src/models/responses/IResponse.ts

@@ -0,0 +1,13 @@
+import { ResponseObjectType } from '../enums/ResponseObjectType';
+
+/**
+ * Defines the repsonse interface.
+ * This forces all response classes to implement the interfaces properties.
+*/
+export interface IResponse {
+    /**
+    * The responseType.
+    * This contains the type of class/entity this response contains.
+    */
+    responseType: ResponseObjectType;
+}

src/models/responses/ResponseAnonymousDonation.ts

@@ -0,0 +1,58 @@
+import { IsInt, IsPositive } from "class-validator";
+import { Donation } from '../entities/Donation';
+import { DonationStatus } from '../enums/DonationStatus';
+import { ResponseObjectType } from '../enums/ResponseObjectType';
+import { IResponse } from './IResponse';
+
+/**
+ * Defines the donation response.
+*/
+export class ResponseAnonymousDonation implements IResponse {
+
+    /**
+    * The responseType.
+    * This contains the type of class/entity this response contains.
+    */
+    responseType: ResponseObjectType = ResponseObjectType.DONATION;
+
+    /**
+    * The donation's payment status.
+    * Provides you with a quick indicator of it's payment status.
+    */
+    status: DonationStatus;
+
+    /**
+     * The donation's id.
+     */
+    @IsInt()
+    @IsPositive()
+    id: number;
+
+    /**
+     * The donation's amount in the smalles unit of your currency (default: euro cent).
+     */
+    @IsInt()
+    amount: number;
+
+    /**
+     * The donation's paid amount in the smalles unit of your currency (default: euro cent).
+     */
+    @IsInt()
+    paidAmount: number;
+
+    /**
+     * Creates a ResponseDonation object from a scan.
+     * @param donation The donation the response shall be build for.
+     */
+    public constructor(donation: Donation) {
+        this.id = donation.id;
+        this.amount = donation.amount;
+        this.paidAmount = donation.paidAmount || 0;
+        if (this.paidAmount < this.amount) {
+            this.status = DonationStatus.OPEN;
+        }
+        else {
+            this.status = DonationStatus.PAID;
+        }
+    }
+}

src/models/responses/ResponseAuth.ts

@@ -1,9 +1,18 @@
 import { IsInt, IsString } from 'class-validator';
+import { ResponseObjectType } from '../enums/ResponseObjectType';
+import { IResponse } from './IResponse';
 
 /**
  * Defines the repsonse auth.
 */
-export class ResponseAuth {
+export class ResponseAuth implements IResponse {
+
+  /**
+    * The responseType.
+    * This contains the type of class/entity this response contains.
+    */
+  responseType: ResponseObjectType = ResponseObjectType.AUTH;
+
   /**
   * The access_token - JWT shortterm access token.
   */

src/models/responses/ResponseDistanceDonation.ts

@@ -1,12 +1,19 @@
 import { IsInt, IsObject, IsPositive } from 'class-validator';
 import { DistanceDonation } from '../entities/DistanceDonation';
+import { ResponseObjectType } from '../enums/ResponseObjectType';
+import { IResponse } from './IResponse';
 import { ResponseDonation } from './ResponseDonation';
 import { ResponseRunner } from './ResponseRunner';
 
 /**
  * Defines the distance donation response.
 */
-export class ResponseDistanceDonation extends ResponseDonation {
+export class ResponseDistanceDonation extends ResponseDonation implements IResponse {
+    /**
+     * The responseType.
+     * This contains the type of class/entity this response contains.
+     */
+    responseType: ResponseObjectType = ResponseObjectType.DISTANCEDONATION;
 
     /**
      * The donation's associated runner.
@@ -29,7 +36,7 @@ export class ResponseDistanceDonation extends ResponseDonation {
      */
     public constructor(donation: DistanceDonation) {
         super(donation);
-        this.runner = donation.runner.toResponse();
+        if (donation.runner) { this.runner = donation.runner.toResponse(); }
         this.amountPerDistance = donation.amountPerDistance;
     }
 }

src/models/responses/ResponseDonation.ts

@@ -1,11 +1,27 @@
 import { IsInt, IsNotEmpty, IsPositive } from "class-validator";
 import { Donation } from '../entities/Donation';
+import { DonationStatus } from '../enums/DonationStatus';
+import { ResponseObjectType } from '../enums/ResponseObjectType';
+import { IResponse } from './IResponse';
 import { ResponseDonor } from './ResponseDonor';
 
 /**
  * Defines the donation response.
 */
-export class ResponseDonation {
+export class ResponseDonation implements IResponse {
+
+    /**
+    * The responseType.
+    * This contains the type of class/entity this response contains.
+    */
+    responseType: ResponseObjectType = ResponseObjectType.DONATION;
+
+    /**
+    * The donation's payment status.
+    * Provides you with a quick indicator of it's payment status.
+    */
+    status: DonationStatus;
+
     /**
      * The donation's id.
      */
@@ -25,13 +41,28 @@ export class ResponseDonation {
     @IsInt()
     amount: number;
 
+    /**
+     * The donation's paid amount in the smalles unit of your currency (default: euro cent).
+     */
+    @IsInt()
+    paidAmount: number;
+
     /**
      * Creates a ResponseDonation object from a scan.
      * @param donation The donation the response shall be build for.
      */
     public constructor(donation: Donation) {
         this.id = donation.id;
-        this.donor = donation.donor.toResponse();
+        if (donation.donor) {
+            this.donor = donation.donor.toResponse();
+        }
         this.amount = donation.amount;
+        this.paidAmount = donation.paidAmount || 0;
+        if (this.paidAmount < this.amount) {
+            this.status = DonationStatus.OPEN;
+        }
+        else {
+            this.status = DonationStatus.PAID;
+        }
     }
 }

src/models/responses/ResponseDonor.ts

@@ -2,12 +2,20 @@ import {
     IsBoolean, IsInt
 } from "class-validator";
 import { Donor } from '../entities/Donor';
+import { ResponseObjectType } from '../enums/ResponseObjectType';
+import { IResponse } from './IResponse';
+import { ResponseDonation } from './ResponseDonation';
 import { ResponseParticipant } from './ResponseParticipant';
 
