chore(release): 1.8.0

close #210

.drone.yml

@@ -1,188 +0,0 @@
----
-kind: secret
-name: docker_username
-get:
-  path: odit-registry-builder
-  name: username
-
----
-kind: secret
-name: docker_password
-get:
-  path: odit-registry-builder
-  name: password
-
----
-kind: secret
-name: git_ssh
-get:
-  path: odit-git-bot
-  name: sshkey
-
----
-kind: pipeline
-type: kubernetes
-name: tests:node_latest
-clone:
-  disable: true
-steps:
-  - name: checkout pr
-    image: alpine/git
-    commands:
-      - git clone $DRONE_REMOTE_URL .
-      - git checkout $DRONE_SOURCE_BRANCH
-  - name: run tests
-    image: node:latest
-    commands:
-      - yarn
-      - yarn test:ci
-trigger:
-  event:
-    - pull_request
-
----
-kind: pipeline
-type: kubernetes
-name: build:dev
-clone:
-  disable: true
-
-steps:
-  - name: clone
-    image: alpine/git
-    commands:
-      - git clone $DRONE_REMOTE_URL .
-      - git checkout dev
-  - name: build dev
-    image: plugins/docker
-    depends_on: [clone]
-    settings:
-      username:
-        from_secret: docker_username
-      password:
-        from_secret: docker_password
-      repo: registry.odit.services/lfk/backend
-      tags:
-        - dev
-      registry: registry.odit.services
-      mtu: 1000
-  - name: run changelog export
-    depends_on: ["clone"]
-    image: node:latest
-    commands:
-      - npx auto-changelog --commit-limit false -p -u --hide-credit
-  - name: push new changelog to repo
-    depends_on: ["run changelog export"]
-    image: appleboy/drone-git-push
-    settings:
-      branch: dev
-      commit: true
-      commit_message: 🧾New changelog file version [CI SKIP] [skip ci]
-      author_email: bot@odit.services
-      remote: git@git.odit.services:lfk/backend.git
-      ssh_key:
-        from_secret: git_ssh
-  - name: run full license export
-    depends_on: ["clone"]
-    image: node:14.15.1-alpine3.12
-    commands:
-      - yarn
-      - yarn licenses:export
-  - name: push new licenses file to repo
-    depends_on: ["run full license export"]
-    image: appleboy/drone-git-push
-    settings:
-      branch: dev
-      commit: true
-      commit_message: 📖New license file version [CI SKIP] [skip ci]
-      author_email: bot@odit.services
-      remote: git@git.odit.services:lfk/backend.git
-      skip_verify: true
-      ssh_key:
-        from_secret: git_ssh
-
-
-trigger:
-  branch:
-    - dev
-  event:
-    - push
-
----
-kind: pipeline
-type: kubernetes
-name: build:latest
-clone:
-  disable: true
-
-steps:
-  - name: clone
-    image: alpine/git
-    commands:
-      - git clone $DRONE_REMOTE_URL .
-      - git checkout dev
-      - git merge main
-      - git checkout main
-  - name: build latest
-    depends_on: ["clone"]
-    image: plugins/docker
-    settings:
-      username:
-        from_secret: docker_username
-      password:
-        from_secret: docker_password
-      repo: registry.odit.services/lfk/backend
-      tags:
-        - latest
-      registry: registry.odit.services
-      mtu: 1000
-  - name: push merge to repo
-    depends_on: ["clone"]
-    image: appleboy/drone-git-push
-    settings:
-      branch: dev
-      commit: false
-      remote: git@git.odit.services:lfk/backend.git
-      ssh_key:
-        from_secret: git_ssh
-
-trigger:
-  branch:
-    - main
-  event:
-    - push
-
----
-kind: pipeline
-type: kubernetes
-name: build:tags
-
-steps:
-  - name: build $DRONE_TAG
-    image: plugins/docker
-    depends_on: [clone]
-    settings:
-      username:
-        from_secret: docker_username
-      password:
-        from_secret: docker_password
-      repo: registry.odit.services/lfk/backend
-      tags:
-        - '${DRONE_TAG}'
-      registry: registry.odit.services
-      mtu: 1000
-  - name: trigger node lib build
-    image: idcooldi/drone-webhook
-    settings:
-      urls: https://ci.odit.services/api/repos/lfk/lfk-client-node/builds?SOURCE_TAG=${DRONE_TAG}
-      bearer:
-        from_secret: BOT_DRONE_KEY
-  - name: trigger js lib build
-    image: idcooldi/drone-webhook
-    settings:
-      urls: https://ci.odit.services/api/repos/lfk/lfk-client-js/builds?SOURCE_TAG=${DRONE_TAG}
-      bearer:
-        from_secret: BOT_DRONE_KEY
-trigger:
-  event:
-  - tag

.env.example

@@ -7,4 +7,8 @@ DB_PASSWORD=bla
 DB_NAME=./test.sqlite
 NODE_ENV=production
 POSTALCODE_COUNTRYCODE=DE
-SEED_TEST_DATA=false
+SEED_TEST_DATA=false
+SELFSERVICE_URL=bla
+STATION_TOKEN_SECRET=<replace-with-random-secret-min-32-chars>
+NATS_URL=nats://localhost:4222
+NATS_PREWARM=false

.gitea/workflows/release.yml

@@ -0,0 +1,30 @@
+name: Build release images
+on:
+  push:
+    tags:
+      - "*.*.*"
+
+jobs:
+  build-container:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v2
+      - run: bun install --frozen-lockfile
+      - run: bun licenses:export
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: registry.odit.services
+          username: ${{ vars.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          tags: |
+            ${{ vars.REGISTRY }}/lfk/backend:${{ github.ref_name }}
+          platforms: linux/amd64,linux/arm64

.gitignore

@@ -126,8 +126,12 @@ dist
 .yarn/build-state.yml
 .yarn/install-state.gz
 .pnp.*
+
+# Old package manager lockfiles (Bun migration - keep bun.lock)
 yarn.lock
 package-lock.json
+pnpm-lock.yaml
+
 build
 
 *.sqlite
@@ -135,4 +139,4 @@ build
 /docs
 lib
 /oss-attribution
-*.tmp
+*.tmp

.vscode/settings.json

@@ -9,8 +9,7 @@
     "[typescript]": {
         "editor.defaultFormatter": "vscode.typescript-language-features",
         "editor.codeActionsOnSave": {
-            "source.organizeImports": true,
-            // "source.fixAll": true
+            "source.organizeImports": "explicit"
         }
     },
     "javascript.preferences.quoteStyle": "single",

AGENTS.md

@@ -0,0 +1,282 @@
+# AGENTS.md — LfK Backend
+
+Guidance for agentic coding agents working in this repository.
+
+---
+
+## Project Overview
+
+Express + [`routing-controllers`](https://github.com/typestack/routing-controllers) REST API written in TypeScript. Uses TypeORM for database access (SQLite in dev/test, PostgreSQL or MySQL in production). OpenAPI docs are auto-generated from decorators at startup.
+
+**Runtime & Package Manager**: Bun (replaces Node.js + npm/pnpm).
+
+---
+
+## Build / Run / Test Commands
+
+### Development
+
+```sh
+bun run dev           # Start dev server with auto-reload (uses Bun's --watch)
+```
+
+**Auto-reload**: The `dev` script uses Bun's built-in `--watch` flag, which automatically restarts the server when TypeScript files in `src/` change. Bun runs TypeScript directly - no build step needed.
+
+**Performance**: Bun delivers 8-15% better latency under concurrent load compared to Node.js. See `BUN_BENCHMARK_RESULTS.md` for details.
+
+### Build
+
+```sh
+bun run build         # rimraf dist && tsc && copy static assets → dist/
+```
+
+**Note**: The build script exists for legacy compatibility and type-checking, but is **not required** for development or production. Bun runs TypeScript source files directly.
+
+### Production
+
+```sh
+bun start             # bun src/app.ts (runs TypeScript directly)
+```
+
+### Tests
+
+Tests are **integration tests** that hit a live running server via HTTP. The server must be started before Jest is invoked.
+
+```sh
+# Full CI test flow (generates .env, starts server, runs jest):
+bun run test:ci
+
+# Run Jest directly (server must already be running):
+bun test
+
+# Watch mode:
+bun run test:watch
+
+# Run a single test file:
+bunx jest src/tests/runners/runner_add.spec.ts
+
+# Run tests matching a name pattern:
+bunx jest --testNamePattern="POST /api/runners"
+
+# Run all tests in a subdirectory:
+bunx jest src/tests/runners/
+```
+
+# Run all tests in a subdirectory:
+bunx jest src/tests/runners/
+```
+
+> **Important:** `bun test` alone will fail unless the dev server is already running on `http://localhost:<config.internal_port>`. In CI, `start-server-and-test` handles this automatically via `bun run test:ci`.
+
+### Other Utilities
+
+```sh
+bun run seed                 # Sync DB schema and run seeders
+bun run openapi:export       # Export OpenAPI spec to file
+bun run docs                 # Generate TypeDoc documentation
+bun run licenses:export      # Export third-party license report
+```
+
+---
+
+## TypeScript Configuration
+
+- **Target:** ES2020, **Module:** CommonJS
+- **`strict: false`** — TypeScript strictness is disabled; types are used but not exhaustively enforced
+- **`experimentalDecorators: true`** and **`emitDecoratorMetadata: true`** — required by `routing-controllers`, `TypeORM`, and `class-validator`
+- Spec files (`**/*.spec.ts`) are excluded from compilation
+- Source root: `src/`, output: `dist/`
+
+---
+
+## Code Style Guidelines
+
+### No Linter / Formatter Configured
+
+There is no ESLint or Prettier configuration. Follow the patterns already established in the codebase rather than introducing new tooling.
+
+### Imports
+
+- Use named imports for decorator packages: `import { Get, JsonController, Param } from 'routing-controllers'`
+- Use named imports for TypeORM: `import { Column, Entity, getConnectionManager } from 'typeorm'`
+- Use named imports for class-validator: `import { IsInt, IsOptional, IsString } from 'class-validator'`
+- Use `import * as X from 'module'` for modules without clean default exports (e.g., `import * as jwt from 'jsonwebtoken'`)
+- Use default imports for simple modules (e.g., `import cookie from 'cookie'`)
+- `reflect-metadata` is imported once at the top of `src/app.ts` — do not re-import it
+- No barrel/index re-export files; import source files directly by path
+
+### Naming Conventions
+
+| Construct | Convention | Example |
+|---|---|---|
+| Classes | `PascalCase` | `RunnerController`, `CreateRunner` |
+| Files | `PascalCase.ts` matching class name | `RunnerController.ts` |
+| Local variables | `camelCase` (some `snake_case` in tests) | `accessToken`, `access_token` |
+| DB entity fields | `snake_case` preferred | `created_at`, `updated_at` |
+| Controller methods | REST-conventional | `getAll`, `getOne`, `post`, `put`, `remove` |
+| Custom errors | `{Entity}{Issue}Error` | `RunnerNotFoundError`, `RunnerIdsNotMatchingError` |
+| Response DTOs | `Response{Entity}` | `ResponseRunner`, `ResponseAuth` |
+| Create DTOs | `Create{Entity}` | `CreateRunner` |
+| Update DTOs | `Update{Entity}` | `UpdateRunner` |
+| Enums | `PascalCase` | `ResponseObjectType`, `PermissionAction` |
+
+### Formatting
+
+- 4-space indentation (observed throughout the codebase)
+- Single quotes for string literals in most files
+- No trailing semicolons style inconsistency — follow what's already in the file you're editing
+
+### Types
+
+- Add TypeScript types to all function parameters and return values
+- Use `class-validator` decorators (`@IsString`, `@IsInt`, `@IsOptional`, `@IsUUID`, etc.) on every DTO and response class field — these drive both runtime validation and OpenAPI schema generation
+- Use abstract classes for shared entity base types (e.g., `abstract class Participant`)
+- Use interfaces for response contracts (e.g., `interface IResponse`)
+- Use enums for typed string/number constants
+- Avoid `any` where possible; when unavoidable, keep it localised
+- `strict` is off — but still annotate types explicitly rather than relying on inference
+
+### Controller Pattern
+
+```typescript
+import { Authorized, Body, Delete, Get, JsonController, Param, Post, Put } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+
+@JsonController('/runners')
+@Authorized()
+export class RunnerController {
+    @Get('/')
+    @OpenAPI({ description: 'Returns all runners' })
+    @ResponseSchema(ResponseRunner, { isArray: true })
+    async getAll() { ... }
+
+    @Get('/:id')
+    @ResponseSchema(ResponseRunner)
+    async getOne(@Param('id') id: number) { ... }
+
+    @Post('/')
+    @ResponseSchema(ResponseRunner)
+    async post(@Body({ validate: true }) createRunner: CreateRunner) { ... }
+
+    @Put('/:id')
+    @ResponseSchema(ResponseRunner)
+    async put(@Param('id') id: number, @Body({ validate: true }) updateRunner: UpdateRunner) { ... }
+
+    @Delete('/:id')
+    @ResponseSchema(ResponseRunner)
+    async remove(@Param('id') id: number) { ... }
+}
+```
+
+### Error Handling
+
+- Define custom error classes in `src/errors/` extending `routing-controllers` error types (`NotFoundError`, `NotAcceptableError`, etc.)
+- Every custom error class must include `@IsString()` decorated `name` and `message` fields for OpenAPI schema generation
+- Throw custom errors directly in controllers: `throw new RunnerNotFoundError()`
+- Use try/catch in controllers and re-throw meaningful errors; do not swallow errors silently
+- The global `ErrorHandler` middleware (registered in `src/middlewares/`) catches all unhandled errors and serialises them as JSON — do not duplicate this logic in controllers
+- Auth errors are thrown from `src/middlewares/authchecker.ts`, not from individual controllers
+
+### Entity Pattern (TypeORM)
+
+- Entities live in `src/models/entities/`
+- Decorate every entity with `@Entity()` and every column with the appropriate `@Column`, `@PrimaryGeneratedColumn`, etc.
+- Use `@CreateDateColumn()` / `@UpdateDateColumn()` for timestamp fields
+- Use table inheritance (`@TableInheritance` + `@ChildEntity`) for polymorphic entities
+- Access repositories via `getConnectionManager().get().getRepository(EntityClass)` — do not inject repositories as constructor dependencies
+- Database schema is synchronised automatically on startup (`connection.synchronize()`) — no manual migration files
+
+### DTO Pattern (Create / Update)
+
+- Create DTOs in `src/models/actions/create/` and `src/models/actions/update/`
+- Use `class-validator` decorators for every field
+- `@IsOptional()` for fields that are not required on update; all fields on create DTOs should be mandatory unless explicitly optional in the API contract
+- Response DTOs live in `src/models/responses/` and follow the `Response{Entity}` naming pattern
+
+---
+
+## Test Style Guidelines
+
+> **IMPORTANT: Do not run existing tests and do not create new tests.** The existing test suite in `src/tests/` is outdated and no longer reflects the current state of the codebase. Ignore all test files when working in this repository. Do not write new tests for any changes or additions.
+
+All tests are integration tests in `src/tests/` organised by domain entity:
+
+```
+src/tests/
+  auth/
+    auth_login.spec.ts
+    auth_refresh.spec.ts
+  runners/
+    runner_add.spec.ts
+    runner_get.spec.ts
+    runner_update.spec.ts
+    runner_delete.spec.ts
+  ...
+```
+
+### Test File Template
+
+```typescript
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port;
+
+let access_token: string;
+let axios_config: object;
+
+beforeAll(async () => {
+    jest.setTimeout(20000);
+    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+    access_token = res.data["access_token"];
+    axios_config = {
+        headers: { "authorization": "Bearer " + access_token },
+        validateStatus: undefined   // prevents axios from throwing on non-2xx responses
+    };
+});
+
+describe('POST /api/runners working', () => {
+    it('creating a runner with required params should return 200', async () => {
+        const res = await axios.post(base + '/api/runners', { ... }, axios_config);
+        expect(res.status).toEqual(200);
+        expect(res.headers['content-type']).toContain("application/json");
+    });
+});
+
+describe('POST /api/runners failing', () => {
+    it('creating a runner without required params should return 400', async () => {
+        const res = await axios.post(base + '/api/runners', {}, axios_config);
+        expect(res.status).toEqual(400);
+    });
+});
+```
+
+- Always set `validateStatus: undefined` in `axios_config` to prevent axios throwing on error responses
+- Group tests by HTTP verb + route in `describe()` blocks; separate "working" and "failing" cases
+- Use `jest.setTimeout(20000)` in `beforeAll` for slow integration tests
+- Assert both `res.status` and `res.headers['content-type']` on success paths
+
+---
+
+## Environment Configuration
+
+- Copy `.env.example` to `.env` and fill in values before running locally
+- Database type is set via `DB_TYPE` env var (`sqlite`, `postgres`, or `mysql`)
+- Server port is set via `INTERNAL_PORT` (accessed as `config.internal_port` in code)
+- All config values are validated at startup in `src/config.ts`
+- CI env is generated by `bun run test:ci:generate_env` (`scripts/create_testenv.ts`)
+
+### NATS Configuration
+
+The backend uses **NATS JetStream** as a KV cache for scan intake performance optimization.
+
+- `NATS_URL` — connection URL for NATS server (default: `nats://localhost:4222`)
+- `NATS_PREWARM` — if `true`, preloads all runner state into the KV cache at startup to eliminate DB reads from the first scan onward (default: `false`)
+
+**KV buckets** (auto-created by `NatsClient` at startup):
+- `station_state` — station token cache (1-hour TTL)
+- `card_state` — card→runner mapping cache (1-hour TTL)
+- `runner_state` — runner display name, total distance, latest scan timestamp (no TTL, CAS-based updates)
+
+**Development**: NATS runs in Docker via `docker-compose.yml` (port 4222). The JetStream volume is persisted to `./nats-data/` to survive container restarts.
+
+**Station intake hot path**: `POST /api/scans/trackscans` from scan stations uses a KV-first flow that eliminates DB reads on cache hits and prevents race conditions via compare-and-swap (CAS) updates. See `SCAN_NATS_PLAN.md` for full architecture details.

CHANGELOG.md

@@ -2,8 +2,644 @@
 
 All notable changes to this project will be documented in this file. Dates are displayed in UTC.
 
-#### [v0.7.1](https://git.odit.services/lfk/backend/compare/v0.7.1...v0.7.1)
+#### [1.8.0](https://git.odit.services/lfk/backend/compare/1.7.2...1.8.0)
 