 /**
  * Defines the donor response.
 */
-export class ResponseDonor extends ResponseParticipant {
+export class ResponseDonor extends ResponseParticipant implements IResponse {
+    /**
+    * The responseType.
+    * This contains the type of class/entity this response contains.
+    */
+    responseType: ResponseObjectType = ResponseObjectType.DONOR;
 
     /**
      * Does this donor need a receipt?
@@ -21,6 +29,14 @@ export class ResponseDonor extends ResponseParticipant {
     @IsInt()
     donationAmount: number;
 
+    /**
+    * Returns the total paid donations of a donor based on his linked donations.
+    */
+    @IsInt()
+    paidDonationAmount: number;
+
+    donations: Array<ResponseDonation>;
+
     /**
      * Creates a ResponseRunner object from a runner.
      * @param runner The user the response shall be build for.
@@ -29,5 +45,12 @@ export class ResponseDonor extends ResponseParticipant {
         super(donor);
         this.receiptNeeded = donor.receiptNeeded;
         this.donationAmount = donor.donationAmount;
+        this.paidDonationAmount = donor.paidDonationAmount;
+        this.donations = new Array<ResponseDonation>();
+        if (donor.donations?.length > 0) {
+            for (const donation of donor.donations) {
+                this.donations.push(donation.toResponse())
+            }
+        }
     }
 }

src/models/responses/ResponseEmpty.ts

@@ -1,9 +1,17 @@
 import { IsString } from 'class-validator';
+import { ResponseObjectType } from '../enums/ResponseObjectType';
+import { IResponse } from './IResponse';
 
 /**
  * Defines a empty response object.
 */
-export class ResponseEmpty {
+export class ResponseEmpty implements IResponse {
+    /**
+    * The responseType.
+    * This contains the type of class/entity this response contains.
+    */
+    responseType: ResponseObjectType = ResponseObjectType.EMPTY;
+
     @IsString()
     response: string = "nothing here"
 }

src/models/responses/ResponseGroupContact.ts

@@ -1,12 +1,20 @@
 import { IsInt, IsObject, IsString } from "class-validator";
 import { Address } from '../entities/Address';
 import { GroupContact } from '../entities/GroupContact';
+import { ResponseObjectType } from '../enums/ResponseObjectType';
+import { IResponse } from './IResponse';
 import { ResponseRunnerGroup } from './ResponseRunnerGroup';
 
 /**
  * Defines the group contact response.
 */
-export class ResponseGroupContact {
+export class ResponseGroupContact implements IResponse {
+    /**
+    * The responseType.
+    * This contains the type of class/entity this response contains.
+    */
+    responseType: ResponseObjectType = ResponseObjectType.GROUPCONTACT;
+
     /**
      * The contact's id.
      */
@@ -69,8 +77,10 @@ export class ResponseGroupContact {
         this.email = contact.email;
         this.address = contact.address;
         this.groups = new Array<ResponseRunnerGroup>();
-        for (let group of contact.groups) {
-            this.groups.push(group.toResponse());
+        if (contact.groups) {
+            for (let group of contact.groups) {
+                this.groups.push(group.toResponse());
+            }
         }
     }
 }

src/models/responses/ResponseLogout.ts

@@ -1,9 +1,17 @@
 import { IsString } from 'class-validator';
+import { ResponseObjectType } from '../enums/ResponseObjectType';
+import { IResponse } from './IResponse';
 
 /**
  * Defines the logout response.
 */
-export class Logout {
+export class Logout implements IResponse {
+  /**
+   * The responseType.
+   * This contains the type of class/entity this response contains.
+   */
+  responseType: ResponseObjectType = ResponseObjectType.LOGOUT;
+
   /**
   * The logout's timestamp.
   */

src/models/responses/ResponseParticipant.ts

@@ -1,11 +1,19 @@
 import { IsInt, IsObject, IsOptional, IsString } from "class-validator";
 import { Address } from '../entities/Address';
 import { Participant } from '../entities/Participant';
+import { ResponseObjectType } from '../enums/ResponseObjectType';
+import { IResponse } from './IResponse';
 
 /**
  * Defines the participant response.
 */
-export abstract class ResponseParticipant {
+export abstract class ResponseParticipant implements IResponse {
+    /**
+    * The responseType.
+    * This contains the type of class/entity this response contains.
+    */
+    responseType: ResponseObjectType = ResponseObjectType.PARTICIPANT;
+
     /**
      * The participant's id.
      */
@@ -42,6 +50,12 @@ export abstract class ResponseParticipant {
     @IsString()
     email?: string;
 
+    /**
+     * how the participant got into the system
+     */
+    @IsString()
+    created_via?: string;
+
     /**
      * The participant's address.
      */
@@ -56,6 +70,7 @@ export abstract class ResponseParticipant {
     public constructor(participant: Participant) {
         this.id = participant.id;
         this.firstname = participant.firstname;
+        this.created_via = participant.created_via;
         this.middlename = participant.middlename;
         this.lastname = participant.lastname;
         this.phone = participant.phone;