+- refactor: Switch from official argon2 to Bun's implementation [`a1e697a`](https://git.odit.services/lfk/backend/commit/a1e697acb264a753534c5ff8f5f43357cbc287da)
+- refactor: Replace uuid and dotenv with bun primitives [`abce517`](https://git.odit.services/lfk/backend/commit/abce517d86daa00d76d691081907cb832494cb91)
+- refactor(deps): Remove unused glob dependency from package.json and bun.lock [`abdadb8`](https://git.odit.services/lfk/backend/commit/abdadb8e6419c5ec9f8cc0a9e5ebf68671d84a94)
+
+#### [1.7.2](https://git.odit.services/lfk/backend/compare/1.7.1...1.7.2)
+
+> 20 February 2026
+
+- fix(dev): We did it funky bun dev workarounds are no more [`3bb8b20`](https://git.odit.services/lfk/backend/commit/3bb8b202b00f8b7c52c700373ed09a92714528be)
+- docs: Added agents file to support ai assisted coding [`cbf1da3`](https://git.odit.services/lfk/backend/commit/cbf1da31c9f02a810d8c85caae60ab9483f826c2)
+- refactor(dev): Yeet the funky dev script out of this codebase [`fd18e56`](https://git.odit.services/lfk/backend/commit/fd18e562518f5b3437f11ceb68e69e50f042891e)
+- chore(release): 1.7.2 [`c9b8614`](https://git.odit.services/lfk/backend/commit/c9b8614f53619ec76ccf76875c138c986699c746)
+
+#### [1.7.1](https://git.odit.services/lfk/backend/compare/1.7.0...1.7.1)
+
+> 20 February 2026
+
+- fix(ci): Switch to bun in ci [`fe90414`](https://git.odit.services/lfk/backend/commit/fe90414dd910baff8107197408575b6af0cc4cbf)
+- perf(db): Added indexes [`21ceb9f`](https://git.odit.services/lfk/backend/commit/21ceb9fa265df2f2193a6c4fb58080ead9c72bf8)
+- chore(release): 1.7.1 [`d1c4744`](https://git.odit.services/lfk/backend/commit/d1c47442314508a95bfa66b83740c957b75f152a)
+
+#### [1.7.0](https://git.odit.services/lfk/backend/compare/1.6.0...1.7.0)
+
+> 20 February 2026
+
+- refactor: Bun by default [`240bd9c`](https://git.odit.services/lfk/backend/commit/240bd9cba10636bfc100ea2732508d805639f105)
+- chore(release): 1.7.0 [`5081819`](https://git.odit.services/lfk/backend/commit/5081819281eacd6beb8d4876f0a9df71c901e84e)
+
+#### [1.6.0](https://git.odit.services/lfk/backend/compare/1.5.2...1.6.0)
+
+> 20 February 2026
+
+- feat(data): Added nats jetstream dependency [`bbf6ea6`](https://git.odit.services/lfk/backend/commit/bbf6ea6c0fdffa11dacdf4b9afb6160ce54e197d)
+- chore(deps): Bump typescript and get rid of now legacy imports [`2da8247`](https://git.odit.services/lfk/backend/commit/2da8247978c5142eec194651a7520fa53396d762)
+- chore(release): 1.6.0 [`53fb038`](https://git.odit.services/lfk/backend/commit/53fb0389cd1da2b71b82102e82fc3d30f0be3820)
+- feat(nats): Implement caching for card, runner, and station entries with improved key management [`b0c6759`](https://git.odit.services/lfk/backend/commit/b0c67598132deffce697f19c83bd4826420abe76)
+- feat(auth): Implement caching for scanauth [`526738e`](https://git.odit.services/lfk/backend/commit/526738e48722fffe4493102fad69f65b40fc3b49)
+- refactor(scan): Implement KV-backed scan station submissions and response model [`d3e0206`](https://git.odit.services/lfk/backend/commit/d3e0206a3ccbff0e69024426bb2bf266cde30eeb)
+- fix(types): Add custom Express request types for station authentication [`778f159`](https://git.odit.services/lfk/backend/commit/778f15940594d5c2e423ef001eddd2d505ebd5f5)
+- perf(nats): Implement bulk cache prewarming for runners to optimize startup performance [`024e647`](https://git.odit.services/lfk/backend/commit/024e64729594237773f3819646bdbc806ee985bc)
+- feat(auth): Switch scanstation auth from argon2 to sha256 to improve performance [`3584b3f`](https://git.odit.services/lfk/backend/commit/3584b3facf7641f18db6eafe7035f17de8c5086c)
+- perf(nats): Implement bulk cache prewarming for runners to optimize startup performance [`d230350`](https://git.odit.services/lfk/backend/commit/d230350027dea4dcdad9feddd9408a866ed787df)
+
+#### [1.5.2](https://git.odit.services/lfk/backend/compare/1.5.1...1.5.2)
+
+> 26 May 2025
+
+- feat(mailer): Add logging for selfservice forgotten mail requests [`eebcc2e`](https://git.odit.services/lfk/backend/commit/eebcc2e3284230135e3911b4edaecd1a9cfd2100)
+- chore(release): 1.5.2 [`e27e819`](https://git.odit.services/lfk/backend/commit/e27e8196097da19e24af22368ca8be5a8d9ef6b9)
+- feat(mailer): Log error message when sending selfservice forgotten mail fails [`0f532b1`](https://git.odit.services/lfk/backend/commit/0f532b139c2bc5cd89ca2dbff0867825a9363250)
+
+#### [1.5.1](https://git.odit.services/lfk/backend/compare/1.5.0...1.5.1)
+
+> 26 May 2025
+
+- chore(release): 1.5.1 [`284954d`](https://git.odit.services/lfk/backend/commit/284954d064f09951c13584e9d50a83be2c4b9f72)
+- feat(mailer): Log error when sending selfservice forgotten mail fails [`401ca92`](https://git.odit.services/lfk/backend/commit/401ca923a61bc5988e73209c086bc9a5a4fa04f9)
+
+#### [1.5.0](https://git.odit.services/lfk/backend/compare/1.4.3...1.5.0)
+
+> 6 May 2025
+
+- feat(entities): Added created/updated at to all entities [`728f8a1`](https://git.odit.services/lfk/backend/commit/728f8a14e9fb7360fce92640bfa5658af8cadb4f)
+- feat(responses): Added created_at/updated_at [`f225cc4`](https://git.odit.services/lfk/backend/commit/f225cc49548605de48cf6c6e6f7c86b163236545)
+- feat(participants): Added created/updated at [`a448058`](https://git.odit.services/lfk/backend/commit/a4480589a0e23a4481332ab5efa0777c62bbab56)
+- chore(release): 1.5.0 [`bf1f641`](https://git.odit.services/lfk/backend/commit/bf1f6411e0f5113842a537f5bcf632638bdf1048)
+
+#### [1.4.3](https://git.odit.services/lfk/backend/compare/1.4.2...1.4.3)
+
+> 1 May 2025
+
+- feat(runners): Include collected distance donation amount in runner detail [`4494afc`](https://git.odit.services/lfk/backend/commit/4494afc64b433d26b54a293fe156d13c40faad95)
+- chore(release): 1.4.3 [`0ad9eeb`](https://git.odit.services/lfk/backend/commit/0ad9eeb52f18af3ea7d86fe1bf15edb04f4cfd2d)
+
+#### [1.4.2](https://git.odit.services/lfk/backend/compare/1.4.1...1.4.2)
+
+> 1 May 2025
+
+- fix(donations): Fixed creation bug [`07a0195`](https://git.odit.services/lfk/backend/commit/07a0195f125519f239d255a0cc081ddbde8f1da3)
+- chore(release): 1.4.2 [`f4747c5`](https://git.odit.services/lfk/backend/commit/f4747c51de71d9b28cca1b00a91de3cfd6f0f56e)
+
+#### [1.4.1](https://git.odit.services/lfk/backend/compare/1.4.0...1.4.1)
+
+> 28 April 2025
+
+- chore(release): 1.4.1 [`7ac9822`](https://git.odit.services/lfk/backend/commit/7ac98229d17e7cb019d5dcc5402870490a97f910)
+- refactor(auth): Increased token timeouts to 24hrs/7days [`dd5b538`](https://git.odit.services/lfk/backend/commit/dd5b538783f9c806f0c883cd391754fb5c842ec8)
+
+#### [1.4.0](https://git.odit.services/lfk/backend/compare/1.3.12...1.4.0)
+
+> 28 April 2025
+
+- feat(donations): Implement response type to indicate possible missing donor [`f4bf309`](https://git.odit.services/lfk/backend/commit/f4bf309821c140f2bc0ae8b6d96c7458fcc80978)
+- wip [`9875b4f`](https://git.odit.services/lfk/backend/commit/9875b4f3926e04b502e7af64c17f54fd3c1d8e3e)
+- refactor(donations): Make anon prepaid [`02b1cb9`](https://git.odit.services/lfk/backend/commit/02b1cb9904cc593faeac025ae302a8684f650f5e)
+- chore(release): 1.4.0 [`8e6d674`](https://git.odit.services/lfk/backend/commit/8e6d67428c85b6ee504a379ff13a3a951f7b9543)
+- fix(donations): Move donor over to the types that need it [`7697acf`](https://git.odit.services/lfk/backend/commit/7697acff82b23d0c05dbbd17fee6e70eb1b7061c)
+
+#### [1.3.12](https://git.odit.services/lfk/backend/compare/1.3.11...1.3.12)
+
+> 28 April 2025
+
+- chore(release): 1.3.12 [`bacfc43`](https://git.odit.services/lfk/backend/commit/bacfc437f97cac6a20c32b79ae2d6391466f78a6)
+- refactor: make Donation.donor optional [`2ab6e98`](https://git.odit.services/lfk/backend/commit/2ab6e985e356f0f3d8637d81630d191cc11b8806)
+- refactor(config): improve consola error logs [`ce9b765`](https://git.odit.services/lfk/backend/commit/ce9b765b81b014623e79ce64d8d835f1f86cecf3)
+
+#### [1.3.11](https://git.odit.services/lfk/backend/compare/1.3.10...1.3.11)
+
+> 17 April 2025
+
+- feat(RunnerController): add selfservice_links parameter to getRunners method [`a50d72f`](https://git.odit.services/lfk/backend/commit/a50d72f2f5281b8c28ca64a0970161a35a7af95a)
+- chore(release): 1.3.11 [`d06f6a4`](https://git.odit.services/lfk/backend/commit/d06f6a44072971d1853411b255f9b49eb423b3a2)
+
+#### [1.3.10](https://git.odit.services/lfk/backend/compare/1.3.9...1.3.10)
+
+> 11 April 2025
+
+- chore(release): 1.3.10 [`4723d97`](https://git.odit.services/lfk/backend/commit/4723d9738eacd63fb41f23c628fbe4181bd126de)
+- feat(RunnerController.getAll): debug created_via query param filter [`1a478bd`](https://git.odit.services/lfk/backend/commit/1a478bd784e01b9d5a1c6635d1004a9535c9a0e9)
+
+#### [1.3.9](https://git.odit.services/lfk/backend/compare/1.3.8...1.3.9)
+
+> 9 April 2025
+
+- feat(RunnerController.getAll): add created_via query param filter [`6e63c57`](https://git.odit.services/lfk/backend/commit/6e63c57936f06a29da5f1a94b1141d51b75df5f0)
+- chore(release): 1.3.9 [`284cb0f`](https://git.odit.services/lfk/backend/commit/284cb0f8b3955d0d65c2b36d2ec427a39752ffe7)
+
+#### [1.3.8](https://git.odit.services/lfk/backend/compare/1.3.7...1.3.8)
+
+> 9 April 2025
+
+- feat(RunnerCardController): putByCode [`8237d5f`](https://git.odit.services/lfk/backend/commit/8237d5f21067c0872a7eff7c8d1506edf44ec10c)
+- chore(release): 1.3.8 [`30b61db`](https://git.odit.services/lfk/backend/commit/30b61db2c160c019bac381f26cefdc6524ea465e)
+
+#### [1.3.7](https://git.odit.services/lfk/backend/compare/1.3.6...1.3.7)
+
+> 8 April 2025
+
+- feat(stats): Publish runners by kiosk stat [`a6afba9`](https://git.odit.services/lfk/backend/commit/a6afba93e243ca419c282a16cad023d06d864e0e)
+- chore(release): 1.3.7 [`03e0a29`](https://git.odit.services/lfk/backend/commit/03e0a290965648579956ac1f8e8542c97a667ed8)
+
+#### [1.3.6](https://git.odit.services/lfk/backend/compare/1.3.5...1.3.6)
+
+> 8 April 2025
+
+- chore(release): 1.3.6 [`a41758c`](https://git.odit.services/lfk/backend/commit/a41758cd9c83105c3a4b407744bafe2f0f6fb48a)
+- feat(runners): Allow created via being set via api [`d6755ed`](https://git.odit.services/lfk/backend/commit/d6755ed134071df635bc9d5821ceb2396c0f1d22)
+- fix(participant): Switch to correct type [`599c75f`](https://git.odit.services/lfk/backend/commit/599c75fc00217eaec3cc87c0de50d059bdde685f)
+
+#### [1.3.5](https://git.odit.services/lfk/backend/compare/1.3.4...1.3.5)
+
+> 8 April 2025
+
+- feat(runners): Generate selfservice urls on runner if requested or create/update/get single [`5415cd3`](https://git.odit.services/lfk/backend/commit/5415cd38a727e76632a01a4d2634a1777df5542c)
+- chore(release): 1.3.5 [`bb213f0`](https://git.odit.services/lfk/backend/commit/bb213f001eff2157abf8741128f624f9cc991afe)
+
+#### [1.3.4](https://git.odit.services/lfk/backend/compare/1.3.3...1.3.4)
+
+> 28 March 2025
+
+- feat: add runnersViaSelfservice to statsControllerGet [`5c5000a`](https://git.odit.services/lfk/backend/commit/5c5000a218b47815e6846ac8b857dcd1995bfa6f)
+- chore(release): 1.3.4 [`175ba52`](https://git.odit.services/lfk/backend/commit/175ba52ffae8e6ba1fdc1603ac2f5eba15602046)
+
+#### [1.3.3](https://git.odit.services/lfk/backend/compare/v1.3.2...1.3.3)
+
+> 28 March 2025
+
+- chore(release): 1.3.3 [`d559d04`](https://git.odit.services/lfk/backend/commit/d559d0403191c703fd6da0e3f3dab53eec9258c0)
+- ci: remove "v" prefix from tags [`2af682d`](https://git.odit.services/lfk/backend/commit/2af682d1dd09df496eb9f3a9111c50c0c4117356)
+
+#### [v1.3.2](https://git.odit.services/lfk/backend/compare/v1.3.1...v1.3.2)
+
+> 28 March 2025
+
+- chore(release): v1.3.2 [`30905e4`](https://git.odit.services/lfk/backend/commit/30905e481c69cfe62b4261544b4277de3a1a43c2)
+- ci: pnpm@10.7 [`752d405`](https://git.odit.services/lfk/backend/commit/752d405bda9129f3cd288a956d5444cab316c2af)
+
+#### [v1.3.1](https://git.odit.services/lfk/backend/compare/1.3.0...v1.3.1)
+
+> 28 March 2025
+
+- fix: TypeError: Cannot read properties of undefined (reading 'filter') - when trying to delete a org/team with runners [`#210`](https://git.odit.services/lfk/backend/issues/210)
+- pnpm@10.7, node@23, argon->@node-rs/argon2 [`78dcad0`](https://git.odit.services/lfk/backend/commit/78dcad085794c93829499dd550a786c38d6186f5)
+- chore(release): v1.3.1 [`8fa4ed7`](https://git.odit.services/lfk/backend/commit/8fa4ed7c3319c3e56a71701ba266ceda64d2ef69)
+
+#### [1.3.0](https://git.odit.services/lfk/backend/compare/1.2.1...1.3.0)
+
+> 28 March 2025
+
+- feat: created_via for tracking how runners got into the system [`#212`](https://git.odit.services/lfk/backend/pull/212)
+- feat: created_via for tracking how runners got into the system (#212) [`#211`](https://git.odit.services/lfk/backend/issues/211)
+- ci: move to gitea workflows [`ebde8c6`](https://git.odit.services/lfk/backend/commit/ebde8c6ffd8b17c6752da8c4d8eb3095105f6132)
+- chore(release): v1.3.0 [`93e0cdf`](https://git.odit.services/lfk/backend/commit/93e0cdf577654898b2d63790d91598c458a2db59)
+- build: docker "AS" casing [`0a43f1b`](https://git.odit.services/lfk/backend/commit/0a43f1bb5b26d3acb0d4d91648473f0dc55e8637)
+- ci: change release commit message [`6efcd94`](https://git.odit.services/lfk/backend/commit/6efcd94726957b8c527820f1a9b0130151ce22f1)
+- refactor(RunnerController.remove): only load necessary relations [`8c6fdb2`](https://git.odit.services/lfk/backend/commit/8c6fdb22390218e385780fadb3bdaf32148ac054)
+- refactor(RunnerTeamController.remove): only load necessary relations [`c0d5af5`](https://git.odit.services/lfk/backend/commit/c0d5af5d7ab44cfdf19014e0d774fb560d08f6d7)
+- fix: add .created_via to ResponseParticipant constructor [`2e271bc`](https://git.odit.services/lfk/backend/commit/2e271bcd52f02ab7449cd15916b0afc86e8b0a90)
+
+#### [1.2.1](https://git.odit.services/lfk/backend/compare/1.2.0...1.2.1)
+
+> 11 December 2024
+
+- refactor: allow selfservice link every 30s [`07bf28b`](https://git.odit.services/lfk/backend/commit/07bf28b14458849930748ce041fb65e572759482)
+- chore(release): 1.2.1 [`4008a5e`](https://git.odit.services/lfk/backend/commit/4008a5ee720b212bac9cba64417058bf4526060b)
+
+#### [1.2.0](https://git.odit.services/lfk/backend/compare/v1.1.4...1.2.0)
+
+> 11 December 2024
+
+- refactor: move to new mailer [`0f4c8b2`](https://git.odit.services/lfk/backend/commit/0f4c8b2051cae17fbdd7e02017ad5b41c61e210c)
+- refactor(ci): Switch to new woodpecker [`b3a73b2`](https://git.odit.services/lfk/backend/commit/b3a73b25e80a0466ff83e43481271fc0cd499a0d)
+- feat: middlename [`6eff243`](https://git.odit.services/lfk/backend/commit/6eff2438035b368eb45931fad9402a6cb942b350)
+- SELFSERVICE_URL [`765ef84`](https://git.odit.services/lfk/backend/commit/765ef849035ca4f8b2253bb76d15be8e9a3e6763)
+- FRONTEND_URL env [`296ba8d`](https://git.odit.services/lfk/backend/commit/296ba8ddab1dba46f8201829d9a7e5fc1c88c0f8)
+- chore: update readme [`d842c14`](https://git.odit.services/lfk/backend/commit/d842c14240fb4a7f70c66143bbe877f8168ef6d4)
+- chore(release): 1.2.0 [`6764bf8`](https://git.odit.services/lfk/backend/commit/6764bf80eac832d186e688319d8a959543a1495f)
+- Merge pull request 'refactor: move to new mailer' (#209) from refactor/new-mailer into dev [`bda1f97`](https://git.odit.services/lfk/backend/commit/bda1f971d1a14ea403439533c7ae31280c7df167)
+
+#### [v1.1.4](https://git.odit.services/lfk/backend/compare/v1.1.3...v1.1.4)
+
+> 20 November 2024
+
+- build: package lock [`50dd703`](https://git.odit.services/lfk/backend/commit/50dd703a1bd276a607cc10a087c7e90fd880847a)
+- fix(deps): Bump sqlite3 [`cd3cd81`](https://git.odit.services/lfk/backend/commit/cd3cd81360777e8bc4d78e861354e58c8da79cc7)
+- feat(ci)!: Switch to woodpecker [`3192365`](https://git.odit.services/lfk/backend/commit/3192365793fae59f2b89e3231db298654f0a28e9)
+- fix(deps): Bumped argon2 to latest version for arm support [`cf48c00`](https://git.odit.services/lfk/backend/commit/cf48c00ddb2ac33263549876928db50ae152c12d)
+- fix: updated README for pnpm, typos [`5082b1b`](https://git.odit.services/lfk/backend/commit/5082b1b8b1c0ae9e8ffa9c71c4d7923fd9223c87)
+- 🚀Bumped version to v1.1.4 [`a54cb28`](https://git.odit.services/lfk/backend/commit/a54cb287a4323ac8de77f51711cc6c52ec290859)
+- ci: drop lfk-client-node [`075d484`](https://git.odit.services/lfk/backend/commit/075d484f1169bfc5c5b68cb9712116b0e270b471)
+- fix(dependencies): Switch back to previous class-validator version to produce a working build [`74d334f`](https://git.odit.services/lfk/backend/commit/74d334f9b747a77115bd9b97729ef1120822e128)
+
+#### [v1.1.3](https://git.odit.services/lfk/backend/compare/v1.1.2...v1.1.3)
+
+> 10 May 2023
+
+- 🚀Bumped version to v1.1.3 [`057a8ee`](https://git.odit.services/lfk/backend/commit/057a8ee699d08c0e4a80cb50a8820f819569c9ac)
+- feat(orgs): Also resolve child-teams' distances and add them to org total [`8d94186`](https://git.odit.services/lfk/backend/commit/8d9418635d3e381c0f55a2521a3334ba497c169a)
+- fix(orgs): Removed unused log [`f2832a2`](https://git.odit.services/lfk/backend/commit/f2832a2daecc7bc7bbee4d4fceeab8db194730cf)
+
+#### [v1.1.2](https://git.odit.services/lfk/backend/compare/v1.1.1...v1.1.2)
+
+> 10 May 2023
+
+- 🚀Bumped version to v1.1.2 [`0d21596`](https://git.odit.services/lfk/backend/commit/0d21596e2b64a99258d4925ae2ad627d5cdbd984)
+- feat(groups): Resolve the total group distance on group get single (aka get org and get team) [`245827e`](https://git.odit.services/lfk/backend/commit/245827e9c659cf76183dc33ab253becc22ddf032)
+- chore(package): Formatting [`4608a36`](https://git.odit.services/lfk/backend/commit/4608a36df6b187520ca0c331b8dce615205257be)
+
+#### [v1.1.1](https://git.odit.services/lfk/backend/compare/v1.1.0...v1.1.1)
+
+> 19 April 2023
+
+- feat(donors): Resolve donations with donors via pagination [`12a9ae2`](https://git.odit.services/lfk/backend/commit/12a9ae24933117acb3ff9815a7d72abca5eea7a7)
+- 🚀Bumped version to v1.1.1 [`cb1305a`](https://git.odit.services/lfk/backend/commit/cb1305aa77c36aa9d7900f09e7413bc6d45f2c89)
+
+#### [v1.1.0](https://git.odit.services/lfk/backend/compare/v1.0.1...v1.1.0)
+
+> 19 April 2023
+
+- feat(stats): Added donation count and donor count to stats [`6f39ac4`](https://git.odit.services/lfk/backend/commit/6f39ac42dafc2a589bbb2256b0417f3e774ae174)
+- 🚀Bumped version to v1.1.0 [`b9fe9f1`](https://git.odit.services/lfk/backend/commit/b9fe9f1c24653b91255a6dbbdc32c30b1b411eeb)
+- Added average donation per distance to stats [`fe59e3a`](https://git.odit.services/lfk/backend/commit/fe59e3a557903cf555d4c50098e935c49ca1fac4)
+- Added hints [`b25b0db`](https://git.odit.services/lfk/backend/commit/b25b0db76071ef8d50cc60e950a399dc060a2a9f)
+- Added calls to controller [`6ee5328`](https://git.odit.services/lfk/backend/commit/6ee5328dbc404603d19db3a5173ae4def560a9c9)
+- Formatting [`42c23a5`](https://git.odit.services/lfk/backend/commit/42c23a5883dacda4e0147842d448b3ad35b197b1)
+
+#### [v1.0.1](https://git.odit.services/lfk/backend/compare/v1.0.0...v1.0.1)
+
+> 18 April 2023
+
+- fix(pagination) page=0 resulted in false thx JS [`fcee390`](https://git.odit.services/lfk/backend/commit/fcee3909f4c4664115cc7ecb94f30e0dd8e78ce0)
+- 🚀Bumped version to v1.0.1 [`301f334`](https://git.odit.services/lfk/backend/commit/301f33467489a8533bdac11fbd10efd1b791f5e3)
+
+### [v1.0.0](https://git.odit.services/lfk/backend/compare/v0.15.4...v1.0.0)
+
+> 18 April 2023
+
+- 🚀Bumped version to v1.0.0 [`f0e20e4`](https://git.odit.services/lfk/backend/commit/f0e20e413014fe446c97754d2765cdad92c2cc3b)
+- Merge pull request 'feature/205-pagination' (#206) from feature/205-pagination into dev [`80de188`](https://git.odit.services/lfk/backend/commit/80de188565523d642407612272432ef07672b890)
+- Added pagination for runner orgs [`538622a`](https://git.odit.services/lfk/backend/commit/538622aa1841e27256f304e15b4204c2f6d24d76)
+- RunnerTeam Pagination [`0fa663a`](https://git.odit.services/lfk/backend/commit/0fa663a34104d438dd8fc9ab02458fdf289329f8)
+- users pagination [`244da61`](https://git.odit.services/lfk/backend/commit/244da618926377f58bb12dbbd89b7bb39d84596e)
+- Track pagination [`2a72aea`](https://git.odit.services/lfk/backend/commit/2a72aea10ef940fbdd4a9e6137b22933fdec7734)
+- usergroup pagination [`513d7f6`](https://git.odit.services/lfk/backend/commit/513d7f6fbaebe39beab6ec95e6e42eb10c62296d)
+- statsclient pagination [`71ebce6`](https://git.odit.services/lfk/backend/commit/71ebce6f8eebf110bb973a53b91dd6a49e1def99)
+- scanstation pagination [`f60025b`](https://git.odit.services/lfk/backend/commit/f60025b6de79b0f5f89995bf59260194f5de9af0)
+- Get all pagination for permissions [`86a21db`](https://git.odit.services/lfk/backend/commit/86a21dbfa4b50d8e80c611ea6e3eabfc2b8ae365)
+- Pagination for group contacts [`1e9e24d`](https://git.odit.services/lfk/backend/commit/1e9e24d99d75ce6dc846ff662e62c886646ea974)
+- Added pagination for get all donors [`4493c0e`](https://git.odit.services/lfk/backend/commit/4493c0e3d9beebbf7f601b39e1a2579771b4d152)
+- Added pagination for donations [`f5d48fc`](https://git.odit.services/lfk/backend/commit/f5d48fc638080c9333efe474d86f131794c809af)
+- Added pagination for runnercards [`b35a2dd`](https://git.odit.services/lfk/backend/commit/b35a2dd2fab708253373b3326f11ab574be18371)
+- Added pagination for runners [`d873674`](https://git.odit.services/lfk/backend/commit/d873674819e6cb33cf89da4f8fdc30a0b41707e4)
+- Added pagination for get all scans [`37b2ac9`](https://git.odit.services/lfk/backend/commit/37b2ac974b2276efd13538c127ba5ddda2537fe3)
+- Updated test for attribute [`2f305e1`](https://git.odit.services/lfk/backend/commit/2f305e127c75e9e6ff8e9fc0cfc10cc3db44759d)
+- Formatting [`a28ffe0`](https://git.odit.services/lfk/backend/commit/a28ffe06e5f3f69e4af6fdf0c66c9a1dfda10cfa)
+
+#### [v0.15.4](https://git.odit.services/lfk/backend/compare/v0.15.3...v0.15.4)
+
+> 15 April 2023
+
+- Fixed possible null [`0f0c3c7`](https://git.odit.services/lfk/backend/commit/0f0c3c7214f357d991518aafd015ffc4d387ce59)
+- 🚀Bumped version to v0.15.4 [`81aed1d`](https://git.odit.services/lfk/backend/commit/81aed1de40166f4cefabdb478d7638017127b25c)
+
+#### [v0.15.3](https://git.odit.services/lfk/backend/compare/v0.15.2...v0.15.3)
+
+> 15 April 2023
+
+- Faster stats (not including donations) [`b2ac70e`](https://git.odit.services/lfk/backend/commit/b2ac70e0aec1064e54a5043a104e7892984b2338)
+- 🚀Bumped version to v0.15.3 [`3909ed3`](https://git.odit.services/lfk/backend/commit/3909ed34f739e9fee90828f16757c75da90bab0f)
+
+#### [v0.15.2](https://git.odit.services/lfk/backend/compare/v0.15.1...v0.15.2)
+
+> 15 April 2023
+
+- 🚀Bumped version to v0.15.2 [`5f17e7f`](https://git.odit.services/lfk/backend/commit/5f17e7f783a7e8e2efc8f7dbbf2c98bcd1d80240)
+- Don't resolve runner group and parten with get all card requests [`2d8f752`](https://git.odit.services/lfk/backend/commit/2d8f7528d98144832e7609f5aa6fac8de4723c4a)
+- Resolve groups again for card generation [`a5a56a2`](https://git.odit.services/lfk/backend/commit/a5a56a263a01dbd911a799ab57084166e17b80ac)
+
+#### [v0.15.1](https://git.odit.services/lfk/backend/compare/v0.15.0...v0.15.1)
+
+> 15 April 2023
+
+- 🚀Bumped version to v0.15.1 [`9581185`](https://git.odit.services/lfk/backend/commit/9581185b24039338e7f238ecdcc3881bb5203759)
+- Faster trackscan creation by only loading the latest scan [`e9914e3`](https://git.odit.services/lfk/backend/commit/e9914e317b7fd78863cfd8549bad65da9292b7ca)
+- Log batch time in mass scan script [`2905884`](https://git.odit.services/lfk/backend/commit/2905884c024d7f275b3ad2c2858a2f0911adb95b)
+- Dont load cards with get all runners request [`702070d`](https://git.odit.services/lfk/backend/commit/702070da669cc605b93e6f5b62d712c28f079dd0)
+
+#### [v0.15.0](https://git.odit.services/lfk/backend/compare/v0.14.6...v0.15.0)
+
+> 15 April 2023
+
+- Added test script for creating mass scans [`8007117`](https://git.odit.services/lfk/backend/commit/80071174342d87199fcbd981cd8c92300b0a51e4)
+- 🚀Bumped version to v0.15.0 [`cc89ba8`](https://git.odit.services/lfk/backend/commit/cc89ba8afb3120569613a889baf962555612e95a)
+- Get all scans speed improvement [`23fa78e`](https://git.odit.services/lfk/backend/commit/23fa78eb9dcc01ecc036347f6703aacc0d163d7d)
+- More scan request optimizations [`7c4ff42`](https://git.odit.services/lfk/backend/commit/7c4ff42a3b3e7b186e16c85a97d9ecc854a32cb0)
+
+#### [v0.14.6](https://git.odit.services/lfk/backend/compare/v0.14.5...v0.14.6)
+
+> 15 April 2023
+
+- 🚀Bumped version to v0.14.6 [`3b3e689`](https://git.odit.services/lfk/backend/commit/3b3e68900beca16cfff88dbef22540f77750d29b)
+- Missing orm file [`3ff666f`](https://git.odit.services/lfk/backend/commit/3ff666fd3e84ac8cf41b30e9e17082b10548d55b)
+
+#### [v0.14.5](https://git.odit.services/lfk/backend/compare/v0.14.4...v0.14.5)
+
+> 15 April 2023
+
+- 🚀Bumped version to v0.14.5 [`4e44350`](https://git.odit.services/lfk/backend/commit/4e4435010fd7095e3b9742e207cba1b68cd6da3b)
+- Entrypoint fix [`de9af5a`](https://git.odit.services/lfk/backend/commit/de9af5a90907dcfc9bfb1d5a56420eed8bb59922)
+- Fixed copy [`ac631f0`](https://git.odit.services/lfk/backend/commit/ac631f0af467446552478873b7b4802a9310f865)
+
+#### [v0.14.4](https://git.odit.services/lfk/backend/compare/v0.14.3...v0.14.4)
+
+> 15 April 2023
+
+- Switched ci over to pnpm + cache [`6275aaa`](https://git.odit.services/lfk/backend/commit/6275aaa326f1c02c8dd42aa31608978408c44ab7)
+- 🚀Bumped version to v0.14.4 [`6bbdd5b`](https://git.odit.services/lfk/backend/commit/6bbdd5bb04a1c38e4b3a150db24b76e9c96490dd)
+- Back to ean13 based codes [`a8fc755`](https://git.odit.services/lfk/backend/commit/a8fc7558408b97da4b2c469ae5e73ab502b4fda0)
+- install prod in first step [`d027439`](https://git.odit.services/lfk/backend/commit/d02743984dfea8057be3081bd3a32a8f67e610aa)
+- Switched dockerfile to pnpm 8 with cache [`93d43b7`](https://git.odit.services/lfk/backend/commit/93d43b76843d7cb411f37fd2066c6a5364c05415)
+- COPY by stage name [`a64f6c9`](https://git.odit.services/lfk/backend/commit/a64f6c9822af2b927e91b0b55f1f50176de30169)
+- pinned pnpm version [`2a94bfa`](https://git.odit.services/lfk/backend/commit/2a94bfa6227d14f635b5fc2789b59c36d490937e)
+- custom pnpm cache [`85dc344`](https://git.odit.services/lfk/backend/commit/85dc3444acc677ddd242f9f2543ce477fe427a7c)
+- added missing ci env [`734c826`](https://git.odit.services/lfk/backend/commit/734c826face58dd5c3bb2607bda6e7f6d051012e)
+- pinned pnpm to 8 [`27e74e8`](https://git.odit.services/lfk/backend/commit/27e74e824cd1e23d4d53c1a983a1668dd87f5d59)
+- coherent baseimage [`b5c0a28`](https://git.odit.services/lfk/backend/commit/b5c0a288ac3c020f5d753c558aee160fea0bae14)
+- bumped final pnpm version [`33b25c9`](https://git.odit.services/lfk/backend/commit/33b25c9743abb7cefb3538f08cc2f78a646905c8)
+
+#### [v0.14.3](https://git.odit.services/lfk/backend/compare/v0.14.2...v0.14.3)
+
+> 18 March 2023
+
+- 🚀Bumped version to v0.14.3 [`16ce0a8`](https://git.odit.services/lfk/backend/commit/16ce0a848050b74c4b6dd93f17e5a6e9024cdb7d)
+- Adjusted modulo for new fixed card length [`9a8d618`](https://git.odit.services/lfk/backend/commit/9a8d618ae4584640e8be1ce9fe4bddd2ef7a92ae)
+
+#### [v0.14.2](https://git.odit.services/lfk/backend/compare/v0.14.1...v0.14.2)
+
+> 18 March 2023
+
+- 🚀Bumped version to v0.14.2 [`38da2d3`](https://git.odit.services/lfk/backend/commit/38da2d33187f4b24eef878642e153663ecd95de1)
+- Back to modulo [`068deb4`](https://git.odit.services/lfk/backend/commit/068deb4960bd16decf99887ffbda7a7d3dd9ff0b)
+
+#### [v0.14.1](https://git.odit.services/lfk/backend/compare/v0.14.0...v0.14.1)
+
+> 18 March 2023
+
+- 🚀Bumped version to v0.14.1 [`13f093b`](https://git.odit.services/lfk/backend/commit/13f093bb6138a498f93a05ef6dd812ae92f2676a)
+- Switched from card prefix replacement via modulo to regex [`6289f30`](https://git.odit.services/lfk/backend/commit/6289f307400aacaa9cfe03f3024c1e0d5554d4f2)
+
+#### [v0.14.0](https://git.odit.services/lfk/backend/compare/v0.13.3...v0.14.0)
+
+> 15 March 2023
+
+- 🚀Bumped version to v0.14.0 [`6ff764b`](https://git.odit.services/lfk/backend/commit/6ff764bc340ca25b3bdd62c6892259e228723973)
+- Updated default length [`ea87cc7`](https://git.odit.services/lfk/backend/commit/ea87cc793b163bf0d4405a25bbe83fbc8e31c206)
+- breaking(runnercards): shorter runnercard codes (padding to 12 was a bit tooo ambitious) [`ffee887`](https://git.odit.services/lfk/backend/commit/ffee887ddf6a71102ee39533d7cd504d1fd6698f)
+- Removed sqlite journal [`92517e3`](https://git.odit.services/lfk/backend/commit/92517e365393f4baac3814f5668874b5752dc7c8)
+
+#### [v0.13.3](https://git.odit.services/lfk/backend/compare/v0.13.2...v0.13.3)
+
+> 15 February 2023
+
+- 🚀Bumped version to v0.13.3 [`3bac75e`](https://git.odit.services/lfk/backend/commit/3bac75e7ab9f16ecab1fbfa9915a7edb923883f6)
+- Merge pull request 'feature/201-no_citizen-deletion' (#202) from feature/201-no_citizen-deletion into dev [`d05eddc`](https://git.odit.services/lfk/backend/commit/d05eddcae198427ce9a334096563b3aadcff2b56)
+- Updated tests [`d5c689d`](https://git.odit.services/lfk/backend/commit/d5c689d6937288df7dca14ce26fbbd4f46a8752a)
+- Added delete check for citizen org [`8fedd4e`](https://git.odit.services/lfk/backend/commit/8fedd4ef3bdd48dc42abc1d53006eefc145175e3)
+
+#### [v0.13.2](https://git.odit.services/lfk/backend/compare/v0.13.1...v0.13.2)
+
+> 3 February 2023
+
+- 🚀Bumped version to v0.13.2 [`e8b2e6f`](https://git.odit.services/lfk/backend/commit/e8b2e6f26140a18c06b017e4461742d7e7942f08)
+- Merge pull request 'move selfservice magic link endpoint to 15min rate limit' (#200) from feature/runner-selfservice-login-link-rate-limit into dev [`39f3b0e`](https://git.odit.services/lfk/backend/commit/39f3b0e01f03bfbcfcb0ea08d697268ce068e63d)
+- move to 15min limit [`edaf255`](https://git.odit.services/lfk/backend/commit/edaf255e8f609185dcd6c2c0cd2e8b007b785e0c)
+- Merge pull request 'Releases 0.12.0 and 0.13.0' (#199) from dev into main [`41c4ed4`](https://git.odit.services/lfk/backend/commit/41c4ed4d0faaed382801bbe480f31dafa6f3912d)
+
+#### [v0.13.1](https://git.odit.services/lfk/backend/compare/v0.13.0...v0.13.1)
+
+> 2 February 2023
+
+- 🚀Bumped version to v0.13.1 [`f2bd88a`](https://git.odit.services/lfk/backend/commit/f2bd88aadfcb6ffa0485ea6afac8c7664a37f5f4)
+- Updated description [`67a3661`](https://git.odit.services/lfk/backend/commit/67a36614485b2ea83c2de41e0684708b95a05b32)
+
+#### [v0.13.0](https://git.odit.services/lfk/backend/compare/v0.12.0...v0.13.0)
+
+> 2 February 2023
+
+- Added faker for testing [`e184673`](https://git.odit.services/lfk/backend/commit/e1846739638905aab6ba7e059fd2cbf8ff467bf3)
+- 📖New license file version [CI SKIP] [skip ci] [`2b641fa`](https://git.odit.services/lfk/backend/commit/2b641faa29c47d95f69983770dc4ab37e674604f)
+- 🚀Bumped version to v0.13.0 [`0c763a2`](https://git.odit.services/lfk/backend/commit/0c763a2dfd39607b480d9aff7d3c883791f41700)
+- Updated selfservice tests to prevent email duplication [`9bc80aa`](https://git.odit.services/lfk/backend/commit/9bc80aac8aab9b4dedc26c9bc3ce705d7fe9c0bf)
+- Moved license and changelog export to releaseit hooks [`77c6303`](https://git.odit.services/lfk/backend/commit/77c6303014578edbbadeeaa790f7974bde2a9764)
+- Updated readme [`4cdba8b`](https://git.odit.services/lfk/backend/commit/4cdba8bc77ce543f6fb636711b8728bce794eac7)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`ae14d6c`](https://git.odit.services/lfk/backend/commit/ae14d6c74f9205440b41ca5fdbd052ca449148fc)
+- Added selfservice runner create check to prevent duplicate email [`68cd746`](https://git.odit.services/lfk/backend/commit/68cd746a9f3360b3630a9ba570213d2aa62497b4)
+- Updated tests for new login in selfservice [`39aa759`](https://git.odit.services/lfk/backend/commit/39aa7598b7cd0ecb0f077f50ebdd31c6e205f06d)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`9fa8b93`](https://git.odit.services/lfk/backend/commit/9fa8b93c08ee52335b18e743f9d205b19e6095c6)
+- Moved changelog generation to package script [`a7297ff`](https://git.odit.services/lfk/backend/commit/a7297ff933ae1372a9d508cdae1a54d2ebbcc647)
+- Merge pull request 'feature/197-duplicate_runner_mail' (#198) from feature/197-duplicate_runner_mail into dev [`4b676bc`](https://git.odit.services/lfk/backend/commit/4b676bc85336c2d494e9e74823d38deec5cc0400)
+- Updated logo url [`4433ddb`](https://git.odit.services/lfk/backend/commit/4433ddb1e15a35481728670e22049200644bf337)
+- depends_on: ["clone"] [`9cc66ee`](https://git.odit.services/lfk/backend/commit/9cc66eebdfe8e7a2888bbc97197d1756ff44de30)
+- Fixed typo [`19a290c`](https://git.odit.services/lfk/backend/commit/19a290c3a931ead0d9ae9ebb0985bfbaac54df59)
+- Rename selfservice forgot to login [`69651d9`](https://git.odit.services/lfk/backend/commit/69651d9f6cd826b6d4720f164897a2a72a57c851)
+- 📖New license file version [CI SKIP] [skip ci] [`6fd246f`](https://git.odit.services/lfk/backend/commit/6fd246f43cb3f4d0ccb6e017ee699889ba17daac)
+- Add git for changelog fun [`2fa56b8`](https://git.odit.services/lfk/backend/commit/2fa56b82d1e082a1deae943e5fca5101f24e3ef5)
+
+#### [v0.12.0](https://git.odit.services/lfk/backend/compare/v0.11.1...v0.12.0)
+
+> 2 February 2023
+
+- Pinned versions [`a6d5693`](https://git.odit.services/lfk/backend/commit/a6d5693ccdeb25b15a09af8f7438142114268807)
+- Drone -> Kaniko based builds [`0e78951`](https://git.odit.services/lfk/backend/commit/0e789513008085d0db94fc3b2dd9e74a5e583049)
+- Drone images to odit registry [`6ad56b3`](https://git.odit.services/lfk/backend/commit/6ad56b31269bf19a740c1b6b1a303a8a9d7d59d0)
+- Bumped container base images [`d95c6d3`](https://git.odit.services/lfk/backend/commit/d95c6d33657f6aa977a8ebfefad7e199bb1cc9c3)
+- Enabled tag via release script [`9217421`](https://git.odit.services/lfk/backend/commit/92174212213f874e41c9472a927bcf87b963ac94)
+- Pinned pnpm for builds [`4570845`](https://git.odit.services/lfk/backend/commit/4570845b3e1bd00c228fe1b09b658c24e20aba7f)
+- 🚀Bumped version to v0.12.0 [`4c10e20`](https://git.odit.services/lfk/backend/commit/4c10e20b91a8101ee37b230373ceb3e024582b41)
+- Ignore pnpm lock [`1f2c8ab`](https://git.odit.services/lfk/backend/commit/1f2c8abb22f3ff1e61b7350b517bd699c3e315f6)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`31b258b`](https://git.odit.services/lfk/backend/commit/31b258b4ce82213144160a4233b7fd127e456776)
+
+#### [v0.11.1](https://git.odit.services/lfk/backend/compare/v0.11.0...v0.11.1)
+
+> 22 April 2021
+
+- Merge pull request 'Release 0.11.1' (#196) from dev into main [`f19f280`](https://git.odit.services/lfk/backend/commit/f19f2808d88414f1877c01f10996dac68b6f9617)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`2229cdf`](https://git.odit.services/lfk/backend/commit/2229cdf20db1a98f9f76a99fa9d3f463cdf6d804)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`348fe52`](https://git.odit.services/lfk/backend/commit/348fe52c42cfa32239b703041820f725e147154e)
+- Now prefixing runnercards with 2 [`8a82e05`](https://git.odit.services/lfk/backend/commit/8a82e059b74ceabf43c9cbfe9c9b89ef6ce15a28)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`3b9cd2e`](https://git.odit.services/lfk/backend/commit/3b9cd2e1bbbe8e69c3883233a98f286d768c2b79)
+- Added fix for the appended 2 [`eb526fb`](https://git.odit.services/lfk/backend/commit/eb526fb57faf631fd6e84af99af738ab1b3481c7)
+- 🚀Bumped version to v0.11.1 [`95320ca`](https://git.odit.services/lfk/backend/commit/95320ca1bccc2886553accea6a428aadffda0a27)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`f2d127f`](https://git.odit.services/lfk/backend/commit/f2d127fc98d75ce658424624abd382c087737ca0)
+
+#### [v0.11.0](https://git.odit.services/lfk/backend/compare/v0.10.2...v0.11.0)
+
+> 14 April 2021
+
+- Merge pull request 'Release 0.11.0' (#195) from dev into main [`3220b19`](https://git.odit.services/lfk/backend/commit/3220b194d4c704835d6d106ec4d9d54a17a38b62)
+- Fixed spelling [`da266a8`](https://git.odit.services/lfk/backend/commit/da266a8dd68dbb575997ae343624982b690486ec)
+- Updated tests [`01ed514`](https://git.odit.services/lfk/backend/commit/01ed51489eb92fff907d46a930ecf0b0eb5cad2b)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`520608a`](https://git.odit.services/lfk/backend/commit/520608aef05b21f4daadf55cfc8caddba06b8f01)
+- Added payedDonationAmount to donor and responsedonor [`8ae4b85`](https://git.odit.services/lfk/backend/commit/8ae4b8582749332f4fb081eee0c520293347001f)
+- Responses now contain the donation status [`34dbaaa`](https://git.odit.services/lfk/backend/commit/34dbaaafe0422234848eabe3f52b26879c9e5a49)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`278c4a6`](https://git.odit.services/lfk/backend/commit/278c4a6a415434487a92ff66f8114bb2547aac48)
+- Marked payedAmount as optional during creation and/or update [`0636616`](https://git.odit.services/lfk/backend/commit/0636616dad5afb41ffe47a857d91ac75b4f2f20a)
+- Added payed amount fileld to donation class [`b8fbb72`](https://git.odit.services/lfk/backend/commit/b8fbb72fa0b659c9acc406c72a8a59c2174351b4)
+- Added status to tests [`30c6d3d`](https://git.odit.services/lfk/backend/commit/30c6d3d8db9fe37a51e596a73add8b87e8616e54)
+- Added payed amount to response class [`d64f470`](https://git.odit.services/lfk/backend/commit/d64f470b608b3f179ec77da0210de51c328ef3f2)
+- 📖New license file version [CI SKIP] [skip ci] [`a2f0d81`](https://git.odit.services/lfk/backend/commit/a2f0d814fc782ad440500e7d6ec779b6ab7f0ac6)
+- 🚀Bumped version to v0.11.0 [`3558e99`](https://git.odit.services/lfk/backend/commit/3558e9909088647bd4f1f4334f50c07a5ef00214)
+- Merge pull request 'Donation payment management feature/193-donation_payments' (#194) from feature/193-donation_payments into dev [`6df5f63`](https://git.odit.services/lfk/backend/commit/6df5f634f3123e04c015889573ccc5674a8bab27)
+- Added payed amount to crealte classes [`71542bc`](https://git.odit.services/lfk/backend/commit/71542bc3887b97c15436d03280e49f7b3f0fcb06)
+- Added donation status enum [`b4c31ee`](https://git.odit.services/lfk/backend/commit/b4c31ee9b5b35d6e11b07f50f3d30ca12e0f7728)
+- Added payed amount to update classes [`9930742`](https://git.odit.services/lfk/backend/commit/99307423c533f8cde847b59a80bffc2ff42c9769)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`0c61ff4`](https://git.odit.services/lfk/backend/commit/0c61ff457d02f750efa457dd75464187683b037a)
+- Added mssing check to tests [`6c14ed9`](https://git.odit.services/lfk/backend/commit/6c14ed9c89eadc1a10db8c912d8ea2711a518766)
+- No longer answering with null, but 0 [`49b174f`](https://git.odit.services/lfk/backend/commit/49b174f29f63e963e600d74b6923a20211d832eb)
+- Saved missing file [`8fe3243`](https://git.odit.services/lfk/backend/commit/8fe32436935d7cd6c17eae1e138383d3b714e1ba)
+
+#### [v0.10.2](https://git.odit.services/lfk/backend/compare/v0.10.1...v0.10.2)
+
+> 7 April 2021
+
+- Merge pull request 'Release 0.10.2' (#192) from dev into main [`1d82f65`](https://git.odit.services/lfk/backend/commit/1d82f65b0d3a32d10c1a10c991353c18696d58bf)
+- Added first selfservice test [`057ae0d`](https://git.odit.services/lfk/backend/commit/057ae0d79758cd627d6d128406a0d201b6b7ad9b)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`b7ad5d3`](https://git.odit.services/lfk/backend/commit/b7ad5d3a31b8b4f5960852d3ac38af133719ebcd)
+- First try of the laptime sort [`4471e57`](https://git.odit.services/lfk/backend/commit/4471e57438582d55ff846fd69c2cfcc26b40df2a)
+- Potential fix for all remaining errors [`377d5da`](https://git.odit.services/lfk/backend/commit/377d5dadb2a14cb2d70e0b2dc77026f51b3fb51c)
+- At least one fewer test should fail now [`87f444c`](https://git.odit.services/lfk/backend/commit/87f444c30d69d65a9f918c63631a859a389eeee3)
+- Tried workaround for no availdable stats [`8f0f795`](https://git.odit.services/lfk/backend/commit/8f0f795a709db216396998b68b8bbd64ff4d44ff)
+- Reverted temp bugfix [`4603a84`](https://git.odit.services/lfk/backend/commit/4603a84f16fb53a14d1792447100f5b470969dd0)
+- Fixed sorting algo [`988f17a`](https://git.odit.services/lfk/backend/commit/988f17a795bb2d867e9d1d8e78051dff1a14ec30)
+- Added runners stats tests [`7111068`](https://git.odit.services/lfk/backend/commit/7111068361e00cc1308664a3ae650a56e28c015c)
+- Added basic laptime endpoint [`cb71fcd`](https://git.odit.services/lfk/backend/commit/cb71fcd13bc61e6214e2fd7b70e72094749463d3)
+- Added orgs by donations stats tests [`d4a02e7`](https://git.odit.services/lfk/backend/commit/d4a02e7db2ff4976be21605e31aac2f3c82a49c0)
+- Added teams stats endpoint tests [`b9a7dc8`](https://git.odit.services/lfk/backend/commit/b9a7dc84f05441445453193974b2a793b5197fa5)
+- Now resolving all missing relations [`257f320`](https://git.odit.services/lfk/backend/commit/257f320ee3bf6429c4314c64023520366f9f730b)
+- Added min laptime to StatsRunner [`51daf96`](https://git.odit.services/lfk/backend/commit/51daf969cf74792b2c2f2f16ce4359d9fca47bc8)
+- Fixed sorting [`7b15c2d`](https://git.odit.services/lfk/backend/commit/7b15c2d88b14e7279aad97b0c950202ddb5acaaa)
+- Fixed top-ten bein top 9 [`a6a526d`](https://git.odit.services/lfk/backend/commit/a6a526dc5d8b1613ea34e82e477081349e764aec)
+- added new ci secret [`5633e85`](https://git.odit.services/lfk/backend/commit/5633e85f41cb69b10fd8a86f57f1bd2f50848f7b)
+- Added temp console log for test [`22cae39`](https://git.odit.services/lfk/backend/commit/22cae39bd351ca285880e50187ea0d46a7a26437)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`610988e`](https://git.odit.services/lfk/backend/commit/610988ec16b8df61cca61cf2252a469d30318d81)
+- Added temp console log for ci debugging [`4a73eab`](https://git.odit.services/lfk/backend/commit/4a73eab134c3a9f58771be996bc8811b62cf378e)
+- Temp disabled runners by donations test [`0b07a53`](https://git.odit.services/lfk/backend/commit/0b07a53ed209c6193ead3c4d199545e22333ab32)
+- Updated default docker-compose [`f8baca5`](https://git.odit.services/lfk/backend/commit/f8baca5ab2c56b906751bc7edd71477456ad91f3)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`dd6d799`](https://git.odit.services/lfk/backend/commit/dd6d799c847fc96aec1be8f2667ad371890076fb)
+- Resolved missing parentgroup relation [`23bd432`](https://git.odit.services/lfk/backend/commit/23bd432c5f33a0863217120d97e2e4ea52a08baf)
+- Removed console logs for now working tests [`71b33ab`](https://git.odit.services/lfk/backend/commit/71b33ab05b53b62c8b271bd2995c94b2fc212dfd)
+- Fixed typo in test [`cbcb829`](https://git.odit.services/lfk/backend/commit/cbcb829fbde3a4a5e7f94de5dcf24d854c5fc257)
+- Ptotential fix for stats failing [`dcdbdd1`](https://git.odit.services/lfk/backend/commit/dcdbdd15acfe6eef4220b7ed66db60d78107d1f9)
+- 🚀Bumped version to v0.10.2 [`6e236ed`](https://git.odit.services/lfk/backend/commit/6e236ede145e164ee84543fb62404b4776550973)
+- Merge pull request 'stats/runners/laptime feature/190-runners_laptime' (#191) from feature/190-runners_laptime into dev [`a694ad2`](https://git.odit.services/lfk/backend/commit/a694ad225c68fa23152402acba871c857433cc70)
+- Removed all useless console.logs [`95e1eec`](https://git.odit.services/lfk/backend/commit/95e1eec313a79458dd75307a9d0f8319af0d0904)
+- Pinned testing container tag to prod container tag [`10221b9`](https://git.odit.services/lfk/backend/commit/10221b9f2e4493080f3ff095d9772bcfd0ac50eb)
+- Now resolving all relations for orgs by distance [`4a294b1`](https://git.odit.services/lfk/backend/commit/4a294b1e17c44294274b06748ec8141812c2d217)
+- Added temp console log [`720774f`](https://git.odit.services/lfk/backend/commit/720774fcf47c38601ab88d5d74cfcd0e47b21acf)
+- Removed console log for passing tests [`132b48c`](https://git.odit.services/lfk/backend/commit/132b48cf2a9e990a5e830c744ed8244bd25e8b3a)
+- Removed console log [`1d8c8c8`](https://git.odit.services/lfk/backend/commit/1d8c8c8e9cefa58449f7abb2481d9396fe37ba20)
+- Temp test logging workaround [`bf686e8`](https://git.odit.services/lfk/backend/commit/bf686e89e02998ccc80c838ef890c736c252634c)
+- Temp test logging workaround [`6163f0a`](https://git.odit.services/lfk/backend/commit/6163f0a90b3721d3a1488f89cbb39ddff7152241)
+- Removed test for content type [`63964fb`](https://git.odit.services/lfk/backend/commit/63964fbf2c41d9b90f995f056e9db65ab07d54a8)
+
+#### [v0.10.1](https://git.odit.services/lfk/backend/compare/v0.10.0...v0.10.1)
+
+> 3 April 2021
+
+- Merge pull request 'Release 0.10.1' (#189) from dev into main [`e89e07d`](https://git.odit.services/lfk/backend/commit/e89e07d0fc99f14148b01204fb8ed39e2da77e38)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`69afd4d`](https://git.odit.services/lfk/backend/commit/69afd4d5877401eb46df430f43a7feb273abda1e)
+- 🚀Bumped version to v0.10.1 [`24d152f`](https://git.odit.services/lfk/backend/commit/24d152fdc8fe17fffa2f2a718d7145ba8a91d79c)
+- New class: ResponseSelfServiceDonor [`d70c5b1`](https://git.odit.services/lfk/backend/commit/d70c5b1bbc9f02782f8755b6929e2d3458e10221)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`4279e43`](https://git.odit.services/lfk/backend/commit/4279e4374304887e8db40eab77763b20bbce91a1)
+- Removed duplicate openapi statement [`4834a66`](https://git.odit.services/lfk/backend/commit/4834a6698b0958602421c1478a95fec7edda910b)
+- Switched selfservice donation.donor from string to object [`0767943`](https://git.odit.services/lfk/backend/commit/0767943721b6964d542f580c541e744f86444ac6)
+- Adjusted runner property names [`ca87774`](https://git.odit.services/lfk/backend/commit/ca87774767807a2c4bc869b0de95cc73832a8405)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`71e3d0e`](https://git.odit.services/lfk/backend/commit/71e3d0efe2cbde47aea0f26cb5a8b5cd3312707d)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`c28843c`](https://git.odit.services/lfk/backend/commit/c28843c405dc4fd06a10f0fb85814acede15a769)
+- Merge pull request 'Selfservice donations reformatting feature/187-selfservice_donation' (#188) from feature/187-selfservice_donation into dev [`d837654`](https://git.odit.services/lfk/backend/commit/d837654617f7de5d055ffb06c65e2cd52f65c604)
+- Added new responsetype for new class [`f693f2c`](https://git.odit.services/lfk/backend/commit/f693f2cde9a04147155aea4de5d52e1d19d722ca)
+
+#### [v0.10.0](https://git.odit.services/lfk/backend/compare/v0.9.2...v0.10.0)
+
+> 1 April 2021
+
+- Merge pull request 'Release 0.10.0' (#186) from dev into main [`b517dff`](https://git.odit.services/lfk/backend/commit/b517dff8a82c960836d9f0be90fd89f3ba2fae7d)
+- 🚀Bumped version to v0.10.0 [`dc3071f`](https://git.odit.services/lfk/backend/commit/dc3071f7d2be298f0bb02d86ec67ed1125cd3b49)
+- Added locale to mail related runner endpoints [`7af883f`](https://git.odit.services/lfk/backend/commit/7af883f27198206af542bcaff4686221d3788e87)
+- Added locale to mail related runner endpoints [`f543307`](https://git.odit.services/lfk/backend/commit/f5433076b01c743ed9af085fccadb8f1edc26419)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`5fb355f`](https://git.odit.services/lfk/backend/commit/5fb355f450f19e96d3671b1a46e94d564495942b)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`114c246`](https://git.odit.services/lfk/backend/commit/114c246aceba566cc0dd6daab51a77b951b031cc)
+- Merge pull request 'Mail locales feature/184-mail_locales' (#185) from feature/184-mail_locales into dev [`33c13de`](https://git.odit.services/lfk/backend/commit/33c13de32c68a3d9e87e4fd9ad12a815ed8c9fde)
+- Added locale to mail related user endpoints [`1be073a`](https://git.odit.services/lfk/backend/commit/1be073a4fa39f0332a46f567ee6af10a9137844c)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`6aafe4a`](https://git.odit.services/lfk/backend/commit/6aafe4a6ae7d253ab39220e551c52ae067cc481a)
+
+#### [v0.9.2](https://git.odit.services/lfk/backend/compare/v0.9.1...v0.9.2)
+
+> 29 March 2021
+
+- Merge pull request 'Release 0.9.2' (#183) from dev into main [`bdeeb03`](https://git.odit.services/lfk/backend/commit/bdeeb036459c2a2131e843d8a5a6b338e0ba46ea)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`675c876`](https://git.odit.services/lfk/backend/commit/675c8762e8e4cf28d2f334d5ab2e1cb6b594e33c)
+- Fixed bug in return creation [`6c9b91d`](https://git.odit.services/lfk/backend/commit/6c9b91d75a0d08fc4ab0e72c7a09bd0133566368)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`8c00aef`](https://git.odit.services/lfk/backend/commit/8c00aefd6ce3723d9f83d1c94e6491d5d597391f)
+- 🚀Bumped version to v0.9.2 [`89e3924`](https://git.odit.services/lfk/backend/commit/89e392473c52a3f328545699a0f4df89be33ba89)
+
+#### [v0.9.1](https://git.odit.services/lfk/backend/compare/v0.9.0...v0.9.1)
+
+> 29 March 2021
+
+- Merge pull request 'Release v0.9.1' (#182) from dev into main [`3afd785`](https://git.odit.services/lfk/backend/commit/3afd785a54fac91c12af789af19b45e6124e0e39)
+- 🚀Bumped version to v0.9.1 [`a139554`](https://git.odit.services/lfk/backend/commit/a139554e059e9a10acb1733ce1a82b610cc99269)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`8099999`](https://git.odit.services/lfk/backend/commit/8099999e2cdfc8046f9ff4a90681281b671e402d)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`0290b0e`](https://git.odit.services/lfk/backend/commit/0290b0e5f531364d37d8157e639614cf5a6b4189)
+- Merge pull request 'Return cards generated in bulk feature/180-blank_generation_return' (#181) from feature/180-blank_generation_return into dev [`0f7fa99`](https://git.odit.services/lfk/backend/commit/0f7fa990d473ce2dce032c47c39f79c1d0e8df90)
+- Added query param to return created runenrcards [`5a36c8d`](https://git.odit.services/lfk/backend/commit/5a36c8dcae3d79b3b05ffb30a7ebb0d31dc8183a)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`58f4d21`](https://git.odit.services/lfk/backend/commit/58f4d2151f459bc72692cc70e02a59b77abfb9f0)
+- Added test for returnCards=true array length [`1cb2dc9`](https://git.odit.services/lfk/backend/commit/1cb2dc9d53b530435f5798f9cdf7ee866eb7416e)
+- Added test for single card generation with returnCards=true [`6005b06`](https://git.odit.services/lfk/backend/commit/6005b0661f1d5c461bb102e243cc209a8adc21fa)
+- Fixed copy-paste oversight [`2f568c9`](https://git.odit.services/lfk/backend/commit/2f568c9cb8ae39ce40ec8df6d9acbaf0d5ae1a26)
+
+#### [v0.9.0](https://git.odit.services/lfk/backend/compare/v0.8.0...v0.9.0)
+
+> 26 March 2021
+
+- Merge pull request 'Release 0.9.0' (#179) from dev into main [`95135dd`](https://git.odit.services/lfk/backend/commit/95135ddc893dcf64be67b47b0ef2b0d9041253bd)
+- Reenabled user tests [`4c66650`](https://git.odit.services/lfk/backend/commit/4c6665062fe6717242e43b58e66c1f1d030c018d)
+- Moved to tmp files to better check for other problems [`7a64f23`](https://git.odit.services/lfk/backend/commit/7a64f2393783f97a9729356bc1dfd831927dd312)
+- Added user creation invalid tests [`888cab5`](https://git.odit.services/lfk/backend/commit/888cab5898caf9e552c421346934bf90f717a653)
+- Updated auth test to comply with the new pw requirements [`63f6526`](https://git.odit.services/lfk/backend/commit/63f6526e4f59621edbf1fad59fc569b4bd6acbf2)
+- Added user deletion tests [`e6a8ebc`](https://git.odit.services/lfk/backend/commit/e6a8ebcb5b4f430254da4afe159141b21d8da0ed)
+- Added user creation valid tests [`383a809`](https://git.odit.services/lfk/backend/commit/383a8095b8286d51fb2fb24ae2fd0156230e56ab)
+- 📖New license file version [CI SKIP] [skip ci] [`bd7b81e`](https://git.odit.services/lfk/backend/commit/bd7b81efe795c02512c87f3b5dd5eec796580144)
+- Added password errors [`24c38cc`](https://git.odit.services/lfk/backend/commit/24c38cce26da41ccf375e1ccf04afa1868aad8df)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`274a146`](https://git.odit.services/lfk/backend/commit/274a146b9bccfe5e1a879ca137ebb4f51eaa5d57)
+- Fixed test params [`070560e`](https://git.odit.services/lfk/backend/commit/070560e8632e833dd26505c02ccb2474462b63ac)
+- No longer using createuser in seeding process [`96ba25e`](https://git.odit.services/lfk/backend/commit/96ba25ec6c6c397cd2aa322afa79024395f658fe)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`a7fe1e1`](https://git.odit.services/lfk/backend/commit/a7fe1e175918edd7a98983ece570b47075e85e9a)
+- 🚀Bumped version to v0.8.0 [`c23b4d9`](https://git.odit.services/lfk/backend/commit/c23b4d907f20ed7af37a6de6ea4c61433e30b29b)
+- 🚀Bumped version to v0.9.0 [`56a5f41`](https://git.odit.services/lfk/backend/commit/56a5f4168621263daeab5d2fda97b944cdc6ab31)
+- Merge pull request 'Password security feature/99-password_checks' (#177) from feature/99-password_checks into dev [`5a3fc5b`](https://git.odit.services/lfk/backend/commit/5a3fc5b2bd06b3e26177d017d3503f4f627be3f2)
+- Added pw errors to user controller [`b24e24f`](https://git.odit.services/lfk/backend/commit/b24e24ff7dd75d972cdab0fd1e2fe6c532ca2b2f)
+- Now checking password rules on user creation [`5daaa3a`](https://git.odit.services/lfk/backend/commit/5daaa3a73c4eca2817d67e226679d125928a3645)
+- Now checking password rules on user update [`48a87e8`](https://git.odit.services/lfk/backend/commit/48a87e8936e13c48f4baa3f4b10f781ad2f55a44)
+- Fixed pw not getting hashed currectly; [`cb3ea9b`](https://git.odit.services/lfk/backend/commit/cb3ea9b1ebb82c650abd83d4be8629cfe29a5b21)
+- Added pw errors to me controller [`9ce35d8`](https://git.odit.services/lfk/backend/commit/9ce35d8eb78a01f40af8c70e640eca3bcb142304)
+- Now forceing user deletion in tests [`8154e71`](https://git.odit.services/lfk/backend/commit/8154e715bbf18938bd5d1031656a88d39231fa81)
+- Added password checker dependency [`bd00f4f`](https://git.odit.services/lfk/backend/commit/bd00f4f8d585fb6878874810f7de0b8b9f3950d5)
+- Fixed empty object getting called [`5369000`](https://git.odit.services/lfk/backend/commit/536900091afd7366128f21058490d0d4f15c6c89)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`03d76e6`](https://git.odit.services/lfk/backend/commit/03d76e6d0bc5b4655f7f441232681c9462815526)
+- Formatting [`b8c28eb`](https://git.odit.services/lfk/backend/commit/b8c28ebb0808395218b5fb9031f477ae1d48e65e)
+
+#### [v0.8.0](https://git.odit.services/lfk/backend/compare/v0.7.1...v0.8.0)
+
+> 26 March 2021
+
+- Merge pull request 'Release 0.8.0' (#176) from dev into main [`3f8e8ce`](https://git.odit.services/lfk/backend/commit/3f8e8ce3a66a943801c0c8e17885e71feeee744f)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`c9bd6de`](https://git.odit.services/lfk/backend/commit/c9bd6de4762fec04e1e02cd3b667838d05ef39a7)
 - Merge pull request 'Selfservice deletion feature/174-selfservice_deletion' (#175) from feature/174-selfservice_deletion into dev [`e702118`](https://git.odit.services/lfk/backend/commit/e702118d4d80e362e41bb88c74343d50530d1338)
 - Added tests for the new endpoint [`20aeed8`](https://git.odit.services/lfk/backend/commit/20aeed87780247dc6401bba725801fc1874e50b5)
 - Removed param from test [`97159dd`](https://git.odit.services/lfk/backend/commit/97159dd9f81aed080c174a3eb8da9e66dfea9b10)

Dockerfile

@@ -1,16 +1,23 @@
 # Typescript Build
-FROM node:14.15.1-alpine3.12
+FROM registry.odit.services/hub/oven/bun:1.3.9-alpine AS build
 WORKDIR /app
-COPY package.json ./
-RUN npm i -g pnpm
-RUN pnpm i
-COPY tsconfig.json ormconfig.js ./
+
+COPY package.json bun.lockb* ./
+RUN bun install --frozen-lockfile
+
+COPY tsconfig.json ormconfig.js bunfig.toml ./
 COPY src ./src
-RUN pnpm run build
+RUN bun run build \
+    && rm -rf /app/node_modules \
+    && bun install --production --frozen-lockfile
+
 # final image
-FROM node:14.15.1-alpine3.12
-COPY package.json ormconfig.js ./
-RUN npm i -g pnpm
-RUN pnpm i --prod
-COPY --from=0 /app/dist dist
-ENTRYPOINT ["node", "dist/app.js"]
+FROM registry.odit.services/hub/oven/bun:1.3.9-alpine AS final
+WORKDIR /app
+COPY --from=build /app/package.json /app/package.json
+COPY --from=build /app/bun.lockb* /app/
+COPY --from=build /app/ormconfig.js /app/ormconfig.js
+COPY --from=build /app/bunfig.toml /app/bunfig.toml
+COPY --from=build /app/dist /app/dist
+COPY --from=build /app/node_modules /app/node_modules
+ENTRYPOINT ["bun", "/app/dist/app.js"]

PERFORMANCE_IDEAS.md

@@ -0,0 +1,589 @@
+# Performance Optimization Ideas for LfK Backend
+
+This document outlines potential performance improvements for the LfK backend API, organized by impact and complexity.
+
+---
+
+## ✅ Already Implemented
+
+### 1. Bun Runtime Migration
+**Status**: Complete  
+**Impact**: 8-15% latency improvement  
+**Details**: Migrated from Node.js to Bun runtime, achieving:
+- Parallel throughput: +8.3% (306 → 331 scans/sec)
+- Parallel p50 latency: -9.5% (21ms → 19ms)
+
+### 2. NATS KV Cache for Scan Intake
+**Status**: Complete (based on code analysis)  
+**Impact**: Significant reduction in DB reads for hot path  
+**Details**: `ScanController.stationIntake()` uses NATS JetStream KV store to cache:
+- Station tokens (1-hour TTL)
+- Card→Runner mappings (1-hour TTL)
+- Runner state (no TTL, CAS-based updates)
+- Eliminates DB reads on cache hits
+- Prevents race conditions via compare-and-swap (CAS)
+
+---
+
+## 🚀 High Impact, Low-Medium Complexity
+
+### 3. Add Database Indexes
+**Priority**: HIGH  
+**Complexity**: Low  
+**Estimated Impact**: 30-70% query time reduction
+
+**Problem**: TypeORM synchronize() doesn't automatically create indexes on foreign keys or commonly queried fields.
+
+**Observations**:
+- Heavy use of `find()` with complex nested relations (e.g., `['runner', 'track', 'runner.scans', 'runner.group', 'runner.scans.track']`)
+- No explicit `@Index()` decorators found in entity files
+- Frequent filtering by foreign keys (runner_id, track_id, station_id, card_id)
+
+**Recommended Indexes**:
+
+```typescript
+// src/models/entities/Scan.ts
+@Index(['runner', 'timestamp'])  // For runner scan history queries
+@Index(['station', 'timestamp'])  // For station-based queries
+@Index(['card'])                  // For card lookup
+
+// src/models/entities/Runner.ts
+@Index(['email'])                 // For authentication/lookup
+@Index(['group'])                 // For group-based queries
+
+// src/models/entities/RunnerCard.ts
+@Index(['runner'])                // For card→runner lookups
+@Index(['code'])                  // For barcode scans
+
+// src/models/entities/Donation.ts
+@Index(['runner'])                // For runner donations
+@Index(['donor'])                 // For donor contributions
+```
+
+**Implementation Steps**:
+1. Audit all entities and add `@Index()` decorators
+2. Test query performance with `EXPLAIN` before/after
+3. Monitor index usage with database tools
+4. Consider composite indexes for frequently combined filters
+
+**Expected Results**:
+- 50-70% faster JOIN operations
+- 30-50% faster foreign key lookups
+- Reduced database CPU usage
+
+---
+
+### 4. Implement Query Result Caching
+**Priority**: HIGH  
+**Complexity**: Medium  
+**Estimated Impact**: 50-90% latency reduction for repeated queries
+
+**Problem**: Stats endpoints and frequently accessed data (org totals, team rankings, runner lists) are recalculated on every request.
+
+**Observations**:
+- `StatsController` methods load entire datasets with deep relations:
+  - `getRunnerStats()`: loads all runners with scans, groups, donations
+  - `getTeamStats()`: loads all teams with nested runner data
+  - `getOrgStats()`: loads all orgs with teams, runners, scans
+- Many `find()` calls without any caching layer
+- Data changes infrequently (only during scan intake)
+
+**Solution Options**:
+
+**Option A: NATS KV Cache (Recommended)**
+```typescript
+// src/nats/StatsKV.ts
+export async function getOrgStatsCache(): Promise<ResponseOrgStats[] | null> {
+    const kv = await NatsClient.getKV('stats_cache', { ttl: 60 * 1000 }); // 60s TTL
+    const entry = await kv.get('org_stats');
+    return entry ? JSON.parse(entry.string()) : null;
+}
+
+export async function setOrgStatsCache(stats: ResponseOrgStats[]): Promise<void> {
+    const kv = await NatsClient.getKV('stats_cache', { ttl: 60 * 1000 });
+    await kv.put('org_stats', JSON.stringify(stats));
+}
+
+// Invalidate on scan creation
+// src/controllers/ScanController.ts (after line 173)
+await invalidateStatsCache(); // Clear stats on new scan
+```
+
+**Option B: In-Memory Cache with TTL**
+```typescript
+// src/cache/MemoryCache.ts
+import NodeCache from 'node-cache';
+
+const cache = new NodeCache({ stdTTL: 60 }); // 60s TTL
+
+export function getCached<T>(key: string): T | undefined {
+    return cache.get<T>(key);
+}
+
+export function setCached<T>(key: string, value: T, ttl?: number): void {
+    cache.set(key, value, ttl);
+}
+
+export function invalidatePattern(pattern: string): void {
+    const keys = cache.keys().filter(k => k.includes(pattern));
+    cache.del(keys);
+}
+```
+
+**Option C: Redis Cache** (if Redis is already in stack)
+
+**Recommended Cache Strategy**:
+- **TTL**: 30-60 seconds for stats endpoints
+- **Invalidation**: On scan creation, runner updates, donation changes
+- **Keys**: `stats:org`, `stats:team:${id}`, `stats:runner:${id}`
+- **Warm on startup**: Pre-populate cache for critical endpoints
+
+**Expected Results**:
+- 80-90% latency reduction for stats endpoints (from ~500ms to ~50ms)
+- 70-80% reduction in database load
+- Improved user experience for dashboards and leaderboards
+
+---
+
+### 5. Lazy Load Relations & DTOs
+**Priority**: HIGH  
+**Complexity**: Medium  
+**Estimated Impact**: 40-60% query time reduction
+
+**Problem**: Many queries eagerly load deeply nested relations that aren't always needed.
+
+**Observations**:
+```typescript
+// Current: Loads everything
+scan = await this.scanRepository.findOne(
+    { id: scan.id }, 
+    { relations: ['runner', 'track', 'runner.scans', 'runner.group', 
+                  'runner.scans.track', 'card', 'station'] }
+);
+```
+
+**Solutions**:
+
+**A. Create Lightweight Response DTOs**
+```typescript
+// src/models/responses/ResponseScanLight.ts
+export class ResponseScanLight {
+    @IsInt() id: number;
+    @IsInt() distance: number;
+    @IsInt() timestamp: number;
+    @IsBoolean() valid: boolean;
+    // Omit nested runner.scans, runner.group, etc.
+}
+
+// Use for list views
+@Get()
+@ResponseSchema(ResponseScanLight, { isArray: true })
+async getAll() {
+    const scans = await this.scanRepository.find({ 
+        relations: ['runner', 'track'] // Minimal relations
+    });
+    return scans.map(s => new ResponseScanLight(s));
+}
+
+// Keep detailed DTO for single-item views
+@Get('/:id')
+@ResponseSchema(ResponseScan) // Full details
+async getOne(@Param('id') id: number) { ... }
+```
+
+**B. Use Query Builder for Selective Loading**
+```typescript
+// Instead of loading all scans with runner relations:
+const scans = await this.scanRepository
+    .createQueryBuilder('scan')
+    .leftJoinAndSelect('scan.runner', 'runner')
+    .leftJoinAndSelect('scan.track', 'track')
+    .select([
+        'scan.id', 'scan.distance', 'scan.timestamp', 'scan.valid',
+        'runner.id', 'runner.firstname', 'runner.lastname',
+        'track.id', 'track.name'
+    ])
+    .where('scan.id = :id', { id })
+    .getOne();
+```
+
+**C. Implement GraphQL-style Field Selection**
+```typescript
+@Get()
+async getAll(@QueryParam('fields') fields?: string) {
+    const relations = [];
+    if (fields?.includes('runner')) relations.push('runner');
+    if (fields?.includes('track')) relations.push('track');
+    return this.scanRepository.find({ relations });
+}
+```
+
+**Expected Results**:
+- 40-60% faster list queries
+- 50-70% reduction in data transfer size
+- Reduced JOIN complexity and memory usage
+
+---
+
+### 6. Pagination Optimization
+**Priority**: MEDIUM  
+**Complexity**: Low  
+**Estimated Impact**: 20-40% improvement for large result sets
+
+**Problem**: Current pagination uses `skip/take` which becomes slow with large offsets.
+
+**Current Implementation**:
+```typescript
+// Inefficient for large page numbers (e.g., page=1000)
+scans = await this.scanRepository.find({ 
+    skip: page * page_size,  // Scans 100,000 rows to skip them
+    take: page_size 
+});
+```
+
+**Solutions**:
+
+**A. Cursor-Based Pagination (Recommended)**
+```typescript
+@Get()
+async getAll(
+    @QueryParam('cursor') cursor?: number,  // Last ID from previous page
+    @QueryParam('page_size') page_size: number = 100
+) {
+    const query = this.scanRepository.createQueryBuilder('scan')
+        .orderBy('scan.id', 'ASC')
+        .take(page_size + 1); // Get 1 extra to determine if more pages exist
+    
+    if (cursor) {
+        query.where('scan.id > :cursor', { cursor });
+    }
+    
+    const scans = await query.getMany();
+    const hasMore = scans.length > page_size;
+    const results = scans.slice(0, page_size);
+    const nextCursor = hasMore ? results[results.length - 1].id : null;
+    
+    return {
+        data: results.map(s => s.toResponse()),
+        pagination: { nextCursor, hasMore }
+    };
+}
+```
+
+**B. Add Total Count Caching**
+```typescript
+// Cache total counts to avoid expensive COUNT(*) queries
+const totalCache = new Map<string, { count: number, expires: number }>();
+
+async function getTotalCount(repo: Repository<any>): Promise<number> {
+    const cacheKey = repo.metadata.tableName;
+    const cached = totalCache.get(cacheKey);
+    
+    if (cached && cached.expires > Date.now()) {
+        return cached.count;
+    }
+    
+    const count = await repo.count();
+    totalCache.set(cacheKey, { count, expires: Date.now() + 60000 }); // 60s TTL
+    return count;
+}
+```
+
+**Expected Results**:
+- 60-80% faster pagination for large page numbers
+- Consistent query performance regardless of offset
+- Better mobile app experience with cursor-based loading
+
+---
+
+## 🔧 Medium Impact, Medium Complexity
+
+### 7. Database Connection Pooling Optimization
+**Priority**: MEDIUM  
+**Complexity**: Medium  
+**Estimated Impact**: 10-20% improvement under load
+
+**Current**: Default TypeORM connection pooling (likely 10 connections)
+
+**Recommendations**:
+```typescript
+// ormconfig.js
+module.exports = {
+    // ... existing config
+    extra: {
+        // PostgreSQL specific
+        max: 20,                    // Max pool size (adjust based on load)
+        min: 5,                     // Min pool size
+        idleTimeoutMillis: 30000,   // Close idle connections after 30s
+        connectionTimeoutMillis: 2000,
+        
+        // MySQL specific
+        connectionLimit: 20,
+        waitForConnections: true,
+        queueLimit: 0
+    },
+    
+    // Enable query logging in dev to identify slow queries
+    logging: process.env.NODE_ENV !== 'production' ? ['query', 'error'] : ['error'],
+    maxQueryExecutionTime: 1000, // Log queries taking >1s
+};
+```
+
+**Monitor**:
+- Connection pool exhaustion
+- Query execution times
+- Active connection count
+
+---
+
+### 8. Bulk Operations for Import
+**Priority**: MEDIUM  
+**Complexity**: Medium  
+**Estimated Impact**: 50-80% faster imports
+
+**Problem**: Import endpoints likely save entities one-by-one in loops.
+
+**Solution**:
+```typescript
+// Instead of:
+for (const runnerData of importData) {
+    const runner = await createRunner.toEntity();
+    await this.runnerRepository.save(runner); // N queries
+}
+
+// Use bulk insert:
+const runners = await Promise.all(
+    importData.map(data => createRunner.toEntity())
+);
+await this.runnerRepository.save(runners); // 1 query
+
+// Or use raw query for massive imports:
+await getConnection()
+    .createQueryBuilder()
+    .insert()
+    .into(Runner)
+    .values(runners)
+    .execute();
+```
+
+---
+
+### 9. Response Compression
+**Priority**: MEDIUM  
+**Complexity**: Low  
+**Estimated Impact**: 60-80% reduction in response size
+
+**Implementation**:
+```typescript
+// src/app.ts
+import compression from 'compression';
+
+const app = createExpressServer({ ... });
+app.use(compression({
+    level: 6,           // Compression level (1-9)
+    threshold: 1024,    // Only compress responses >1KB
+    filter: (req, res) => {
+        if (req.headers['x-no-compression']) return false;
+        return compression.filter(req, res);
+    }
+}));
+```
+
+**Benefits**:
+- 70-80% smaller JSON responses
+- Faster transfer times on slow networks
+- Reduced bandwidth costs
+
+**Dependencies**: `bun add compression @types/compression`
+
+---
+
+## 🎯 Lower Priority / High Complexity
+
+### 10. Implement Read Replicas
+**Priority**: LOW (requires infrastructure)  
+**Complexity**: High  
+**Estimated Impact**: 30-50% read query improvement
+
+**When to Consider**:
+- Database CPU consistently >70%
+- Read-heavy workload (already true for stats endpoints)
+- Running PostgreSQL/MySQL in production
+
+**Implementation**:
+```typescript
+// ormconfig.js
+module.exports = {
+    type: 'postgres',
+    replication: {
+        master: {
+            host: process.env.DB_WRITE_HOST,
+            port: 5432,
+            username: process.env.DB_USER,
+            password: process.env.DB_PASSWORD,
+            database: process.env.DB_NAME,
+        },
+        slaves: [
+            {
+                host: process.env.DB_READ_REPLICA_1,
+                port: 5432,
+                username: process.env.DB_USER,
+                password: process.env.DB_PASSWORD,
+                database: process.env.DB_NAME,
+            }
+        ]
+    }
+};
+```
+
+---
+
+### 11. Move to Serverless/Edge Functions
+**Priority**: LOW (architectural change)  
+**Complexity**: Very High  
+**Estimated Impact**: Variable (depends on workload)
+
+**Considerations**:
+- Good for: Infrequent workloads, global distribution
+- Bad for: High-frequency scan intake (cold starts)
+- May conflict with TypeORM's connection model
+
+---
+
+### 12. GraphQL API Layer
+**Priority**: LOW (major refactor)  
+**Complexity**: Very High  
+**Estimated Impact**: 30-50% for complex queries
+
+**Benefits**:
+- Clients request only needed fields
+- Single request for complex nested data
+- Better mobile app performance
+
+**Trade-offs**:
+- Complete rewrite of controller layer
+- Learning curve for frontend teams
+- More complex caching strategy
+
+---
+
+## 📊 Recommended Implementation Order
+
+**Phase 1: Quick Wins** (1-2 weeks)
+1. Add database indexes → Controllers still work, immediate improvement
+2. Enable response compression → One-line change in `app.ts`
+3. Implement cursor-based pagination → Better mobile UX
+
+**Phase 2: Caching Layer** (2-3 weeks)
+4. Add NATS KV cache for stats endpoints
+5. Create lightweight response DTOs for list views
+6. Cache total counts for pagination
+
+**Phase 3: Query Optimization** (2-3 weeks)
+7. Refactor controllers to use query builder with selective loading
+8. Optimize database connection pooling
+9. Implement bulk operations for imports
+
+**Phase 4: Infrastructure** (ongoing)
+10. Monitor query performance and add more indexes as needed
+11. Consider read replicas when database becomes bottleneck
+
+---
+
+## 🔍 Performance Monitoring Recommendations
+
+### Add Metrics Endpoint
+```typescript
+// src/controllers/MetricsController.ts
+import { performance } from 'perf_hooks';
+
+const requestMetrics = {
+    totalRequests: 0,
+    avgLatency: 0,
+    p95Latency: 0,
+    dbQueryCount: 0,
+    cacheHitRate: 0,
+};
+
+@JsonController('/metrics')
+export class MetricsController {
+    @Get()
+    @Authorized('ADMIN') // Restrict to admins
+    async getMetrics() {
+        return requestMetrics;
+    }
+}
+```
+
+### Enable Query Logging
+```typescript
+// ormconfig.js
+logging: ['query', 'error'],
+maxQueryExecutionTime: 1000, // Warn on queries >1s
+```
+
+### Add Request Timing Middleware
+```typescript
+// src/middlewares/TimingMiddleware.ts
+export function timingMiddleware(req: Request, res: Response, next: NextFunction) {
+    const start = performance.now();
+    
+    res.on('finish', () => {
+        const duration = performance.now() - start;
+        if (duration > 1000) {
+            consola.warn(`Slow request: ${req.method} ${req.path} took ${duration}ms`);
+        }
+    });
+    
+    next();
+}
+```
+
+---
+
+## 📝 Performance Testing Commands
+
+```bash
+# Run baseline benchmark
+bun run benchmark > baseline.txt
+
+# After implementing changes, compare
+bun run benchmark > optimized.txt
+diff baseline.txt optimized.txt
+
+# Load testing with artillery (if added)
+artillery quick --count 100 --num 10 http://localhost:4010/api/runners
+
+# Database query profiling (PostgreSQL)
+EXPLAIN ANALYZE SELECT * FROM scan WHERE runner_id = 1;
+
+# Check database indexes
+SELECT * FROM pg_indexes WHERE tablename = 'scan';
+
+# Monitor NATS cache hit rate
+# (Add custom logging in NATS KV functions)
+```
+
+---
+
+## 🎓 Key Principles
+
+1. **Measure first**: Always benchmark before and after changes
+2. **Start with indexes**: Biggest impact, lowest risk
+3. **Cache strategically**: Stats endpoints benefit most
+4. **Lazy load by default**: Only eager load when absolutely needed
+5. **Monitor in production**: Use APM tools (New Relic, DataDog, etc.)
+
+---
+
+## 📚 Additional Resources
+
+- [TypeORM Performance Tips](https://typeorm.io/performance)
+- [PostgreSQL Index Best Practices](https://www.postgresql.org/docs/current/indexes.html)
+- [Bun Performance Benchmarks](https://bun.sh/docs/runtime/performance)
+- [NATS JetStream KV Guide](https://docs.nats.io/nats-concepts/jetstream/key-value-store)
+
+---
+
+**Last Updated**: 2026-02-20  
+**Status**: Ready for review and prioritization

README.md

@@ -2,72 +2,119 @@
 
 Backend Server
 
-## Quickstart 🐳
-> Use this to run the backend with a postgresql db in docker
+## Prerequisites
 
-1. Clone the repo or copy the docker-compose 
-2. Run in toe folder that contains the docker-compose file: `docker-compose up -d`
+This project uses **Bun** as the runtime and package manager. Install Bun first:
+
+```bash
+# macOS/Linux
+curl -fsSL https://bun.sh/install | bash
+
+# Windows
+powershell -c "irm bun.sh/install.ps1 | iex"
+```
+
+Or visit [bun.sh](https://bun.sh) for other installation methods.
+
+## Quickstart 🐳
+> Use this to run the backend with a PostgreSQL db in Docker
+
+1. Clone the repo or copy the docker-compose
+2. Run in the folder that contains the docker-compose file: `docker-compose up -d`
 3. Visit http://127.0.0.1:4010/api/docs to check if the server is running
 4. You can now use the default admin user (`demo:demo`)
 
 ## Dev Setup 🛠
-> Local dev setup utilizing sqlite3 as the database.
+> Local dev setup utilizing SQLite3 as the database and NATS for caching.
 
-1. Rename the .env.example file to .env (you can adjust app port and other settings, if needed)
-2. Install Dependencies
-   ```bash
-   yarn
-   ```
-3. Start the server
-   ```bash
-   yarn dev
-   ```
+1. Rename the `.env.example` file to `.env` (you can adjust app port and other settings if needed)
+2. Start NATS (required for KV cache):
+```bash
+docker-compose up -d nats
+```
+3. Install dependencies:
+```bash
+bun install
+```
+4. Start the server:
+```bash
+bun run dev
+```
+
+**Note**: Bun cannot run TypeScript source files directly due to circular TypeORM dependencies. The `dev` script automatically builds and runs the compiled output. For hot-reload during development, you may need to rebuild manually after code changes.
 
 ### Run Tests
 ```bash
-# Run tests once (server has to run)
-yarn test
+# Run tests once (server has to be running)
+bun test
 
 # Run test in watch mode (reruns on change)
-yarn test:watch
+bun run test:watch
 
-# Run test in ci mode (automaticly starts the dev server)
-yarn test:ci
+# Run test in CI mode (automatically starts the dev server)
+bun run test:ci
 ```
 
-### Use your own mail templates
-> You use your own mail templates by replacing the default ones we provided (either in-code or by mounting them into the /app/static/mail_templates folder).
+### Run Benchmarks
+```bash
+# Start the server first
+bun run dev
 
-The mail templates always come in a .html and a .txt variant to provide compatability with legacy mail clients.
-Currently the following templates exist:
-* pw-reset.(html/txt)
+# In another terminal:
+bun run benchmark
+```
 
 ### Generate Docs
 ```bash
-yarn docs
+bun run docs
+```
+
+### Other Commands
+```bash
+# Build for production
+bun run build
+
+# Start production server
+bun start
+
+# Seed database with test data
+bun run seed
+
+# Export OpenAPI spec
+bun run openapi:export
+
+# Generate license report
+bun run licenses:export
+
+# Generate changelog
+bun run changelog:export
 ```
 
 ## ENV Vars
 > You can provide them via .env file or docker env vars.
-> You can use the `test:ci:generate_env` package script to generate a example env (uses bs data as test server and ignores the errors).
+> You can use the `test:ci:generate_env` package script to generate an example env (uses placeholder data for test server and ignores the errors).
 
-| Name | Type | Default | Description
-| - | - | - | -
-| APP_PORT | Number | 4010 | The port the backend server listens on. Is optional.
-| DB_TYPE | String | N/A | The type of the db u want to use. It has to be supported by typeorm. Possible: `sqlite`, `mysql`, `postgresql`
-| DB_HOST | String | N/A | The db's host's ip-address/fqdn or file path for sqlite
-| DB_PORT | String | N/A | The db's port
-| DB_USER | String | N/A | The user for accessing the db
-| DB_PASSWORD | String | N/A | The user's password for accessing the db
-| DB_NAME | String | N/A | The db's name
-| NODE_ENV | String | dev | The apps env - influences debug info. Also when the env is set to "test", mailing errors get ignored.
-| POSTALCODE_COUNTRYCODE | String/CountryCode | N/A | The countrycode used to validate address's postal codes
-| PHONE_COUNTRYCODE | String/CountryCode | null (international) | The countrycode used to validate phone numers
-| SEED_TEST_DATA | Boolean | False | If you want the app to seed some example data set this to true
-| MAILER_URL | String(Url) | N/A | The mailer's base url (no trailing slash)
-| MAILER_KEY | String | N/A | The mailer's api key.
-| IMPRINT_URL | String(Url) | /imprint | The link to a imprint page for the system (Defaults to the frontend's imprint)
-| PRIVACY_URL | String(Url) | /privacy | The link to a privacy page for the system (Defaults to the frontend's privacy page)
+| Name                      | Type               | Default                    | Description                                                                                                      |
+| ------------------------- | ------------------ | -------------------------- | ---------------------------------------------------------------------------------------------------------------- |
+| APP_PORT                  | Number             | 4010                       | The port the backend server listens on. Is optional.                                                            |
+| DB_TYPE                   | String             | N/A                        | The type of the db you want to use. Supported by TypeORM. Possible: `sqlite`, `mysql`, `postgresql`              |
+| DB_HOST                   | String             | N/A                        | The db's host IP address/FQDN or file path for sqlite                                                           |
+| DB_PORT                   | String             | N/A                        | The db's port                                                                                                    |
+| DB_USER                   | String             | N/A                        | The user for accessing the db                                                                                    |
+| DB_PASSWORD               | String             | N/A                        | The user's password for accessing the db                                                                         |
+| DB_NAME                   | String             | N/A                        | The db's name                                                                                                    |
+| NODE_ENV                  | String             | dev                        | The app's env - influences debug info. When set to "test", mailing errors get ignored.                          |
+| POSTALCODE_COUNTRYCODE    | String/CountryCode | N/A                        | The country code used to validate address postal codes                                                           |
+| PHONE_COUNTRYCODE         | String/CountryCode | null (international)       | The country code used to validate phone numbers                                                                  |
+| SEED_TEST_DATA            | Boolean            | false                      | If you want the app to seed example data, set this to true                                                       |
+| STATION_TOKEN_SECRET      | String             | N/A                        | Secret key for HMAC-SHA256 station token generation (min 32 chars). **Required.**                               |
+| NATS_URL                  | String(URL)        | nats://localhost:4222      | NATS server connection URL for KV cache                                                                          |
+| NATS_PREWARM              | Boolean            | false                      | Preload all runner state into NATS cache at startup (eliminates DB reads on first scan)                         |
+| MAILER_URL                | String(URL)        | N/A                        | The mailer's base URL (no trailing slash)                                                                       |
+| MAILER_KEY                | String             | N/A                        | The mailer's API key                                                                                             |
+| SELFSERVICE_URL           | String(URL)        | N/A                        | The link to selfservice (no trailing slash)                                                                      |
+| IMPRINT_URL               | String(URL)        | /imprint                   | The link to an imprint page for the system (defaults to the frontend's imprint)                                 |
+| PRIVACY_URL               | String(URL)        | /privacy                   | The link to a privacy page for the system (defaults to the frontend's privacy page)                             |
 
 
 ## Recommended Editor
@@ -85,10 +132,10 @@ yarn docs
    * A new release tag automaticly triggers the release ci pipeline
 * main: Protected "release" branch
    * The latest tag of the docker image get's build from this
-   * New releases get created as tags from this   
 * dev: Current dev branch for merging the different feature branches and bugfixes
+   * New releases get created as tags from this   
    * The dev tag of the docker image get's build from this
    * Only push minor changes to this branch!
    * To merge a feature branch into this please create a pull request
-* feature/xyz: Feature branches - nameing scheme: `feature/issueid-title`
-* bugfix/xyz: Branches for bugfixes - nameing scheme:`bugfix/issueid-title`
+* feature/xyz: Feature branches - naming scheme: `feature/issueid-title`
+* bugfix/xyz: Branches for bugfixes - naming scheme:`bugfix/issueid-title`

bunfig.toml

@@ -0,0 +1,6 @@
+# Bun configuration
+# See: https://bun.sh/docs/runtime/bunfig
+
+[runtime]
+# Enable Node.js compatibility mode
+bun = true

docker-compose.yml

@@ -1,18 +1,30 @@
-version: "3"
 services:
-  backend_server:
-    build: .
+  nats:
+    image: mirror.gcr.io/library/nats:alpine
+    command: ["--jetstream", "--store_dir", "/data"]
     ports:
-      - 4010:4010
-    environment:
-      APP_PORT: 4010
-      DB_TYPE: sqlite
-      DB_HOST: bla
-      DB_PORT: bla
-      DB_USER: bla
-      DB_PASSWORD: bla
-      DB_NAME: dev.sqlite
-      NODE_ENV: production
+      - "4222:4222"
+      - "8222:8222"
+    volumes:
+      - nats_data:/data
+
+  # backend_server:
+  #   build: .
+  #   ports:
+  #     - 4010:4010
+  #   environment:
+  #     APP_PORT: 4010
+  #     DB_TYPE: sqlite
+  #     DB_HOST: bla
+  #     DB_PORT: bla
+  #     DB_USER: bla
+  #     DB_PASSWORD: bla
+  #     DB_NAME: ./db.sqlite
+  #     NODE_ENV: production
+  #     POSTALCODE_COUNTRYCODE: DE
+  #     SEED_TEST_DATA: "true"
+  #     MAILER_URL: https://dev.lauf-fuer-kaya.de/mailer
+  #     MAILER_KEY: asdasd
       # APP_PORT: 4010
       # DB_TYPE: postgres
       # DB_HOST: backend_db
@@ -29,3 +41,6 @@ services:
   #     POSTGRES_USER: lfk
   #   ports:
   #     - 5432:5432
+
+volumes:
+  nats_data:

licenses.md

@@ -27,36 +27,6 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
  
 
-# argon2
-**Author**: Ranieri Althoff <ranisalt+argon2@gmail.com>
-**Repo**: [object Object]
-**License**: MIT
-**Description**: An Argon2 library for Node
-## License Text
-The MIT License (MIT)
-
-Copyright (c) 2015 Ranieri Althoff
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
-
- 
-
 # axios
 **Author**: Matt Zabriskie
 **Repo**: [object Object]
@@ -115,6 +85,35 @@ TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  
 
+# check-password-strength
+**Author**: deanilvincent
+**Repo**: [object Object]
+**License**: MIT
+**Description**: A NPM Password strength checker based from Javascript RegExp. Check passphrase if it's "Weak", "Medium" or "Strong"
+## License Text
+MIT License
+
+Copyright (c) 2020 Mark Deanil Vicente
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+ 
+
 # class-transformer
 **Author**: [object Object]
 **Repo**: [object Object]
@@ -288,37 +287,6 @@ The above copyright notice and this permission notice shall be included in all c
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  
 
-# dotenv
-**Author**: undefined
-**Repo**: [object Object]
-**License**: BSD-2-Clause
-**Description**: Loads environment variables from .env file
-## License Text
-Copyright (c) 2015, Scott Motte
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice, this
-  list of conditions and the following disclaimer.
-
-* Redistributions in binary form must reproduce the above copyright notice,
-  this list of conditions and the following disclaimer in the documentation
-  and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- 
-
 # express
 **Author**: TJ Holowaychuk <tj@vision-media.ca>
 **Repo**: expressjs/express
@@ -415,6 +383,234 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 **License**: MIT
 **Description**: A node.js driver for mysql. It is written in JavaScript, does not require compiling, and is 100% MIT licensed.
 ## License Text
+Copyright (c) 2012 Felix Geisendörfer (felix@debuggable.com) and contributors
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+ 
+
+# nats
+**Author**: [object Object]
+**Repo**: [object Object]
+**License**: Apache-2.0
+**Description**: Node.js client for NATS, a lightweight, high-performance cloud native messaging system
+## License Text
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2013-2018 The NATS Authors
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
  
 
 # pg
@@ -622,23 +818,6 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
  
 
-# uuid
-**Author**: undefined
-**Repo**: [object Object]
-**License**: MIT
-**Description**: RFC4122 (v1, v4, and v5) UUIDs
-## License Text
-The MIT License (MIT)
-
-Copyright (c) 2010-2020 Robert Kieffer and other contributors
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- 
-
 # validator
 **Author**: Chris O'Hara <cohara87@gmail.com>
 **Repo**: [object Object]
@@ -667,6 +846,75 @@ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  
 
+# @faker-js/faker
+**Author**: undefined
+**Repo**: [object Object]
+**License**: MIT
+**Description**: Generate massive amounts of fake contextual data
+## License Text
+Faker - Copyright (c) 2022
+
+This software consists of voluntary contributions made by many individuals.
+For exact contribution history, see the revision history
+available at https://github.com/faker-js/faker
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+===
+
+From: https://github.com/faker-js/faker/commit/a9f98046c7d5eeaabe12fc587024c06d683800b8
+To: https://github.com/faker-js/faker/commit/29234378807c4141588861f69421bf20b5ac635e
+
+Based on faker.js, copyright Marak Squires and contributor, what follows below is the original license.
+
+===
+
+faker.js - Copyright (c) 2020
+Marak Squires
+http://github.com/marak/faker.js/
+
+faker.js was inspired by and has used data definitions from:
+
+ * https://github.com/stympy/faker/ - Copyright (c) 2007-2010 Benjamin Curtis
+ * http://search.cpan.org/~jasonk/Data-Faker-0.07/ - Copyright 2004-2005 by Jason Kohles
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ 
+
 # @odit/license-exporter
 **Author**: ODIT.Services
 **Repo**: [object Object]
@@ -756,7 +1004,7 @@ OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 **Author**: undefined
 **Repo**: [object Object]
 **License**: MIT
-**Description**: TypeScript definitions for Express
+**Description**: TypeScript definitions for express
 ## License Text
     MIT License
 
@@ -785,7 +1033,7 @@ OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 **Author**: undefined
 **Repo**: [object Object]
 **License**: MIT
-**Description**: TypeScript definitions for Jest
+**Description**: TypeScript definitions for jest
 ## License Text
     MIT License
 
@@ -843,7 +1091,7 @@ OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 **Author**: undefined
 **Repo**: [object Object]
 **License**: MIT
-**Description**: TypeScript definitions for Node.js
+**Description**: TypeScript definitions for node
 ## License Text
     MIT License
 
@@ -868,33 +1116,33 @@ OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
     SOFTWARE
  
 
-# @types/uuid
-**Author**: undefined
+# auto-changelog
+**Author**: Pete Cook <pete@cookpete.com> (https://github.com/cookpete)
 **Repo**: [object Object]
 **License**: MIT
-**Description**: TypeScript definitions for uuid
+**Description**: Command line tool for generating a changelog from git tags and commit history
 ## License Text
-    MIT License
+The MIT License
 
-    Copyright (c) Microsoft Corporation.
+Copyright (c) 2017 Pete Cook https://cookpete.com
 
-    Permission is hereby granted, free of charge, to any person obtaining a copy
-    of this software and associated documentation files (the "Software"), to deal
-    in the Software without restriction, including without limitation the rights
-    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-    copies of the Software, and to permit persons to whom the Software is
-    furnished to do so, subject to the following conditions:
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
 
-    The above copyright notice and this permission notice shall be included in all
-    copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
 
-    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-    SOFTWARE
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
  
 
 # cp-cli
@@ -955,35 +1203,6 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
  
 
-# nodemon
-**Author**: [object Object]
-**Repo**: [object Object]
-**License**: MIT
-**Description**: Simple monitor script for use during development of a node.js app.
-## License Text
-MIT License
-
-Copyright (c) 2010 - present, Remy Sharp, https://remysharp.com <remy@remysharp.com>
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
- 
-
 # release-it
 **Author**: [object Object]
 **Repo**: [object Object]
@@ -1015,25 +1234,65 @@ SOFTWARE.
 
 # rimraf
 **Author**: Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me/)
-**Repo**: git://github.com/isaacs/rimraf.git
-**License**: ISC
+**Repo**: git@github.com:isaacs/rimraf.git
+**License**: BlueOak-1.0.0
 **Description**: A deep deletion module for node (like `rm -rf`)
 ## License Text
-The ISC License
+# Blue Oak Model License
 
-Copyright (c) Isaac Z. Schlueter and Contributors
+Version 1.0.0
 
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
+## Purpose
 
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
-IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+This license gives everyone as much permission to work with
+this software as possible, while protecting contributors
+from liability.
+
+## Acceptance
+
+In order to receive this license, you must agree to its
+rules.  The rules of this license are both obligations
+under that agreement and conditions to your license.
+You must not do anything with this software that triggers
+a rule that you cannot or will not follow.
+
+## Copyright
+
+Each contributor licenses you to do everything with this
+software that would otherwise infringe that contributor's
+copyright in it.
+
+## Notices
+
+You must ensure that everyone who gets a copy of
+any part of this software from you, with or without
+changes, also gets the text of this license or a link to
+<https://blueoakcouncil.org/license/1.0.0>.
+
+## Excuse
+
+If anyone notifies you in writing that you have not
+complied with [Notices](#notices), you can keep your
+license by taking all practical steps to comply within 30
+days after the notice.  If you do not do so, your license
+ends immediately.
+
+## Patent
+
+Each contributor licenses you to do everything with this
+software that would otherwise infringe any patent claims
+they can license or become able to license.
+
+## Reliability
+
+No contributor can revoke this license.
+
+## No Liability
+
+***As far as the law allows, this software comes as is,
+without any warranty or condition, and no contributor
+will be liable to anyone for any damages related to this
+software or this license, under any kind of legal claim.***
  
 
 # start-server-and-test
@@ -1073,35 +1332,6 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
  
 
-# ts-node
-**Author**: [object Object]
-**Repo**: [object Object]
-**License**: MIT
-**Description**: TypeScript execution environment and REPL for node.js, with source map support
-## License Text
-The MIT License (MIT)
-
-Copyright (c) 2014 Blake Embrey (hello@blakeembrey.com)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
- 
-
 # typedoc
 **Author**: undefined
 **Repo**: [object Object]

ormconfig.js

@@ -1,7 +1,3 @@
-const dotenv = require('dotenv');
-dotenv.config();
-//
-const SOURCE_PATH = process.env.NODE_ENV === 'production' ? 'dist' : 'src';
 module.exports = {
 	type: process.env.DB_TYPE,
 	host: process.env.DB_HOST,
@@ -9,8 +5,7 @@ module.exports = {
 	username: process.env.DB_USER,
 	password: process.env.DB_PASSWORD,
 	database: process.env.DB_NAME,
-	// entities: ["src/**/entities/*.ts"],
-	entities: [ `${SOURCE_PATH}/**/entities/*{.ts,.js}` ],
-	seeds: [ `${SOURCE_PATH}/**/seeds/*{.ts,.js}` ]
-	// seeds: ['src/seeds/*.ts'],
+	// Run directly from TypeScript source (Bun workflow)
+	entities: ["src/models/entities/**/*.ts"],
+	seeds: ["src/seeds/**/*.ts"]
 };

package.json

@@ -1,105 +1,105 @@
-{
-  "name": "@odit/lfk-backend",
-  "version": "0.7.1",
-  "main": "src/app.ts",
-  "repository": "https://git.odit.services/lfk/backend",
-  "author": {
-    "name": "ODIT.Services",
-    "email": "info@odit.services",
-    "url": "https://odit.services"
-  },
-  "contributors": [
-    {
-      "name": "Philipp Dormann",
-      "email": "philipp@philippdormann.de",
-      "url": "https://philippdormann.de"
-    },
-    {
-      "name": "Nicolai Ort",
-      "email": "info@nicolai-ort.com",
-      "url": "https://nicolai-ort.com"
-    }
-  ],
-  "license": "CC-BY-NC-SA-4.0",
-  "dependencies": {
-    "@odit/class-validator-jsonschema": "2.1.1",
-    "argon2": "^0.27.1",
-    "axios": "^0.21.1",
-    "body-parser": "^1.19.0",
-    "class-transformer": "0.3.1",
-    "class-validator": "^0.13.1",
-    "consola": "^2.15.0",
-    "cookie": "^0.4.1",
-    "cookie-parser": "^1.4.5",
-    "cors": "^2.8.5",
-    "csvtojson": "^2.0.10",
-    "dotenv": "^8.2.0",
-    "express": "^4.17.1",
-    "jsonwebtoken": "^8.5.1",
-    "libphonenumber-js": "^1.9.9",
-    "mysql": "^2.18.1",
-    "pg": "^8.5.1",
-    "reflect-metadata": "^0.1.13",
-    "routing-controllers": "0.9.0-alpha.6",
-    "routing-controllers-openapi": "^2.2.0",
-    "sqlite3": "5.0.0",
-    "typeorm": "^0.2.30",
-    "typeorm-routing-controllers-extensions": "^0.2.0",
-    "typeorm-seeding": "^1.6.1",
-    "uuid": "^8.3.2",
-    "validator": "^13.5.2"
-  },
-  "devDependencies": {
-    "@odit/license-exporter": "^0.0.9",
-    "@types/cors": "^2.8.9",
-    "@types/csvtojson": "^1.1.5",
-    "@types/express": "^4.17.11",
-    "@types/jest": "^26.0.20",
-    "@types/jsonwebtoken": "^8.5.0",
-    "@types/node": "^14.14.22",
-    "@types/uuid": "^8.3.0",
-    "cp-cli": "^2.0.0",
-    "jest": "^26.6.3",
-    "nodemon": "^2.0.7",
-    "release-it": "^14.2.2",
-    "rimraf": "^3.0.2",
-    "start-server-and-test": "^1.11.7",
-    "ts-jest": "^26.5.0",
-    "ts-node": "^9.1.1",
-    "typedoc": "^0.20.19",
-    "typescript": "^4.1.3"
-  },
-  "scripts": {
-    "dev": "nodemon src/app.ts",
-    "build": "rimraf ./dist && tsc && cp-cli ./src/static ./dist/static",
-    "docs": "typedoc --out docs src",
-    "test": "jest",
-    "test:watch": "jest --watchAll",
-    "test:ci:generate_env": "ts-node scripts/create_testenv.ts",
-    "test:ci:run": "start-server-and-test dev http://localhost:4010/api/docs/openapi.json test",
-    "test:ci": "npm run test:ci:generate_env && npm run test:ci:run",
-    "seed": "ts-node ./node_modules/typeorm/cli.js schema:sync && ts-node ./node_modules/typeorm-seeding/dist/cli.js seed",
-    "openapi:export": "ts-node scripts/openapi_export.ts",
-    "licenses:export": "license-exporter --markdown",
-    "release": "release-it --only-version"
-  },
-  "release-it": {
-    "git": {
-      "commit": true,
-      "requireCleanWorkingDir": false,
-      "commitMessage": "🚀Bumped version to v${version}",
-      "requireBranch": "dev",
-      "push": false,
-      "tag": false
-    },
-    "npm": {
-      "publish": false
-    }
-  },
-  "nodemonConfig": {
-    "ignore": [
-      "src/tests/*",
-      "docs/*"
-    ]
-  }
-}
+{
+  "name": "@odit/lfk-backend",
+  "version": "1.8.0",
+  "main": "src/app.ts",
+  "repository": "https://git.odit.services/lfk/backend",
+  "author": {
+    "name": "ODIT.Services",
+    "email": "info@odit.services",
+    "url": "https://odit.services"
+  },
+  "contributors": [
+    {
+      "name": "Philipp Dormann",
+      "email": "philipp@philippdormann.de",
+      "url": "https://philippdormann.de"
+    },
+    {
+      "name": "Nicolai Ort",
+      "email": "info@nicolai-ort.com",
+      "url": "https://nicolai-ort.com"
+    }
+  ],
+  "license": "CC-BY-NC-SA-4.0",
+  "dependencies": {
+    "@odit/class-validator-jsonschema": "2.1.1",
+    "axios": "0.21.1",
+    "body-parser": "1.19.0",
+    "check-password-strength": "2.0.2",
+    "class-transformer": "0.3.1",
+    "class-validator": "0.13.0",
+    "consola": "2.15.0",
+    "cookie": "0.4.1",
+    "cookie-parser": "1.4.5",
+    "cors": "2.8.5",
+    "csvtojson": "2.0.10",
+    "express": "4.17.1",
+    "jsonwebtoken": "8.5.1",
+    "libphonenumber-js": "1.9.9",
+    "mysql": "2.18.1",
+    "nats": "^2.29.3",
+    "pg": "8.5.1",
+    "reflect-metadata": "0.1.13",
+    "routing-controllers": "0.9.0-alpha.6",
+    "routing-controllers-openapi": "2.2.0",
+    "sqlite3": "5.1.7",
+    "typeorm": "0.2.30",
+    "typeorm-routing-controllers-extensions": "0.2.0",
+    "typeorm-seeding": "1.6.1",
+    "validator": "13.5.2"
+  },
+  "devDependencies": {
+    "@faker-js/faker": "7.6.0",
+    "@odit/license-exporter": "0.0.9",
+    "@types/cors": "2.8.19",
+    "@types/csvtojson": "1.1.5",
+    "@types/express": "5.0.6",
+    "@types/jest": "30.0.0",
+    "@types/jsonwebtoken": "9.0.10",
+    "@types/node": "25.3.0",
+    "auto-changelog": "2.4.0",
+    "cp-cli": "2.0.0",
+    "jest": "26.6.3",
+    "release-it": "14.2.2",
+    "rimraf": "^6.1.3",
+    "start-server-and-test": "1.11.7",
+    "ts-jest": "26.5.0",
+    "typedoc": "0.20.19",
+    "typescript": "5.9.3"
+  },
+  "scripts": {
+    "dev": "bun --watch src/app.ts",
+    "start": "bun src/app.ts",
+    "build": "rimraf ./dist && tsc && cp-cli ./src/static ./dist/static",
+    "docs": "typedoc --out docs src",
+    "test": "jest",
+    "test:watch": "jest --watchAll",
+    "test:ci:generate_env": "bun scripts/create_testenv.ts",
+    "test:ci:run": "start-server-and-test dev http://localhost:4010/api/docs/openapi.json test",
+    "test:ci": "bun run test:ci:generate_env && bun run test:ci:run",
+    "benchmark": "bun scripts/benchmark_scan_intake.ts",
+    "seed": "bun ./node_modules/typeorm/cli.js schema:sync && bun ./node_modules/typeorm-seeding/dist/cli.js seed",
+    "openapi:export": "bun scripts/openapi_export.ts",
+    "licenses:export": "license-exporter --markdown",
+    "changelog:export": "auto-changelog --commit-limit false -p -u --hide-credit",
+    "release": "release-it --only-version"
+  },
+  "release-it": {
+    "git": {
+      "commit": true,
+      "requireCleanWorkingDir": false,
+      "commitMessage": "chore(release): ${version}",
+      "requireBranch": "dev",
+      "push": true,
+      "tag": true,
+      "tagName": "${version}",
+      "tagAnnotation": "${version}"
+    },
+    "npm": {
+      "publish": false
+    },
+    "hooks": {
+      "after:bump": "bun run changelog:export && bun run licenses:export && git add CHANGELOG.md && git add licenses.md"
+    }
+  }
+}

pnpm-workspace.yaml

@@ -0,0 +1,2 @@
+onlyBuiltDependencies:
+  - sqlite3

scripts/benchmark_scan_intake.ts

@@ -0,0 +1,367 @@
+/**
+ * Scan Intake Benchmark Script
+ *
+ * Measures TrackScan creation performance before and after each optimisation phase.
+ * Run against a live dev server: bun run dev
+ *
+ * Usage:
+ *   bun run benchmark
+ *   bun scripts/benchmark_scan_intake.ts --base http://localhost:4010
+ *
+ * What it measures:
+ *   1. Single sequential scans      — baseline latency per request (p50/p95/p99/max)
+ *   2. Parallel scans (10 stations) — simulates 10 concurrent stations each submitting
+ *                                     one scan at a time at the expected event rate
+ *                                     (~1 scan/3s per station = ~3.3 scans/s total)
+ *
+ * The script self-provisions all required data (org, runners, cards, track, stations)
+ * and cleans up after itself. It authenticates via the station token, matching the
+ * real production auth path exactly.
+ *
+ * Output is printed to stdout in a copy-paste-friendly table format so results can
+ * be compared across phases.
+ */
+
+import axios, { AxiosInstance } from 'axios';
+
+// ---------------------------------------------------------------------------
+// Config
+// ---------------------------------------------------------------------------
+
+const BASE = (() => {
+    const idx = process.argv.indexOf('--base');
+    return idx !== -1 ? process.argv[idx + 1] : 'http://localhost:4010';
+})();
+
+const API = `${BASE}/api`;
+
+// Number of simulated scan stations
+const STATION_COUNT = 10;
+
+// Sequential benchmark: total number of scans to send, one at a time
+const SEQUENTIAL_SCAN_COUNT = 50;
+
+// Parallel benchmark: number of rounds. Each round fires STATION_COUNT scans concurrently.
+// 20 rounds × 10 stations = 200 total scans, matching the expected event throughput pattern.
+const PARALLEL_ROUNDS = 20;
+
+// Minimum lap time on the test track (seconds). Set low so most scans are valid.
+// The benchmark measures submission speed, not business logic.
+const TRACK_MINIMUM_LAP_TIME = 1;
+
+// Track distance (metres)
+const TRACK_DISTANCE = 400;
+
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+
+interface StationHandle {
+    id: number;
+    key: string;         // cleartext token, used as Bearer token
+    cardCode: number;    // EAN-13 barcode of the card assigned to this station's runner
+    axiosInstance: AxiosInstance;
+}
+
+interface Percentiles {
+    p50: number;
+    p95: number;
+    p99: number;
+    max: number;
+    min: number;
+    mean: number;
+}
+
+interface BenchmarkResult {
+    label: string;
+    totalScans: number;
+    totalTimeMs: number;
+    scansPerSecond: number;
+    latencies: Percentiles;
+    errors: number;
+}
+
+// ---------------------------------------------------------------------------
+// HTTP helpers
+// ---------------------------------------------------------------------------
+
+const adminClient = axios.create({
+    baseURL: API,
+    validateStatus: () => true,
+});
+
+async function adminLogin(): Promise<string> {
+    const res = await adminClient.post('/auth/login', { username: 'demo', password: 'demo' });
+    if (res.status !== 200) {
+        throw new Error(`Login failed: ${res.status} ${JSON.stringify(res.data)}`);
+    }
+    return res.data.access_token;
+}
+
+function authedClient(token: string): AxiosInstance {
+    return axios.create({
+        baseURL: API,
+        validateStatus: () => true,
+        headers: { authorization: `Bearer ${token}` },
+    });
+}
+
+// ---------------------------------------------------------------------------
+// Data provisioning
+// ---------------------------------------------------------------------------
+
+async function provision(adminToken: string): Promise<{
+    stations: StationHandle[];
+    trackId: number;
+    orgId: number;
+    cleanup: () => Promise<void>;
+}> {
+    const client = authedClient(adminToken);
+    const createdIds: { type: string; id: number }[] = [];
+
+    const create = async (path: string, body: object): Promise<any> => {
+        const res = await client.post(path, body);
+        if (res.status !== 200) {
+            throw new Error(`POST ${path} failed: ${res.status} ${JSON.stringify(res.data)}`);
+        }
+        return res.data;
+    };
+
+    process.stdout.write('Provisioning test data... ');
+
+    // Organisation
+    const org = await create('/organizations', { name: 'benchmark-org' });
+    createdIds.push({ type: 'organizations', id: org.id });
+
+    // Track with a low minimumLapTime so re-scans within the benchmark are mostly valid
+    const track = await create('/tracks', {
+        name: 'benchmark-track',
+        distance: TRACK_DISTANCE,
+        minimumLapTime: TRACK_MINIMUM_LAP_TIME,
+    });
+    createdIds.push({ type: 'tracks', id: track.id });
+
+    // One runner + card + station per simulated scan station
+    const stations: StationHandle[] = [];
+
+    for (let i = 0; i < STATION_COUNT; i++) {
+        const runner = await create('/runners', {
+            firstname: `Bench`,
+            lastname: `Runner${i}`,
+            group: org.id,
+        });
+        createdIds.push({ type: 'runners', id: runner.id });
+
+        const card = await create('/cards', { runner: runner.id });
+        createdIds.push({ type: 'cards', id: card.id });
+
+        const station = await create('/stations', {
+            track: track.id,
+            description: `bench-station-${i}`,
+        });
+        createdIds.push({ type: 'stations', id: station.id });
+
+        stations.push({
+            id: station.id,
+            key: station.key,
+            cardCode: card.id,   // the test spec uses card.id directly as the barcode value
+            axiosInstance: axios.create({
+                baseURL: API,
+                validateStatus: () => true,
+                headers: { authorization: `Bearer ${station.key}` },
+            }),
+        });
+    }
+
+    console.log(`done. (${STATION_COUNT} stations, ${STATION_COUNT} runners, ${STATION_COUNT} cards)`);
+
+    const cleanup = async () => {
+        process.stdout.write('Cleaning up test data... ');
+        // Delete in reverse-dependency order
+        for (const item of [...createdIds].reverse()) {
+            await client.delete(`/${item.type}/${item.id}?force=true`);
+        }
+        console.log('done.');
+    };
+
+    return { stations, trackId: track.id, orgId: org.id, cleanup };
+}
+
+// ---------------------------------------------------------------------------
+// Single scan submission (returns latency in ms)
+// ---------------------------------------------------------------------------
+
+async function submitScan(station: StationHandle): Promise<{ latencyMs: number; ok: boolean }> {
+    const start = performance.now();
+    const res = await station.axiosInstance.post('/scans/trackscans', {
+        card: station.cardCode,
+        station: station.id,
+    });
+    const latencyMs = performance.now() - start;
+    const ok = res.status === 200;
+    return { latencyMs, ok };
+}
+
+// ---------------------------------------------------------------------------
+// Statistics
+// ---------------------------------------------------------------------------
+
+function percentiles(latencies: number[]): Percentiles {
+    const sorted = [...latencies].sort((a, b) => a - b);
+    const at = (pct: number) => sorted[Math.floor((pct / 100) * sorted.length)] ?? sorted[sorted.length - 1];
+    const mean = sorted.reduce((s, v) => s + v, 0) / sorted.length;
+    return {
+        p50: Math.round(at(50)),
+        p95: Math.round(at(95)),
+        p99: Math.round(at(99)),
+        max: Math.round(sorted[sorted.length - 1]),
+        min: Math.round(sorted[0]),
+        mean: Math.round(mean),
+    };
+}
+
+// ---------------------------------------------------------------------------
+// Benchmark 1 — Sequential (single station, one scan at a time)
+// ---------------------------------------------------------------------------
+
+async function benchmarkSequential(station: StationHandle): Promise<BenchmarkResult> {
+    const latencies: number[] = [];
+    let errors = 0;
+
+    process.stdout.write(`  Running ${SEQUENTIAL_SCAN_COUNT} sequential scans`);
+    const wallStart = performance.now();
+
+    for (let i = 0; i < SEQUENTIAL_SCAN_COUNT; i++) {
+        const { latencyMs, ok } = await submitScan(station);
+        latencies.push(latencyMs);
+        if (!ok) errors++;
+        if ((i + 1) % 10 === 0) process.stdout.write('.');
+    }
+
+    const totalTimeMs = performance.now() - wallStart;
+    console.log(' done.');
+
+    return {
+        label: 'Sequential (1 station)',
+        totalScans: SEQUENTIAL_SCAN_COUNT,
+        totalTimeMs,
+        scansPerSecond: (SEQUENTIAL_SCAN_COUNT / totalTimeMs) * 1000,
+        latencies: percentiles(latencies),
+        errors,
+    };
+}
+
+// ---------------------------------------------------------------------------
+// Benchmark 2 — Parallel (10 stations, concurrent rounds)
+//
+// Models the real event scenario: every ~3 seconds each station submits one scan.
+// We don't actually sleep between rounds — we fire each round as fast as the
+// previous one completes, which gives us the worst-case sustained throughput
+// (all stations submitting at maximum rate simultaneously).
+// ---------------------------------------------------------------------------
+
+async function benchmarkParallel(stations: StationHandle[]): Promise<BenchmarkResult> {
+    const latencies: number[] = [];
+    let errors = 0;
+
+    process.stdout.write(`  Running ${PARALLEL_ROUNDS} rounds × ${STATION_COUNT} concurrent stations`);
+    const wallStart = performance.now();
+
+    for (let round = 0; round < PARALLEL_ROUNDS; round++) {
+        const results = await Promise.all(stations.map(s => submitScan(s)));
+        for (const { latencyMs, ok } of results) {
+            latencies.push(latencyMs);
+            if (!ok) errors++;
+        }
+        if ((round + 1) % 4 === 0) process.stdout.write('.');
+    }
+
+    const totalTimeMs = performance.now() - wallStart;
+    const totalScans = PARALLEL_ROUNDS * STATION_COUNT;
+    console.log(' done.');
+
+    return {
+        label: `Parallel (${STATION_COUNT} stations concurrent)`,
+        totalScans,
+        totalTimeMs,
+        scansPerSecond: (totalScans / totalTimeMs) * 1000,
+        latencies: percentiles(latencies),
+        errors,
+    };
+}
+
+// ---------------------------------------------------------------------------
+// Output formatting
+// ---------------------------------------------------------------------------
+
+function printResult(result: BenchmarkResult) {
+    const { label, totalScans, totalTimeMs, scansPerSecond, latencies, errors } = result;
+    console.log(`\n  ${label}`);
+    console.log(`  ${'─'.repeat(52)}`);
+    console.log(`  Total scans   : ${totalScans}`);
+    console.log(`  Total time    : ${totalTimeMs.toFixed(0)} ms`);
+    console.log(`  Throughput    : ${scansPerSecond.toFixed(2)} scans/sec`);
+    console.log(`  Latency min   : ${latencies.min} ms`);
+    console.log(`  Latency mean  : ${latencies.mean} ms`);
+    console.log(`  Latency p50   : ${latencies.p50} ms`);
+    console.log(`  Latency p95   : ${latencies.p95} ms`);
+    console.log(`  Latency p99   : ${latencies.p99} ms`);
+    console.log(`  Latency max   : ${latencies.max} ms`);
+    console.log(`  Errors        : ${errors}`);
+}
+
+function printSummary(results: BenchmarkResult[]) {
+    const now = new Date().toISOString();
+    console.log('\n');
+    console.log('═'.repeat(60));
+    console.log(`  SCAN INTAKE BENCHMARK RESULTS — ${now}`);
+    console.log(`  Server: ${BASE}`);
+    console.log('═'.repeat(60));
+    for (const r of results) {
+        printResult(r);
+    }
+    console.log('\n' + '═'.repeat(60));
+    console.log('  Copy the block above to compare across phases.');
+    console.log('═'.repeat(60) + '\n');
+}
+
+// ---------------------------------------------------------------------------
+// Entry point
+// ---------------------------------------------------------------------------
+
+async function main() {
+    console.log(`\nScan Intake Benchmark — target: ${BASE}\n`);
+
+    let adminToken: string;
+    try {
+        adminToken = await adminLogin();
+    } catch (err) {
+        console.error(`Could not authenticate. Is the server running at ${BASE}?\n`, err.message);
+        process.exit(1);
+    }
+
+    const { stations, cleanup } = await provision(adminToken);
+
+    const results: BenchmarkResult[] = [];
+
+    try {
+        console.log('\nBenchmark 1 — Sequential');
+        results.push(await benchmarkSequential(stations[0]));
+
+        // Brief pause between benchmarks so the sequential scans don't skew
+        // the parallel benchmark's first-scan latency (minimumLapTime window)
+        await new Promise(r => setTimeout(r, (TRACK_MINIMUM_LAP_TIME + 1) * 1000));
+
+        console.log('\nBenchmark 2 — Parallel');
+        results.push(await benchmarkParallel(stations));
+    } finally {
+        await cleanup();
+    }
+
+    printSummary(results);
+}
+
+main().catch(err => {
+    console.error('Benchmark failed:', err);
+    process.exit(1);
+});

src/app.ts

@@ -7,7 +7,28 @@ import authchecker from "./middlewares/authchecker";
 import { ErrorHandler } from './middlewares/ErrorHandler';
 import UserChecker from './middlewares/UserChecker';
 
-const CONTROLLERS_FILE_EXTENSION = process.env.NODE_ENV === 'production' ? 'js' : 'ts';
+// Import all controllers directly to avoid Bun + routing-controllers glob/require issues
+import { AuthController } from './controllers/AuthController';
+import { DonationController } from './controllers/DonationController';
+import { DonorController } from './controllers/DonorController';
+import { GroupContactController } from './controllers/GroupContactController';
+import { ImportController } from './controllers/ImportController';
+import { MeController } from './controllers/MeController';
+import { PermissionController } from './controllers/PermissionController';
+import { RunnerCardController } from './controllers/RunnerCardController';
+import { RunnerController } from './controllers/RunnerController';
+import { RunnerOrganizationController } from './controllers/RunnerOrganizationController';
+import { RunnerSelfServiceController } from './controllers/RunnerSelfServiceController';
+import { RunnerTeamController } from './controllers/RunnerTeamController';
+import { ScanController } from './controllers/ScanController';
+import { ScanStationController } from './controllers/ScanStationController';
+import { StatsClientController } from './controllers/StatsClientController';
+import { StatsController } from './controllers/StatsController';
+import { StatusController } from './controllers/StatusController';
+import { TrackController } from './controllers/TrackController';
+import { UserController } from './controllers/UserController';
+import { UserGroupController } from './controllers/UserGroupController';
+
 const app = createExpressServer({
   authorizationChecker: authchecker,
   currentUserChecker: UserChecker,
@@ -15,7 +36,28 @@ const app = createExpressServer({
   development: config.development,
   cors: true,
   routePrefix: "/api",
-  controllers: [`${__dirname}/controllers/*.${CONTROLLERS_FILE_EXTENSION}`],
+  controllers: [
+    AuthController,
+    DonationController,
+    DonorController,
+    GroupContactController,
+    ImportController,
+    MeController,
+    PermissionController,
+    RunnerCardController,
+    RunnerController,
+    RunnerOrganizationController,
+    RunnerSelfServiceController,
+    RunnerTeamController,
+    ScanController,
+    ScanStationController,
+    StatsClientController,
+    StatsController,
+    StatusController,
+    TrackController,
+    UserController,
+    UserGroupController,
+  ],
 });
 
 async function main() {

src/config.ts

@@ -1,50 +1,59 @@
-import { config as configDotenv } from 'dotenv';
-import { CountryCode } from 'libphonenumber-js';
-import ValidatorJS from 'validator';
-
-configDotenv();
-export const config = {
-    internal_port: parseInt(process.env.APP_PORT) || 4010,
-    development: process.env.NODE_ENV === "production",
-    testing: process.env.NODE_ENV === "test",
-    jwt_secret: process.env.JWT_SECRET || "secretjwtsecret",
-    phone_validation_countrycode: getPhoneCodeLocale(),
-    postalcode_validation_countrycode: getPostalCodeLocale(),
-    version: process.env.VERSION || require('../package.json').version,
-    seedTestData: getDataSeeding(),
-    app_url: process.env.APP_URL || "http://localhost:8080",
-    privacy_url: process.env.PRIVACY_URL || "/privacy",
-    imprint_url: process.env.IMPRINT_URL || "/imprint",
-    mailer_url: process.env.MAILER_URL || "",
-    mailer_key: process.env.MAILER_KEY || ""
-}
-let errors = 0
-if (typeof config.internal_port !== "number") {
-    errors++
-}
-if (typeof config.development !== "boolean") {
-    errors++
-}
-if (config.mailer_url == "" || config.mailer_key == "") {
-    errors++;
-}
-function getPhoneCodeLocale(): CountryCode {
-    return (process.env.PHONE_COUNTRYCODE as CountryCode);
-}
-function getPostalCodeLocale(): any {
-    try {
-        const stringArray: String[] = ValidatorJS.isPostalCodeLocales;
-        let index = stringArray.indexOf(process.env.POSTALCODE_COUNTRYCODE);
-        return ValidatorJS.isPostalCodeLocales[index];
-    } catch (error) {
-        return null;
-    }
-}
-function getDataSeeding(): Boolean {
-    try {
-        return JSON.parse(process.env.SEED_TEST_DATA);
-    } catch (error) {
-        return false;
-    }
-}
+import consola from 'consola';
+import { CountryCode } from 'libphonenumber-js';
+import ValidatorJS from 'validator';
+
+export const config = {
+    internal_port: parseInt(process.env.APP_PORT) || 4010,
+    development: process.env.NODE_ENV === "production",
+    testing: process.env.NODE_ENV === "test",
+    jwt_secret: process.env.JWT_SECRET || "secretjwtsecret",
+    station_token_secret: process.env.STATION_TOKEN_SECRET || "",
+    nats_url: process.env.NATS_URL || "nats://localhost:4222",
+    nats_prewarm: process.env.NATS_PREWARM === "true",
+    phone_validation_countrycode: getPhoneCodeLocale(),
+    postalcode_validation_countrycode: getPostalCodeLocale(),
+    version: process.env.VERSION || require('../package.json').version,
+    seedTestData: getDataSeeding(),
+    app_url: process.env.APP_URL || "http://localhost:8080",
+    privacy_url: process.env.PRIVACY_URL || "/privacy",
+    imprint_url: process.env.IMPRINT_URL || "/imprint",
+    mailer_url: process.env.MAILER_URL || "",
+    mailer_key: process.env.MAILER_KEY || ""
+}
+let errors = 0
+if (typeof config.internal_port !== "number") {
+    consola.error("Error: APP_PORT is not a number")
+    errors++
+}
+if (typeof config.development !== "boolean") {
+    consola.error("Error: NODE_ENV is not a boolean")
+    errors++
+}
+if (config.mailer_url == "" || config.mailer_key == "") {
+    consola.error("Error: invalid mailer config")
+    errors++;
+}
+if (config.station_token_secret.length < 32) {
+    consola.error("Error: STATION_TOKEN_SECRET must be set and at least 32 characters long")
+    errors++;
+}
+function getPhoneCodeLocale(): CountryCode {
+    return (process.env.PHONE_COUNTRYCODE as CountryCode);
+}
+function getPostalCodeLocale(): any {
+    try {
+        const stringArray: String[] = ValidatorJS.isPostalCodeLocales;
+        let index = stringArray.indexOf(process.env.POSTALCODE_COUNTRYCODE);
+        return ValidatorJS.isPostalCodeLocales[index];
+    } catch (error) {
+        return null;
+    }
+}
+function getDataSeeding(): Boolean {
+    try {
+        return JSON.parse(process.env.SEED_TEST_DATA);
+    } catch (error) {
+        return false;
+    }
+}
 export let e = errors

src/controllers/DonationController.ts

@@ -1,9 +1,10 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnectionManager } from 'typeorm';
 import { DonationIdsNotMatchingError, DonationNotFoundError } from '../errors/DonationErrors';
 import { DonorNotFoundError } from '../errors/DonorErrors';
 import { RunnerNotFoundError } from '../errors/RunnerErrors';
+import { CreateAnonymousDonation } from '../models/actions/create/CreateAnonymousDonation';
 import { CreateDistanceDonation } from '../models/actions/create/CreateDistanceDonation';
 import { CreateFixedDonation } from '../models/actions/create/CreateFixedDonation';
 import { UpdateDistanceDonation } from '../models/actions/update/UpdateDistanceDonation';
@@ -11,6 +12,7 @@ import { UpdateFixedDonation } from '../models/actions/update/UpdateFixedDonatio
 import { DistanceDonation } from '../models/entities/DistanceDonation';
 import { Donation } from '../models/entities/Donation';
 import { FixedDonation } from '../models/entities/FixedDonation';
+import { ResponseAnonymousDonation } from '../models/responses/ResponseAnonymousDonation';
 import { ResponseDistanceDonation } from '../models/responses/ResponseDistanceDonation';
 import { ResponseDonation } from '../models/responses/ResponseDonation';
 import { ResponseEmpty } from '../models/responses/ResponseEmpty';
@@ -35,10 +37,18 @@ export class DonationController {
 	@Authorized("DONATION:GET")
 	@ResponseSchema(ResponseDonation, { isArray: true })
 	@ResponseSchema(ResponseDistanceDonation, { isArray: true })
+	@ResponseSchema(ResponseAnonymousDonation, { isArray: true })
 	@OpenAPI({ description: 'Lists all donations (fixed or distance based) from all donors. <br> This includes the donations\'s runner\'s distance ran(if distance donation).' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
 		let responseDonations: ResponseDonation[] = new Array<ResponseDonation>();
-		const donations = await this.donationRepository.find({ relations: ['runner', 'donor', 'runner.scans', 'runner.scans.track'] });
+		let donations: Array<Donation>;
+
+		if (page != undefined) {
+			donations = await this.donationRepository.find({ relations: ['runner', 'donor', 'runner.scans', 'runner.scans.track'], skip: page * page_size, take: page_size });
+		} else {
+			donations = await this.donationRepository.find({ relations: ['runner', 'donor', 'runner.scans', 'runner.scans.track'] });
+		}
+
 		donations.forEach(donation => {
 			responseDonations.push(donation.toResponse());
 		});
@@ -49,6 +59,7 @@ export class DonationController {
 	@Authorized("DONATION:GET")
 	@ResponseSchema(ResponseDonation)
 	@ResponseSchema(ResponseDistanceDonation)
+	@ResponseSchema(ResponseAnonymousDonation)
 	@ResponseSchema(DonationNotFoundError, { statusCode: 404 })
 	@OnUndefined(DonationNotFoundError)
 	@OpenAPI({ description: 'Lists all information about the donation whose id got provided. This includes the donation\'s runner\'s distance ran (if distance donation).' })
@@ -69,6 +80,17 @@ export class DonationController {
 		return (await this.donationRepository.findOne({ id: donation.id }, { relations: ['donor'] })).toResponse();
 	}
 
+	@Post('/anonymous')
+	@Authorized("DONATION:CREATE")
+	@ResponseSchema(ResponseDonation)
+	@ResponseSchema(DonorNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: 'Create a anonymous donation' })
+	async postAnonymous(@Body({ validate: true }) createDonation: CreateAnonymousDonation) {
+		let donation = await createDonation.toEntity();
+		donation = await this.fixedDonationRepository.save(donation);
+		return (await this.donationRepository.findOne({ id: donation.id })).toResponse();
+	}
+
 	@Post('/distance')
 	@Authorized("DONATION:CREATE")
 	@ResponseSchema(ResponseDistanceDonation)

src/controllers/DonorController.ts

@@ -1,6 +1,6 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnectionManager } from 'typeorm';
 import { DonorHasDonationsError, DonorIdsNotMatchingError, DonorNotFoundError } from '../errors/DonorErrors';
 import { CreateDonor } from '../models/actions/create/CreateDonor';
 import { UpdateDonor } from '../models/actions/update/UpdateDonor';
@@ -25,9 +25,16 @@ export class DonorController {
 	@Authorized("DONOR:GET")
 	@ResponseSchema(ResponseDonor, { isArray: true })
 	@OpenAPI({ description: 'Lists all donor. <br> This includes the donor\'s current donation amount.' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
 		let responseDonors: ResponseDonor[] = new Array<ResponseDonor>();
-		const donors = await this.donorRepository.find({ relations: ['donations', 'donations.runner', 'donations.runner.scans', 'donations.runner.scans.track'] });
+		let donors: Array<Donor>;
+
+		if (page != undefined) {
+			donors = await this.donorRepository.find({ relations: ['donations', 'donations.runner', 'donations.runner.scans', 'donations.runner.scans.track'], skip: page * page_size, take: page_size });
+		} else {
+			donors = await this.donorRepository.find({ relations: ['donations', 'donations.runner', 'donations.runner.scans', 'donations.runner.scans.track'] });
+		}
+
 		donors.forEach(donor => {
 			responseDonors.push(new ResponseDonor(donor));
 		});

src/controllers/GroupContactController.ts

@@ -1,6 +1,6 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnection, getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnection, getConnectionManager } from 'typeorm';
 import { GroupContactIdsNotMatchingError, GroupContactNotFoundError } from '../errors/GroupContactErrors';
 import { RunnerGroupNotFoundError } from '../errors/RunnerGroupErrors';
 import { CreateGroupContact } from '../models/actions/create/CreateGroupContact';
@@ -26,9 +26,16 @@ export class GroupContactController {
 	@Authorized("CONTACT:GET")
 	@ResponseSchema(ResponseGroupContact, { isArray: true })
 	@OpenAPI({ description: 'Lists all contacts. <br> This includes the contact\'s associated groups.' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
 		let responseContacts: ResponseGroupContact[] = new Array<ResponseGroupContact>();
-		const contacts = await this.contactRepository.find({ relations: ['groups', 'groups.parentGroup'] });
+		let contacts: Array<GroupContact>;
+
+		if (page != undefined) {
+			contacts = await this.contactRepository.find({ relations: ['groups', 'groups.parentGroup'], skip: page * page_size, take: page_size });
+		} else {
+			contacts = await this.contactRepository.find({ relations: ['groups', 'groups.parentGroup'] });
+		}
+
 		contacts.forEach(contact => {
 			responseContacts.push(contact.toResponse());
 		});

src/controllers/MeController.ts

@@ -1,7 +1,7 @@
 import { Body, CurrentUser, Delete, Get, JsonController, OnUndefined, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
-import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
 import { UpdateUser } from '../models/actions/update/UpdateUser';
 import { User } from '../models/entities/User';
 import { ResponseUser } from '../models/responses/ResponseUser';
@@ -48,6 +48,10 @@ export class MeController {
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
 	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
+	@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
 	@OpenAPI({ description: "Update the yourself. <br> You can't edit your own permissions or group memberships here - Please use the /api/users/:id enpoint instead. <br> Please remember that ids can't be changed." })
 	async put(@CurrentUser() currentUser: User, @Body({ validate: true }) updateUser: UpdateUser) {
 		let oldUser = await this.userRepository.findOne({ id: currentUser.id }, { relations: ['groups'] });

src/controllers/PermissionController.ts

@@ -1,6 +1,6 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnectionManager } from 'typeorm';
 import { PermissionIdsNotMatchingError, PermissionNeedsPrincipalError, PermissionNotFoundError } from '../errors/PermissionErrors';
 import { PrincipalNotFoundError } from '../errors/PrincipalErrors';
 import { CreatePermission } from '../models/actions/create/CreatePermission';
@@ -27,9 +27,16 @@ export class PermissionController {
     @Authorized("PERMISSION:GET")
     @ResponseSchema(ResponsePermission, { isArray: true })
     @OpenAPI({ description: 'Lists all permissions for all users and groups.' })
-    async getAll() {
+    async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
         let responsePermissions: ResponsePermission[] = new Array<ResponsePermission>();
-        const permissions = await this.permissionRepository.find({ relations: ['principal'] });
+        let permissions: Array<Permission>;
+
+        if (page != undefined) {
+            permissions = await this.permissionRepository.find({ relations: ['principal'], skip: page * page_size, take: page_size });
+        } else {
+            permissions = await this.permissionRepository.find({ relations: ['principal'] });
+        }
+
         permissions.forEach(permission => {
             responsePermissions.push(new ResponsePermission(permission));
         });

src/controllers/RunnerCardController.ts

@@ -1,121 +1,164 @@
-import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
-import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { Repository, getConnectionManager } from 'typeorm';
 import { RunnerCardHasScansError, RunnerCardIdsNotMatchingError, RunnerCardNotFoundError } from '../errors/RunnerCardErrors';
 import { RunnerNotFoundError } from '../errors/RunnerErrors';
-import { CreateRunnerCard } from '../models/actions/create/CreateRunnerCard';
-import { UpdateRunnerCard } from '../models/actions/update/UpdateRunnerCard';
-import { RunnerCard } from '../models/entities/RunnerCard';
-import { ResponseEmpty } from '../models/responses/ResponseEmpty';
-import { ResponseRunnerCard } from '../models/responses/ResponseRunnerCard';
-import { ScanController } from './ScanController';
-
-@JsonController('/cards')
-@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
-export class RunnerCardController {
-	private cardRepository: Repository<RunnerCard>;
-
-	/**
-	 * Gets the repository of this controller's model/entity.
-	 */
-	constructor() {
-		this.cardRepository = getConnectionManager().get().getRepository(RunnerCard);
-	}
-
-	@Get()
-	@Authorized("CARD:GET")
-	@ResponseSchema(ResponseRunnerCard, { isArray: true })
-	@OpenAPI({ description: 'Lists all card.' })
-	async getAll() {
-		let responseCards: ResponseRunnerCard[] = new Array<ResponseRunnerCard>();
-		const cards = await this.cardRepository.find({ relations: ['runner', 'runner.group', 'runner.group.parentGroup'] });
-		cards.forEach(card => {
-			responseCards.push(new ResponseRunnerCard(card));
-		});
-		return responseCards;
-	}
-
-	@Get('/:id')
-	@Authorized("CARD:GET")
-	@ResponseSchema(ResponseRunnerCard)
-	@ResponseSchema(RunnerCardNotFoundError, { statusCode: 404 })
-	@OnUndefined(RunnerCardNotFoundError)
-	@OpenAPI({ description: "Lists all information about the card whose id got provided." })
-	async getOne(@Param('id') id: number) {
-		let card = await this.cardRepository.findOne({ id: id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] });
-		if (!card) { throw new RunnerCardNotFoundError(); }
-		return card.toResponse();
-	}
-
-	@Post('/bulk')
-	@Authorized("CARD:CREATE")
-	@ResponseSchema(ResponseEmpty, { statusCode: 200 })
-	@OpenAPI({ description: "Create blank cards in bulk. <br> Just provide the count as a query param and wait for the 200 response." })
-	async postBlancoBulk(@QueryParam("count") count: number) {
-		let createPromises = new Array<any>();
-		for (let index = 0; index < count; index++) {
-			createPromises.push(this.cardRepository.save({ runner: null, enabled: true }))
-		}
-		await Promise.all(createPromises);
-		let response = new ResponseEmpty();
-		response.response = `Created ${count} new blanco cards.`
-		return response;
-	}
-
-	@Post()
-	@Authorized("CARD:CREATE")
-	@ResponseSchema(ResponseRunnerCard)
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@OpenAPI({ description: "Create a new card. <br> You can provide a associated runner by id but you don't have to." })
-	async post(@Body({ validate: true }) createCard: CreateRunnerCard) {
-		let card = await createCard.toEntity();
-		card = await this.cardRepository.save(card);
-		return (await this.cardRepository.findOne({ id: card.id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] })).toResponse();
-	}
-
-	@Put('/:id')
-	@Authorized("CARD:UPDATE")
-	@ResponseSchema(ResponseRunnerCard)
-	@ResponseSchema(RunnerCardNotFoundError, { statusCode: 404 })
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@ResponseSchema(RunnerCardIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update the card whose id you provided. <br> Scans created via this card will still be associated with the old runner. <br> Please remember that ids can't be changed." })
-	async put(@Param('id') id: number, @Body({ validate: true }) card: UpdateRunnerCard) {
-		let oldCard = await this.cardRepository.findOne({ id: id });
-
-		if (!oldCard) {
-			throw new RunnerCardNotFoundError();
-		}
-
-		if (oldCard.id != card.id) {
-			throw new RunnerCardIdsNotMatchingError();
-		}
-
+import { deleteCardEntry } from '../nats/CardKV';
+import { CreateRunnerCard } from '../models/actions/create/CreateRunnerCard';
+import { UpdateRunnerCard } from '../models/actions/update/UpdateRunnerCard';
+import { UpdateRunnerCardByCode } from '../models/actions/update/UpdateRunnerCardByCode';
+import { RunnerCard } from '../models/entities/RunnerCard';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseRunnerCard } from '../models/responses/ResponseRunnerCard';
+import { ScanController } from './ScanController';
+
+@JsonController('/cards')
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+export class RunnerCardController {
+	private cardRepository: Repository<RunnerCard>;
+
+	/**
+	 * Gets the repository of this controller's model/entity.
+	 */
+	constructor() {
+		this.cardRepository = getConnectionManager().get().getRepository(RunnerCard);
+	}
+
+	@Get()
+	@Authorized("CARD:GET")
+	@ResponseSchema(ResponseRunnerCard, { isArray: true })
+	@OpenAPI({ description: 'Lists all card.' })
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
+		let responseCards: ResponseRunnerCard[] = new Array<ResponseRunnerCard>();
+		let cards: Array<RunnerCard>;
+
+		if (page != undefined) {
+			cards = await this.cardRepository.find({ relations: ['runner', 'runner.group', 'runner.group.parentGroup'], skip: page * page_size, take: page_size });
+		} else {
+			cards = await this.cardRepository.find({ relations: ['runner', 'runner.group', 'runner.group.parentGroup'] });
+		}
+
+		cards.forEach(card => {
+			responseCards.push(new ResponseRunnerCard(card));
+		});
+		return responseCards;
+	}
+
+	@Get('/:id')
+	@Authorized("CARD:GET")
+	@ResponseSchema(ResponseRunnerCard)
+	@ResponseSchema(RunnerCardNotFoundError, { statusCode: 404 })
+	@OnUndefined(RunnerCardNotFoundError)
+	@OpenAPI({ description: "Lists all information about the card whose id got provided." })
+	async getOne(@Param('id') id: number) {
+		let card = await this.cardRepository.findOne({ id: id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] });
+		if (!card) { throw new RunnerCardNotFoundError(); }
+		return card.toResponse();
+	}
+
+	@Post('/bulk')
+	@Authorized("CARD:CREATE")
+	@ResponseSchema(ResponseEmpty, { statusCode: 200 })
+	@OpenAPI({ description: "Create blank cards in bulk. <br> Just provide the count as a query param and wait for the 200 response. <br> You can provide the 'returnCards' query param if you want to receive the RESPONSERUNNERCARD objects in the response." })
+	async postBlancoBulk(@QueryParam("count") count: number, @QueryParam("returnCards") returnCards: boolean = false) {
+		let createPromises = new Array<any>();
+		for (let index = 0; index < count; index++) {
+			createPromises.push(this.cardRepository.save({ runner: null, enabled: true }))
+		}
+
+		const cards = await Promise.all(createPromises);
+
+		if (returnCards) {
+			let responseCards: ResponseRunnerCard[] = new Array<ResponseRunnerCard>();
+			for await (let card of cards) {
+				let dbCard = await this.cardRepository.findOne({ id: card.id });
+				responseCards.push(new ResponseRunnerCard(dbCard));
+			}
+			return responseCards;
+		}
+		let response = new ResponseEmpty();
+		response.response = `Created ${count} new blanco cards.`
+		return response;
+	}
+
+	@Post()
+	@Authorized("CARD:CREATE")
+	@ResponseSchema(ResponseRunnerCard)
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: "Create a new card. <br> You can provide a associated runner by id but you don't have to." })
+	async post(@Body({ validate: true }) createCard: CreateRunnerCard) {
+		let card = await createCard.toEntity();
+		card = await this.cardRepository.save(card);
+		return (await this.cardRepository.findOne({ id: card.id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] })).toResponse();
+	}
+
+	@Put('/:id')
+	@Authorized("CARD:UPDATE")
+	@ResponseSchema(ResponseRunnerCard)
+	@ResponseSchema(RunnerCardNotFoundError, { statusCode: 404 })
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@ResponseSchema(RunnerCardIdsNotMatchingError, { statusCode: 406 })
+	@OpenAPI({ description: "Update the card whose id you provided. <br> Scans created via this card will still be associated with the old runner. <br> Please remember that ids can't be changed." })
+	async put(@Param('id') id: number, @Body({ validate: true }) card: UpdateRunnerCard) {
+		let oldCard = await this.cardRepository.findOne({ id: id });
+
+		if (!oldCard) {
+			throw new RunnerCardNotFoundError();
+		}
+
+		if (oldCard.id != card.id) {
+			throw new RunnerCardIdsNotMatchingError();
+		}
+
 		await this.cardRepository.save(await card.update(oldCard));
+		await deleteCardEntry(id);
 		return (await this.cardRepository.findOne({ id: id }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] })).toResponse();
-	}
-
-	@Delete('/:id')
-	@Authorized("CARD:DELETE")
-	@ResponseSchema(ResponseRunnerCard)
-	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
-	@ResponseSchema(RunnerCardHasScansError, { statusCode: 406 })
-	@OnUndefined(204)
-	@OpenAPI({ description: "Delete the card whose id you provided. <br> If no card with this id exists it will just return 204(no content). <br> If the card still has scans associated you have to provide the force=true query param (warning: this deletes all scans associated with by this card - please disable it instead or just remove the runner association)." })
-	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
-		let card = await this.cardRepository.findOne({ id: id });
-		if (!card) { return null; }
-
-		const cardScans = (await this.cardRepository.findOne({ id: id }, { relations: ["scans"] })).scans;
-		if (cardScans.length != 0 && !force) {
-			throw new RunnerCardHasScansError();
-		}
-		const scanController = new ScanController;
+	}
+
+	@Put('/:code')
+	@Authorized("CARD:UPDATE")
+	@ResponseSchema(ResponseRunnerCard)
+	@ResponseSchema(RunnerCardNotFoundError, { statusCode: 404 })
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@ResponseSchema(RunnerCardIdsNotMatchingError, { statusCode: 406 })
+	@OpenAPI({ description: "Update the card whose code you provided." })
+	async putByCode(@Param('code') code: string, @Body({ validate: true }) card: UpdateRunnerCardByCode) {
+		let oldCard = await this.cardRepository.findOne({ code: code });
+
+		if (!oldCard) {
+			throw new RunnerCardNotFoundError();
+		}
+
+		if (oldCard.code != card.code) {
+			throw new RunnerCardIdsNotMatchingError();
+		}
+
+		await this.cardRepository.save(await card.update(oldCard));
+		return (await this.cardRepository.findOne({ code: code }, { relations: ['runner', 'runner.group', 'runner.group.parentGroup'] })).toResponse();
+	}
+
+	@Delete('/:id')
+	@Authorized("CARD:DELETE")
+	@ResponseSchema(ResponseRunnerCard)
+	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
+	@ResponseSchema(RunnerCardHasScansError, { statusCode: 406 })
+	@OnUndefined(204)
+	@OpenAPI({ description: "Delete the card whose id you provided. <br> If no card with this id exists it will just return 204(no content). <br> If the card still has scans associated you have to provide the force=true query param (warning: this deletes all scans associated with by this card - please disable it instead or just remove the runner association)." })
+	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
+		let card = await this.cardRepository.findOne({ id: id });
+		if (!card) { return null; }
+
+		const cardScans = (await this.cardRepository.findOne({ id: id }, { relations: ["scans"] })).scans;
+		if (cardScans.length != 0 && !force) {
+			throw new RunnerCardHasScansError();
+		}
+		const scanController = new ScanController;
 		for (let scan of cardScans) {
 			await scanController.remove(scan.id, force);
 		}
 
+		await deleteCardEntry(id);
 		await this.cardRepository.delete(card);
 		return card.toResponse();
-	}
+	}
 }

src/controllers/RunnerController.ts

@@ -1,18 +1,19 @@
-import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
-import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
-import { RunnerGroupNeededError, RunnerHasDistanceDonationsError, RunnerIdsNotMatchingError, RunnerNotFoundError } from '../errors/RunnerErrors';
-import { RunnerGroupNotFoundError } from '../errors/RunnerGroupErrors';
-import { CreateRunner } from '../models/actions/create/CreateRunner';
-import { UpdateRunner } from '../models/actions/update/UpdateRunner';
-import { Runner } from '../models/entities/Runner';
-import { ResponseEmpty } from '../models/responses/ResponseEmpty';
-import { ResponseRunner } from '../models/responses/ResponseRunner';
-import { ResponseScan } from '../models/responses/ResponseScan';
-import { ResponseTrackScan } from '../models/responses/ResponseTrackScan';
-import { DonationController } from './DonationController';
-import { RunnerCardController } from './RunnerCardController';
-import { ScanController } from './ScanController';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { Repository, getConnectionManager } from 'typeorm';
+import { RunnerGroupNeededError, RunnerHasDistanceDonationsError, RunnerIdsNotMatchingError, RunnerNotFoundError } from '../errors/RunnerErrors';
+import { RunnerGroupNotFoundError } from '../errors/RunnerGroupErrors';
+import { deleteRunnerEntry } from '../nats/RunnerKV';
+import { CreateRunner } from '../models/actions/create/CreateRunner';
+import { UpdateRunner } from '../models/actions/update/UpdateRunner';
+import { Runner } from '../models/entities/Runner';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseRunner } from '../models/responses/ResponseRunner';
+import { ResponseScan } from '../models/responses/ResponseScan';
+import { ResponseTrackScan } from '../models/responses/ResponseTrackScan';
+import { DonationController } from './DonationController';
+import { RunnerCardController } from './RunnerCardController';
+import { ScanController } from './ScanController';
 
 @JsonController('/runners')
 @OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
@@ -30,11 +31,25 @@ export class RunnerController {
 	@Authorized("RUNNER:GET")
 	@ResponseSchema(ResponseRunner, { isArray: true })
 	@OpenAPI({ description: 'Lists all runners from all teams/orgs. <br> This includes the runner\'s group and distance ran.' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100, @QueryParam("created_via", { required: false }) created_via: string = "all", @QueryParam("selfservice_links", { required: false }) selfservice_links: boolean = false) {
 		let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
-		const runners = await this.runnerRepository.find({ relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] });
+		let runners: Array<Runner>;
+
+		console.log("call to RunnerController.getAll() with page: " + page + " and page_size: " + page_size + " and created_via: " + created_via + " and selfservice_links: " + selfservice_links);
+		if (page != undefined) {
+			runners = await this.runnerRepository.find({ relations: ['scans', 'group', 'group.parentGroup', 'scans.track'], skip: page * page_size, take: page_size });
+		} else {
+			runners = await this.runnerRepository.find({ relations: ['scans', 'group', 'group.parentGroup', 'scans.track'] });
+		}
+
 		runners.forEach(runner => {
-			responseRunners.push(new ResponseRunner(runner));
+			if (created_via === "all") {
+				responseRunners.push(new ResponseRunner(runner, selfservice_links));
+			} else {
+				if (runner.created_via === created_via) {
+					responseRunners.push(new ResponseRunner(runner, selfservice_links));
+				}
+			}
 		});
 		return responseRunners;
 	}
@@ -46,9 +61,9 @@ export class RunnerController {
 	@OnUndefined(RunnerNotFoundError)
 	@OpenAPI({ description: 'Lists all information about the runner whose id got provided.' })
 	async getOne(@Param('id') id: number) {
-		let runner = await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] })
+		let runner = await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations'] })
 		if (!runner) { throw new RunnerNotFoundError(); }
-		return new ResponseRunner(runner);
+		return new ResponseRunner(runner, true);
 	}
 
 	@Get('/:id/scans')
@@ -91,7 +106,7 @@ export class RunnerController {
 		}
 
 		runner = await this.runnerRepository.save(runner)
-		return new ResponseRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] }));
+		return new ResponseRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] }), true);
 	}
 
 	@Put('/:id')
@@ -111,8 +126,9 @@ export class RunnerController {
 			throw new RunnerIdsNotMatchingError();
 		}
 
-		await this.runnerRepository.save(await runner.update(oldRunner));
-		return new ResponseRunner(await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] }));
+		await this.runnerRepository.save(await runner.update(oldRunner));
+		await deleteRunnerEntry(id);
+		return new ResponseRunner(await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] }), true);
 	}
 
 	@Delete('/:id')
@@ -125,7 +141,7 @@ export class RunnerController {
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let runner = await this.runnerRepository.findOne({ id: id });
 		if (!runner) { return null; }
-		const responseRunner = await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] });
+		const responseRunner = await this.runnerRepository.findOne(runner);
 
 		if (!runner) {
 			throw new RunnerNotFoundError();

src/controllers/RunnerOrganizationController.ts

@@ -1,6 +1,6 @@
-import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, BadRequestError, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnectionManager } from 'typeorm';
 import { RunnerOrganizationHasRunnersError, RunnerOrganizationHasTeamsError, RunnerOrganizationIdsNotMatchingError, RunnerOrganizationNotFoundError } from '../errors/RunnerOrganizationErrors';
 import { CreateRunnerOrganization } from '../models/actions/create/CreateRunnerOrganization';
 import { UpdateRunnerOrganization } from '../models/actions/update/UpdateRunnerOrganization';
@@ -29,13 +29,20 @@ export class RunnerOrganizationController {
 	@Authorized("ORGANIZATION:GET")
 	@ResponseSchema(ResponseRunnerOrganization, { isArray: true })
 	@OpenAPI({ description: 'Lists all organizations. <br> This includes their address, contact and teams (if existing/associated).' })
-	async getAll() {
-		let responseTeams: ResponseRunnerOrganization[] = new Array<ResponseRunnerOrganization>();
-		const runners = await this.runnerOrganizationRepository.find({ relations: ['contact', 'teams'] });
-		runners.forEach(runner => {
-			responseTeams.push(new ResponseRunnerOrganization(runner));
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
+		let responseOrgs: ResponseRunnerOrganization[] = new Array<ResponseRunnerOrganization>();
+		let orgs: Array<RunnerOrganization>;
+
+		if (page != undefined) {
+			orgs = await this.runnerOrganizationRepository.find({ relations: ['contact', 'teams'], skip: page * page_size, take: page_size });
+		} else {
+			orgs = await this.runnerOrganizationRepository.find({ relations: ['contact', 'teams'] });
+		}
+
+		orgs.forEach(org => {
+			responseOrgs.push(new ResponseRunnerOrganization(org));
 		});
-		return responseTeams;
+		return responseOrgs;
 	}
 
 	@Get('/:id')
@@ -45,7 +52,7 @@ export class RunnerOrganizationController {
 	@OnUndefined(RunnerOrganizationNotFoundError)
 	@OpenAPI({ description: 'Lists all information about the organization whose id got provided.' })
 	async getOne(@Param('id') id: number) {
-		let runnerOrg = await this.runnerOrganizationRepository.findOne({ id: id }, { relations: ['contact', 'teams'] });
+		let runnerOrg = await this.runnerOrganizationRepository.findOne({ id: id }, { relations: ['contact', 'teams', 'teams.runners', 'teams.runners.scans', 'teams.runners.scans.track', 'runners', 'runners.scans', 'runners.scans.track'] });
 		if (!runnerOrg) { throw new RunnerOrganizationNotFoundError(); }
 		return new ResponseRunnerOrganization(runnerOrg);
 	}
@@ -55,13 +62,13 @@ export class RunnerOrganizationController {
 	@ResponseSchema(ResponseRunner, { isArray: true })
 	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
 	@OpenAPI({ description: 'Lists all runners from this org and it\'s teams (if you don\'t provide the ?onlyDirect=true param). <br> This includes the runner\'s group and distance ran.' })
-	async getRunners(@Param('id') id: number, @QueryParam('onlyDirect') onlyDirect: boolean) {
+	async getRunners(@Param('id') id: number, @QueryParam('onlyDirect') onlyDirect: boolean, @QueryParam("selfservice_links", { required: false }) selfservice_links: boolean = false) {
 		let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
 		let runners: Runner[];
 		if (!onlyDirect) { runners = (await this.runnerOrganizationRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.group.parentGroup', 'runners.scans', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.group', 'teams.runners.group.parentGroup', 'teams.runners.scans', 'teams.runners.scans.track'] })).allRunners; }
 		else { runners = (await this.runnerOrganizationRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.group.parentGroup', 'runners.scans', 'runners.scans.track'] })).runners; }
 		runners.forEach(runner => {
-			responseRunners.push(new ResponseRunner(runner));
+			responseRunners.push(new ResponseRunner(runner, selfservice_links));
 		});
 		return responseRunners;
 	}
@@ -114,6 +121,10 @@ export class RunnerOrganizationController {
 	@OnUndefined(204)
 	@OpenAPI({ description: 'Delete the organsisation whose id you provided. <br> If the organization still has runners and/or teams associated this will fail. <br> To delete the organization with all associated runners and teams set the force QueryParam to true (cascading deletion might take a while). <br> This won\'t delete the associated contact. <br> If no organization with this id exists it will just return 204(no content).' })
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
+		if (id == 1) {
+			throw new BadRequestError("You can't delete the citizen runner org.");
+		}
+
 		let organization = await this.runnerOrganizationRepository.findOne({ id: id });
 		if (!organization) { return null; }
 		let runnerOrganization = await this.runnerOrganizationRepository.findOne(organization, { relations: ['contact', 'runners', 'teams'] });

src/controllers/RunnerSelfServiceController.ts

@@ -1,228 +1,244 @@
-import { Request } from "express";
-import * as jwt from "jsonwebtoken";
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, QueryParam, Req, UseBefore } from 'routing-controllers';
-import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
-import { config } from '../config';
-import { InvalidCredentialsError, JwtNotProvidedError } from '../errors/AuthError';
-import { MailSendingError } from '../errors/MailErrors';
-import { RunnerEmailNeededError, RunnerHasDistanceDonationsError, RunnerNotFoundError, RunnerSelfserviceTimeoutError } from '../errors/RunnerErrors';
-import { RunnerOrganizationNotFoundError } from '../errors/RunnerOrganizationErrors';
-import { ScanStationNotFoundError } from '../errors/ScanStationErrors';
-import { JwtCreator } from '../jwtcreator';
-import { Mailer } from '../mailer';
-import ScanAuth from '../middlewares/ScanAuth';
-import { CreateSelfServiceCitizenRunner } from '../models/actions/create/CreateSelfServiceCitizenRunner';
-import { CreateSelfServiceRunner } from '../models/actions/create/CreateSelfServiceRunner';
-import { Runner } from '../models/entities/Runner';
-import { RunnerGroup } from '../models/entities/RunnerGroup';
-import { RunnerOrganization } from '../models/entities/RunnerOrganization';
-import { ScanStation } from '../models/entities/ScanStation';
-import { ResponseEmpty } from '../models/responses/ResponseEmpty';
-import { ResponseScanStation } from '../models/responses/ResponseScanStation';
-import { ResponseSelfServiceOrganisation } from '../models/responses/ResponseSelfServiceOrganisation';
-import { ResponseSelfServiceRunner } from '../models/responses/ResponseSelfServiceRunner';
-import { ResponseSelfServiceScan } from '../models/responses/ResponseSelfServiceScan';
-import { DonationController } from './DonationController';
-import { RunnerCardController } from './RunnerCardController';
-import { ScanController } from './ScanController';
-
-@JsonController()
-export class RunnerSelfServiceController {
-	private runnerRepository: Repository<Runner>;
-	private orgRepository: Repository<RunnerOrganization>;
-	private stationRepository: Repository<ScanStation>;
-
-	/**
-	 * Gets the repository of this controller's model/entity.
-	 */
-	constructor() {
-		this.runnerRepository = getConnectionManager().get().getRepository(Runner);
-		this.orgRepository = getConnectionManager().get().getRepository(RunnerOrganization);
-		this.stationRepository = getConnectionManager().get().getRepository(ScanStation);
-	}
-
-	@Get('/runners/me/:jwt')
-	@ResponseSchema(ResponseSelfServiceRunner)
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@OnUndefined(RunnerNotFoundError)
-	@OpenAPI({ description: 'Lists all information about yourself. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please use the forgot endpoint.' })
-	async get(@Param('jwt') token: string) {
-		return (new ResponseSelfServiceRunner(await this.getRunner(token)));
-	}
-
-	@Delete('/runners/me/:jwt')
-	@ResponseSchema(ResponseSelfServiceRunner)
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@OnUndefined(RunnerNotFoundError)
-	@OpenAPI({ description: 'Deletes all information about yourself. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please use the forgot endpoint.' })
-	async remove(@Param('jwt') token: string, @QueryParam("force") force: boolean) {
-		const responseRunner = await this.getRunner(token);
-		let runner = await this.runnerRepository.findOne({ id: responseRunner.id });
-
-		if (!runner) { return null; }
-		if (!runner) {
-			throw new RunnerNotFoundError();
-		}
-
-		const runnerDonations = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["distanceDonations"] })).distanceDonations;
-		if (runnerDonations.length > 0 && !force) {
-			throw new RunnerHasDistanceDonationsError();
-		}
-		const donationController = new DonationController();
-		for (let donation of runnerDonations) {
-			await donationController.remove(donation.id, force);
-		}
-
-		const runnerCards = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["cards"] })).cards;
-		const cardController = new RunnerCardController;
-		for (let card of runnerCards) {
-			await cardController.remove(card.id, force);
-		}
-
-		const runnerScans = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["scans"] })).scans;
-		const scanController = new ScanController;
-		for (let scan of runnerScans) {
-			await scanController.remove(scan.id, force);
-		}
-
-		await this.runnerRepository.delete(runner);
-		return new ResponseSelfServiceRunner(responseRunner);
-	}
-
-	@Get('/runners/me/:jwt/scans')
-	@ResponseSchema(ResponseSelfServiceScan, { isArray: true })
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@OnUndefined(RunnerNotFoundError)
-	@OpenAPI({ description: 'Lists all your (runner) scans. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please contact support.' })
-	async getScans(@Param('jwt') token: string) {
-		const scans = (await this.getRunner(token)).scans;
-		let responseScans = new Array<ResponseSelfServiceScan>()
-		for (let scan of scans) {
-			responseScans.push(new ResponseSelfServiceScan(scan));
-		}
-		return responseScans;
-	}
-
-	@Get('/stations/me')
-	@UseBefore(ScanAuth)
-	@ResponseSchema(ResponseScanStation)
-	@ResponseSchema(ScanStationNotFoundError, { statusCode: 404 })
-	@OnUndefined(ScanStationNotFoundError)
-	@OpenAPI({ description: 'Lists basic information about the station whose token got provided. <br> This includes it\'s associated track.', security: [{ "StationApiToken": [] }] })
-	async getStationMe(@Req() req: Request) {
-		let scan = await this.stationRepository.findOne({ id: parseInt(req.headers["station_id"].toString()) }, { relations: ['track'] })
-		if (!scan) { throw new ScanStationNotFoundError(); }
-		return scan.toResponse();
-	}
-
-	@Post('/runners/forgot')
-	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
-	@OnUndefined(ResponseEmpty)
-	@OpenAPI({ description: 'Use this endpoint to reuqest a new selfservice token/link to be sent to your mail address (rate limited to one mail every 24hrs).' })
-	async requestNewToken(@QueryParam('mail') mail: string) {
-		if (!mail) {
-			throw new RunnerNotFoundError();
-		}
-		const runner = await this.runnerRepository.findOne({ email: mail });
-		if (!runner) { throw new RunnerNotFoundError(); }
-
-		if (runner.resetRequestedTimestamp > (Math.floor(Date.now() / 1000) - 60 * 60 * 24)) { throw new RunnerSelfserviceTimeoutError(); }
-		const token = JwtCreator.createSelfService(runner);
-
-		try {
-			await Mailer.sendSelfserviceForgottenMail(runner.email, token, "en")
-		} catch (error) {
-			throw new MailSendingError();
-		}
-
-		runner.resetRequestedTimestamp = Math.floor(Date.now() / 1000);
-		await this.runnerRepository.save(runner);
-
-		return { token };
-	}
-
-	@Post('/runners/register')
-	@ResponseSchema(ResponseSelfServiceRunner)
-	@ResponseSchema(RunnerEmailNeededError, { statusCode: 406 })
-	@OpenAPI({ description: 'Create a new selfservice runner in the citizen org. <br> This endpoint shoud be used to allow "everyday citizen" to register themselves. <br> You have to provide a mail address, b/c the future we\'ll implement email verification.' })
-	async registerRunner(@Body({ validate: true }) createRunner: CreateSelfServiceCitizenRunner) {
-		let runner = await createRunner.toEntity();
-
-		runner = await this.runnerRepository.save(runner);
-		let response = new ResponseSelfServiceRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] }));
-		response.token = JwtCreator.createSelfService(runner);
-
-		try {
-			await Mailer.sendSelfserviceWelcomeMail(runner.email, response.token, "en")
-		} catch (error) {
-			throw new MailSendingError();
-		}
-
-		return response;
-	}
-
-	@Post('/runners/register/:token')
-	@ResponseSchema(ResponseSelfServiceRunner)
-	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
-	@OpenAPI({ description: 'Create a new selfservice runner in a provided org. <br> The orgs get provided and authorized via api tokens that can be optained via the /organizations endpoint.' })
-	async registerOrganizationRunner(@Param('token') token: string, @Body({ validate: true }) createRunner: CreateSelfServiceRunner) {
-		const org = await this.getOrgansisation(token);
-
-		let runner = await createRunner.toEntity(org);
-		runner = await this.runnerRepository.save(runner);
-
-		let response = new ResponseSelfServiceRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] }));
-		response.token = JwtCreator.createSelfService(runner);
-
-		try {
-			await Mailer.sendSelfserviceWelcomeMail(runner.email, response.token, "en")
-		} catch (error) {
-			throw new MailSendingError();
-		}
-
-		return response;
-	}
-
-	@Get('/organizations/selfservice/:token')
-	@ResponseSchema(ResponseSelfServiceOrganisation, { isArray: false })
-	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
-	@OpenAPI({ description: 'Get the basic info and teams for a org.' })
-	async getSelfserviceOrg(@Param('token') token: string) {
-		const orgid = (await this.getOrgansisation(token)).id;
-		const org = await this.orgRepository.findOne({ id: orgid }, { relations: ['teams'] })
-
-		return new ResponseSelfServiceOrganisation(<RunnerOrganization>org);
-	}
-
-	/**
-	 * Get's a runner by a provided jwt token.
-	 * @param token The runner jwt provided by the runner to identitfy themselves.
-	 */
-	private async getRunner(token: string): Promise<Runner> {
-		if (token == "") { throw new JwtNotProvidedError(); }
-		let jwtPayload = undefined
-		try {
-			jwtPayload = <any>jwt.verify(token, config.jwt_secret);
-		} catch (error) {
-			throw new InvalidCredentialsError();
-		}
-
-		const runner = await this.runnerRepository.findOne({ id: jwtPayload["id"] }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] });
-		if (!runner) { throw new RunnerNotFoundError() }
-		return runner;
-	}
-
-	/**
-	 * Get's a runner org by a provided registration api key.
-	 * @param token The organization's registration api token.
-	 */
-	private async getOrgansisation(token: string): Promise<RunnerGroup> {
-		token = Buffer.from(token, 'base64').toString('utf8');
-
-		const organization = await this.orgRepository.findOne({ key: token });
-		if (!organization) { throw new RunnerOrganizationNotFoundError; }
-
-		return organization;
-	}
+import type { Request } from "express";
+import * as jwt from "jsonwebtoken";
+import { BadRequestError, Body, Delete, Get, JsonController, OnUndefined, Param, Post, QueryParam, Req, UseBefore } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnectionManager, Repository } from 'typeorm';
+import { config } from '../config';
+import { InvalidCredentialsError, JwtNotProvidedError } from '../errors/AuthError';
+import { MailSendingError } from '../errors/MailErrors';
+import { RunnerEmailNeededError, RunnerHasDistanceDonationsError, RunnerNotFoundError, RunnerSelfserviceTimeoutError } from '../errors/RunnerErrors';
+import { RunnerOrganizationNotFoundError } from '../errors/RunnerOrganizationErrors';
+import { ScanStationNotFoundError } from '../errors/ScanStationErrors';
+import { JwtCreator } from '../jwtcreator';
+import { Mailer } from '../mailer';
+import ScanAuth from '../middlewares/ScanAuth';
+import { CreateSelfServiceCitizenRunner } from '../models/actions/create/CreateSelfServiceCitizenRunner';
+import { CreateSelfServiceRunner } from '../models/actions/create/CreateSelfServiceRunner';
+import { Runner } from '../models/entities/Runner';
+import { RunnerGroup } from '../models/entities/RunnerGroup';
+import { RunnerOrganization } from '../models/entities/RunnerOrganization';
+import { ScanStation } from '../models/entities/ScanStation';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseScanStation } from '../models/responses/ResponseScanStation';
+import { ResponseSelfServiceOrganisation } from '../models/responses/ResponseSelfServiceOrganisation';
+import { ResponseSelfServiceRunner } from '../models/responses/ResponseSelfServiceRunner';
+import { ResponseSelfServiceScan } from '../models/responses/ResponseSelfServiceScan';
+import { DonationController } from './DonationController';
+import { RunnerCardController } from './RunnerCardController';
+import { ScanController } from './ScanController';
+
+@JsonController()
+export class RunnerSelfServiceController {
+	private runnerRepository: Repository<Runner>;
+	private orgRepository: Repository<RunnerOrganization>;
+	private stationRepository: Repository<ScanStation>;
+
+	/**
+	 * Gets the repository of this controller's model/entity.
+	 */
+	constructor() {
+		this.runnerRepository = getConnectionManager().get().getRepository(Runner);
+		this.orgRepository = getConnectionManager().get().getRepository(RunnerOrganization);
+		this.stationRepository = getConnectionManager().get().getRepository(ScanStation);
+	}
+
+	@Get('/runners/me/:jwt')
+	@ResponseSchema(ResponseSelfServiceRunner)
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OnUndefined(RunnerNotFoundError)
+	@OpenAPI({ description: 'Lists all information about yourself. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please use the forgot endpoint.' })
+	async get(@Param('jwt') token: string) {
+		return (new ResponseSelfServiceRunner(await this.getRunner(token)));
+	}
+
+	@Delete('/runners/me/:jwt')
+	@ResponseSchema(ResponseSelfServiceRunner)
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OnUndefined(RunnerNotFoundError)
+	@OpenAPI({ description: 'Deletes all information about yourself. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please use the forgot endpoint.' })
+	async remove(@Param('jwt') token: string, @QueryParam("force") force: boolean) {
+		const responseRunner = await this.getRunner(token);
+		let runner = await this.runnerRepository.findOne({ id: responseRunner.id });
+
+		if (!runner) { return null; }
+		if (!runner) {
+			throw new RunnerNotFoundError();
+		}
+
+		const runnerDonations = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["distanceDonations"] })).distanceDonations;
+		if (runnerDonations.length > 0 && !force) {
+			throw new RunnerHasDistanceDonationsError();
+		}
+		const donationController = new DonationController();
+		for (let donation of runnerDonations) {
+			await donationController.remove(donation.id, force);
+		}
+
+		const runnerCards = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["cards"] })).cards;
+		const cardController = new RunnerCardController;
+		for (let card of runnerCards) {
+			await cardController.remove(card.id, force);
+		}
+
+		const runnerScans = (await this.runnerRepository.findOne({ id: runner.id }, { relations: ["scans"] })).scans;
+		const scanController = new ScanController;
+		for (let scan of runnerScans) {
+			await scanController.remove(scan.id, force);
+		}
+
+		await this.runnerRepository.delete(runner);
+		return new ResponseSelfServiceRunner(responseRunner);
+	}
+
+	@Get('/runners/me/:jwt/scans')
+	@ResponseSchema(ResponseSelfServiceScan, { isArray: true })
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OnUndefined(RunnerNotFoundError)
+	@OpenAPI({ description: 'Lists all your (runner) scans. <br> Please provide your runner jwt(that code we gave you during registration) for auth. <br> If you lost your jwt/personalized link please contact support.' })
+	async getScans(@Param('jwt') token: string) {
+		const scans = (await this.getRunner(token)).scans;
+		let responseScans = new Array<ResponseSelfServiceScan>()
+		for (let scan of scans) {
+			responseScans.push(new ResponseSelfServiceScan(scan));
+		}
+		return responseScans;
+	}
+
+	@Get('/stations/me')
+	@UseBefore(ScanAuth)
+	@ResponseSchema(ResponseScanStation)
+	@ResponseSchema(ScanStationNotFoundError, { statusCode: 404 })
+	@OnUndefined(ScanStationNotFoundError)
+	@OpenAPI({ description: 'Lists basic information about the station whose token got provided. <br> This includes it\'s associated track.', security: [{ "StationApiToken": [] }] })
+	async getStationMe(@Req() req: Request) {
+		let scan = await this.stationRepository.findOne({ id: parseInt(req.headers["station_id"].toString()) }, { relations: ['track'] })
+		if (!scan) { throw new ScanStationNotFoundError(); }
+		return scan.toResponse();
+	}
+
+	@Post('/runners/login')
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OnUndefined(ResponseEmpty)
+	@OpenAPI({ description: 'Use this endpoint to reuqest a new selfservice magic-login-link to be sent to your mail address (rate limited to one mail every 15mins).' })
+	async requestNewToken(@QueryParam('mail') mail: string, @QueryParam("locale") locale: string = "en") {
+		if (!mail) {
+			throw new RunnerNotFoundError();
+		}
+		const runner = await this.runnerRepository.findOne({ email: mail });
+		if (!runner) { throw new RunnerNotFoundError(); }
+
+		if (runner.resetRequestedTimestamp > (Math.floor(Date.now() / 1000) - 30)) { throw new RunnerSelfserviceTimeoutError(); }
+		const token = JwtCreator.createSelfService(runner);
+
+		try {
+			await Mailer.sendSelfserviceForgottenMail(runner.email, runner.id, runner.firstname, runner.middlename, runner.lastname, token, locale)
+		} catch (error) {
+			throw new MailSendingError();
+		}
+
+		runner.resetRequestedTimestamp = Math.floor(Date.now() / 1000);
+		await this.runnerRepository.save(runner);
+
+		return { token };
+	}
+
+	@Post('/runners/register')
+	@ResponseSchema(ResponseSelfServiceRunner)
+	@ResponseSchema(RunnerEmailNeededError, { statusCode: 406 })
+	@OpenAPI({ description: 'Create a new selfservice runner in the citizen org. <br> This endpoint shoud be used to allow "everyday citizen" to register themselves. <br> You have to provide a mail address, b/c the future we\'ll implement email verification.' })
+	async registerRunner(@Body({ validate: true }) createRunner: CreateSelfServiceCitizenRunner, @QueryParam("locale") locale: string = "en") {
+		let runner = await createRunner.toEntity();
+		if (await this.getRunnerExistsByMail(runner.email)) {
+			throw new BadRequestError("E-Mail already registered")
+		}
+		runner = await this.runnerRepository.save(runner);
+
+		let response = new ResponseSelfServiceRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] }));
+		response.token = JwtCreator.createSelfService(runner);
+
+		try {
+			await Mailer.sendSelfserviceWelcomeMail(runner.email, runner.id, runner.firstname, runner.middlename, runner.lastname, response.token, locale)
+		} catch (error) {
+			throw new MailSendingError();
+		}
+
+		return response;
+	}
+
+	@Post('/runners/register/:token')
+	@ResponseSchema(ResponseSelfServiceRunner)
+	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: 'Create a new selfservice runner in a provided org. <br> The orgs get provided and authorized via api tokens that can be optained via the /organizations endpoint.' })
+	async registerOrganizationRunner(@Param('token') token: string, @Body({ validate: true }) createRunner: CreateSelfServiceRunner, @QueryParam("locale") locale: string = "en") {
+		const org = await this.getOrgansisation(token);
+
+		let runner = await createRunner.toEntity(org);
+		if (await this.getRunnerExistsByMail(runner.email)) {
+			throw new BadRequestError("E-Mail already registered")
+		}
+		runner = await this.runnerRepository.save(runner);
+
+		let response = new ResponseSelfServiceRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] }));
+		response.token = JwtCreator.createSelfService(runner);
+
+		try {
+			await Mailer.sendSelfserviceWelcomeMail(runner.email, runner.id, runner.firstname, runner.middlename, runner.lastname, response.token, locale)
+		} catch (error) {
+			throw new MailSendingError();
+		}
+
+		return response;
+	}
+
+	@Get('/organizations/selfservice/:token')
+	@ResponseSchema(ResponseSelfServiceOrganisation, { isArray: false })
+	@ResponseSchema(RunnerOrganizationNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: 'Get the basic info and teams for a org.' })
+	async getSelfserviceOrg(@Param('token') token: string) {
+		const orgid = (await this.getOrgansisation(token)).id;
+		const org = await this.orgRepository.findOne({ id: orgid }, { relations: ['teams'] })
+
+		return new ResponseSelfServiceOrganisation(<RunnerOrganization>org);
+	}
+
+	/**
+	 * Get's a runner by a provided jwt token.
+	 * @param token The runner jwt provided by the runner to identitfy themselves.
+	 */
+	private async getRunner(token: string): Promise<Runner> {
+		if (token == "") { throw new JwtNotProvidedError(); }
+		let jwtPayload = undefined
+		try {
+			jwtPayload = <any>jwt.verify(token, config.jwt_secret);
+		} catch (error) {
+			throw new InvalidCredentialsError();
+		}
+
+		const runner = await this.runnerRepository.findOne({ id: jwtPayload["id"] }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards', 'distanceDonations', 'distanceDonations.donor', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] });
+		if (!runner) { throw new RunnerNotFoundError() }
+		return runner;
+	}
+
+	/**
+	 * Get's a runner org by a provided registration api key.
+	 * @param token The organization's registration api token.
+	 */
+	private async getOrgansisation(token: string): Promise<RunnerGroup> {
+		token = Buffer.from(token, 'base64').toString('utf8');
+
+		const organization = await this.orgRepository.findOne({ key: token });
+		if (!organization) { throw new RunnerOrganizationNotFoundError; }
+
+		return organization;
+	}
+
+	/**
+	 * Checks if a runner already exists
+	 * @param email The runner's email address
+	 * @returns Boolean (true if exists, false if not)
+	 */
+	private async getRunnerExistsByMail(email: string): Promise<boolean> {
+		const runner = await this.runnerRepository.findOne({ email });
+		return runner != undefined
+	}
 }

src/controllers/RunnerTeamController.ts

@@ -1,6 +1,6 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnectionManager } from 'typeorm';
 import { RunnerTeamHasRunnersError, RunnerTeamIdsNotMatchingError, RunnerTeamNotFoundError } from '../errors/RunnerTeamErrors';
 import { CreateRunnerTeam } from '../models/actions/create/CreateRunnerTeam';
 import { UpdateRunnerTeam } from '../models/actions/update/UpdateRunnerTeam';
@@ -27,11 +27,18 @@ export class RunnerTeamController {
 	@Authorized("TEAM:GET")
 	@ResponseSchema(ResponseRunnerTeam, { isArray: true })
 	@OpenAPI({ description: 'Lists all teams. <br> This includes their parent organization and contact (if existing/associated).' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
 		let responseTeams: ResponseRunnerTeam[] = new Array<ResponseRunnerTeam>();
-		const runners = await this.runnerTeamRepository.find({ relations: ['parentGroup', 'contact'] });
-		runners.forEach(runner => {
-			responseTeams.push(new ResponseRunnerTeam(runner));
+		let teams: Array<RunnerTeam>;
+
+		if (page != undefined) {
+			teams = await this.runnerTeamRepository.find({ relations: ['parentGroup', 'contact'], skip: page * page_size, take: page_size });
+		} else {
+			teams = await this.runnerTeamRepository.find({ relations: ['parentGroup', 'contact'] });
+		}
+
+		teams.forEach(team => {
+			responseTeams.push(new ResponseRunnerTeam(team));
 		});
 		return responseTeams;
 	}
@@ -43,7 +50,7 @@ export class RunnerTeamController {
 	@OnUndefined(RunnerTeamNotFoundError)
 	@OpenAPI({ description: 'Lists all information about the team whose id got provided.' })
 	async getOne(@Param('id') id: number) {
-		let runnerTeam = await this.runnerTeamRepository.findOne({ id: id }, { relations: ['parentGroup', 'contact'] });
+		let runnerTeam = await this.runnerTeamRepository.findOne({ id: id }, { relations: ['parentGroup', 'contact', 'runners', 'runners.scans', 'runners.scans.track'] });
 		if (!runnerTeam) { throw new RunnerTeamNotFoundError(); }
 		return new ResponseRunnerTeam(runnerTeam);
 	}
@@ -53,11 +60,11 @@ export class RunnerTeamController {
 	@ResponseSchema(ResponseRunner, { isArray: true })
 	@ResponseSchema(RunnerTeamNotFoundError, { statusCode: 404 })
 	@OpenAPI({ description: 'Lists all runners from this team. <br> This includes the runner\'s group and distance ran.' })
-	async getRunners(@Param('id') id: number) {
+	async getRunners(@Param('id') id: number, @QueryParam("selfservice_links", { required: false }) selfservice_links: boolean = false) {
 		let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
 		const runners = (await this.runnerTeamRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.group.parentGroup', 'runners.scans', 'runners.scans.track'] })).runners;
 		runners.forEach(runner => {
-			responseRunners.push(new ResponseRunner(runner));
+			responseRunners.push(new ResponseRunner(runner, selfservice_links));
 		});
 		return responseRunners;
 	}
@@ -112,7 +119,7 @@ export class RunnerTeamController {
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let team = await this.runnerTeamRepository.findOne({ id: id });
 		if (!team) { return null; }
-		let runnerTeam = await this.runnerTeamRepository.findOne(team, { relations: ['parentGroup', 'contact', 'runners'] });
+		let runnerTeam = await this.runnerTeamRepository.findOne(team, { relations: ['runners'] });
 
 		if (!force) {
 			if (runnerTeam.runners.length != 0) {

src/controllers/ScanController.ts

@@ -1,19 +1,24 @@
-import { Request } from "express";
-import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam, Req, UseBefore } from 'routing-controllers';
+import type { Request } from "express";
+import { Authorized, Body, Delete, Get, HttpError, JsonController, OnUndefined, Param, Post, Put, QueryParam, Req, UseBefore } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnection, getConnectionManager } from 'typeorm';
 import { RunnerNotFoundError } from '../errors/RunnerErrors';
 import { ScanIdsNotMatchingError, ScanNotFoundError } from '../errors/ScanErrors';
 import { ScanStationNotFoundError } from '../errors/ScanStationErrors';
 import ScanAuth from '../middlewares/ScanAuth';
+import { deleteCardEntry, getCardEntry, setCardEntry } from '../nats/CardKV';
+import { deleteRunnerEntry, getRunnerEntry, RunnerKVEntry, setRunnerEntry, warmRunner } from '../nats/RunnerKV';
+import { getStationEntryById } from '../nats/StationKV';
 import { CreateScan } from '../models/actions/create/CreateScan';
 import { CreateTrackScan } from '../models/actions/create/CreateTrackScan';
 import { UpdateScan } from '../models/actions/update/UpdateScan';
 import { UpdateTrackScan } from '../models/actions/update/UpdateTrackScan';
+import { RunnerCard } from '../models/entities/RunnerCard';
 import { Scan } from '../models/entities/Scan';
 import { TrackScan } from '../models/entities/TrackScan';
 import { ResponseEmpty } from '../models/responses/ResponseEmpty';
 import { ResponseScan } from '../models/responses/ResponseScan';
+import { ResponseScanIntake, ResponseScanIntakeRunner } from '../models/responses/ResponseScanIntake';
 import { ResponseTrackScan } from '../models/responses/ResponseTrackScan';
 @JsonController('/scans')
 @OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
@@ -34,9 +39,16 @@ export class ScanController {
 	@ResponseSchema(ResponseScan, { isArray: true })
 	@ResponseSchema(ResponseTrackScan, { isArray: true })
 	@OpenAPI({ description: 'Lists all scans (normal or track) from all runners. <br> This includes the scan\'s runner\'s distance ran.' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
 		let responseScans: ResponseScan[] = new Array<ResponseScan>();
-		const scans = await this.scanRepository.find({ relations: ['runner', 'track', 'runner.scans', 'runner.group', 'runner.scans.track', 'card', 'station'] });
+		let scans: Array<Scan>;
+
+		if (page != undefined) {
+			scans = await this.scanRepository.find({ relations: ['runner', 'track'], skip: page * page_size, take: page_size });
+		} else {
+			scans = await this.scanRepository.find({ relations: ['runner', 'track'] });
+		}
+
 		scans.forEach(scan => {
 			responseScans.push(scan.toResponse());
 		});
@@ -51,7 +63,7 @@ export class ScanController {
 	@OnUndefined(ScanNotFoundError)
 	@OpenAPI({ description: 'Lists all information about the scan whose id got provided. This includes the scan\'s runner\'s distance ran.' })
 	async getOne(@Param('id') id: number) {
-		let scan = await this.scanRepository.findOne({ id: id }, { relations: ['runner', 'track', 'runner.scans', 'runner.group', 'runner.scans.track', 'card', 'station'] })
+		let scan = await this.scanRepository.findOne({ id: id }, { relations: ['runner', 'track', 'runner.group', 'card', 'station'] })
 		if (!scan) { throw new ScanNotFoundError(); }
 		return scan.toResponse();
 	}
@@ -70,18 +82,112 @@ export class ScanController {
 	@Post("/trackscans")
 	@UseBefore(ScanAuth)
 	@ResponseSchema(ResponseTrackScan)
+	@ResponseSchema(ResponseScanIntake)
 	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
 	@OpenAPI({ description: 'Create a new track scan (for "normal" scans use /scans instead). <br> Please remember that to provide the scan\'s card\'s station\'s id.', security: [{ "StationApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 	async postTrackScans(@Body({ validate: true }) createScan: CreateTrackScan, @Req() req: Request) {
-		const station_id = req.headers["station_id"];
-		if (station_id) {
-			createScan.station = parseInt(station_id.toString());
+		// Station token path — KV-backed intake flow
+		if (req.isStationAuth) {
+			return this.stationIntake(createScan.card, req.stationId);
 		}
+		// JWT path — existing full flow, unchanged
+		createScan.station = createScan.station;
 		let scan = await createScan.toEntity();
 		scan = await this.trackScanRepository.save(scan);
 		return (await this.scanRepository.findOne({ id: scan.id }, { relations: ['runner', 'track', 'runner.scans', 'runner.group', 'runner.scans.track', 'card', 'station'] })).toResponse();
 	}
 
+	/**
+	 * KV-backed hot path for scan station submissions.
+	 * Zero DB reads on a fully warm cache. Fixes the race condition via CAS on the runner KV entry.
+	 */
+	private async stationIntake(rawCard: number, stationId: number): Promise<ResponseScanIntake> {
+		const MAX_RETRIES = 3;
+		const cardId = rawCard % 200000000000;
+
+		// --- Station (already verified by ScanAuth, just need track data) ---
+		const stationEntry = await getStationEntryById(stationId);
+		// stationEntry is always populated here — ScanAuth wrote it on the cold path
+		const trackDistance = stationEntry.trackDistance;
+		const minimumLapTime = stationEntry.minimumLapTime;
+
+		// --- Card ---
+		let cardEntry = await getCardEntry(cardId);
+		if (!cardEntry) {
+			// Cold path: load from DB and cache
+			const card = await getConnection().getRepository(RunnerCard).findOne({ id: cardId }, { relations: ['runner'] });
+			if (!card) throw new ScanNotFoundError();
+			if (!card.runner) throw new RunnerNotFoundError();
+			cardEntry = {
+				runnerId: card.runner.id,
+				runnerDisplayName: `${card.runner.firstname} ${card.runner.lastname}`,
+				enabled: card.enabled,
+			};
+			await setCardEntry(cardId, cardEntry);
+		}
+		if (!cardEntry.enabled) throw new HttpError(400, 'Card is disabled.');
+		const runnerId = cardEntry.runnerId;
+
+		// --- Runner state + CAS update (fixes race condition) ---
+		const now = Math.round(Date.now() / 1000);
+		let retries = 0;
+		let response: ResponseScanIntake;
+
+		while (retries < MAX_RETRIES) {
+			// Get current runner state (warm or cold)
+			let result = await getRunnerEntry(runnerId);
+			if (!result) {
+				const warmed = await warmRunner(runnerId);
+				result = { entry: warmed, revision: undefined };
+			}
+			const { entry, revision } = result;
+
+			// Compute
+			const lapTime = entry.latestTimestamp === 0 ? 0 : now - entry.latestTimestamp;
+			const valid = minimumLapTime === 0 || lapTime > minimumLapTime;
+			const newDistance = entry.totalDistance + (valid ? trackDistance : 0);
+			const newTimestamp = valid ? now : entry.latestTimestamp;
+
+			const updated: RunnerKVEntry = {
+				displayName: entry.displayName,
+				totalDistance: newDistance,
+				latestTimestamp: newTimestamp,
+			};
+
+			// CAS write — if revision is undefined (warmed this request), plain put
+			const success = await setRunnerEntry(runnerId, updated, revision);
+			if (!success) {
+				retries++;
+				continue;
+			}
+
+			// DB insert — synchronous, keeps DB as source of truth
+			const newScan = new TrackScan();
+			newScan.runner = { id: runnerId } as any;
+			newScan.card = { id: cardId } as any;
+			newScan.station = { id: stationId } as any;
+			newScan.track = { id: stationEntry.trackId } as any;
+			newScan.timestamp = now;
+			newScan.lapTime = lapTime;
+			newScan.valid = valid;
+			await this.trackScanRepository.save(newScan);
+
+			const runnerInfo = new ResponseScanIntakeRunner();
+			runnerInfo.displayName = entry.displayName;
+			runnerInfo.totalDistance = newDistance;
+
+			response = new ResponseScanIntake();
+			response.accepted = true;
+			response.valid = valid;
+			response.lapTime = lapTime;
+			response.runner = runnerInfo;
+
+			return response;
+		}
+
+		throw new HttpError(409, 'Scan rejected: too many concurrent scans for this runner. Please retry.');
+	}
+
 	@Put('/:id')
 	@Authorized("SCAN:UPDATE")
 	@ResponseSchema(ResponseScan)
@@ -90,7 +196,7 @@ export class ScanController {
 	@ResponseSchema(ScanIdsNotMatchingError, { statusCode: 406 })
 	@OpenAPI({ description: "Update the scan (not track scan use /scans/trackscans/:id instead) whose id you provided. <br> Please remember that ids can't be changed and distances must be positive." })
 	async put(@Param('id') id: number, @Body({ validate: true }) scan: UpdateScan) {
-		let oldScan = await this.scanRepository.findOne({ id: id });
+		let oldScan = await this.scanRepository.findOne({ id: id }, { relations: ['runner'] });
 
 		if (!oldScan) {
 			throw new ScanNotFoundError();
@@ -100,7 +206,9 @@ export class ScanController {
 			throw new ScanIdsNotMatchingError();
 		}
 
+		const runnerId = oldScan.runner?.id;
 		await this.scanRepository.save(await scan.update(oldScan));
+		if (runnerId) await deleteRunnerEntry(runnerId);
 		return (await this.scanRepository.findOne({ id: id }, { relations: ['runner', 'track', 'runner.scans', 'runner.group', 'runner.scans.track', 'card', 'station'] })).toResponse();
 	}
 
@@ -113,7 +221,7 @@ export class ScanController {
 	@ResponseSchema(ScanIdsNotMatchingError, { statusCode: 406 })
 	@OpenAPI({ description: 'Update the track scan (not "normal" scan use /scans/trackscans/:id instead) whose id you provided. <br> Please remember that only the validity, runner and track can be changed.' })
 	async putTrackScan(@Param('id') id: number, @Body({ validate: true }) scan: UpdateTrackScan) {
-		let oldScan = await this.trackScanRepository.findOne({ id: id });
+		let oldScan = await this.trackScanRepository.findOne({ id: id }, { relations: ['runner'] });
 
 		if (!oldScan) {
 			throw new ScanNotFoundError();
@@ -123,7 +231,9 @@ export class ScanController {
 			throw new ScanIdsNotMatchingError();
 		}
 
+		const runnerId = oldScan.runner?.id;
 		await this.trackScanRepository.save(await scan.update(oldScan));
+		if (runnerId) await deleteRunnerEntry(runnerId);
 		return (await this.scanRepository.findOne({ id: id }, { relations: ['runner', 'track', 'runner.scans', 'runner.group', 'runner.scans.track', 'card', 'station'] })).toResponse();
 	}
 

src/controllers/ScanStationController.ts

@@ -1,8 +1,9 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnectionManager } from 'typeorm';
 import { ScanStationHasScansError, ScanStationIdsNotMatchingError, ScanStationNotFoundError } from '../errors/ScanStationErrors';
 import { TrackNotFoundError } from '../errors/TrackErrors';
+import { deleteStationEntry } from '../nats/StationKV';
 import { CreateScanStation } from '../models/actions/create/CreateScanStation';
 import { UpdateScanStation } from '../models/actions/update/UpdateScanStation';
 import { ScanStation } from '../models/entities/ScanStation';
@@ -26,9 +27,16 @@ export class ScanStationController {
 	@Authorized("STATION:GET")
 	@ResponseSchema(ResponseScanStation, { isArray: true })
 	@OpenAPI({ description: 'Lists all stations. <br> This includes their associated tracks.' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
 		let responseStations: ResponseScanStation[] = new Array<ResponseScanStation>();
-		const stations = await this.stationRepository.find({ relations: ['track'] });
+		let stations: Array<ScanStation>;
+
+		if (page != undefined) {
+			stations = await this.stationRepository.find({ relations: ['track'], skip: page * page_size, take: page_size });
+		} else {
+			stations = await this.stationRepository.find({ relations: ['track'] });
+		}
+
 		stations.forEach(station => {
 			responseStations.push(station.toResponse());
 		});
@@ -78,6 +86,7 @@ export class ScanStationController {
 		}
 
 		await this.stationRepository.save(await station.update(oldStation));
+		await deleteStationEntry(oldStation.prefix);
 		return (await this.stationRepository.findOne({ id: id }, { relations: ['track'] })).toResponse();
 	}
 
@@ -102,6 +111,7 @@ export class ScanStationController {
 		}
 
 		const responseStation = await this.stationRepository.findOne({ id: station.id }, { relations: ["track"] });
+		await deleteStationEntry(station.prefix);
 		await this.stationRepository.delete(station);
 		return responseStation.toResponse();
 	}

src/controllers/StatsClientController.ts

@@ -1,6 +1,6 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnectionManager } from 'typeorm';
 import { StatsClientNotFoundError } from '../errors/StatsClientErrors';
 import { TrackNotFoundError } from "../errors/TrackErrors";
 import { CreateStatsClient } from '../models/actions/create/CreateStatsClient';
@@ -24,9 +24,16 @@ export class StatsClientController {
 	@Authorized("STATSCLIENT:GET")
 	@ResponseSchema(ResponseStatsClient, { isArray: true })
 	@OpenAPI({ description: 'Lists all stats clients. Please remember that the key can only be viewed on creation.' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
 		let responseClients: ResponseStatsClient[] = new Array<ResponseStatsClient>();
-		const clients = await this.clientRepository.find();
+		let clients: Array<StatsClient>;
+
+		if (page != undefined) {
+			clients = await this.clientRepository.find({ skip: page * page_size, take: page_size });
+		} else {
+			clients = await this.clientRepository.find();
+		}
+
 		clients.forEach(clients => {
 			responseClients.push(new ResponseStatsClient(clients));
 		});

src/controllers/StatsController.ts

@@ -1,12 +1,14 @@
-import { Get, JsonController, UseBefore } from 'routing-controllers';
+import { Get, JsonController, QueryParam, UseBefore } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnection } from 'typeorm';
 import StatsAuth from '../middlewares/StatsAuth';
 import { Donation } from '../models/entities/Donation';
+import { Donor } from '../models/entities/Donor';
 import { Runner } from '../models/entities/Runner';
 import { RunnerOrganization } from '../models/entities/RunnerOrganization';
 import { RunnerTeam } from '../models/entities/RunnerTeam';
 import { Scan } from '../models/entities/Scan';
+import { TrackScan } from '../models/entities/TrackScan';
 import { User } from '../models/entities/User';
 import { ResponseStats } from '../models/responses/ResponseStats';
 import { ResponseStatsOrgnisation } from '../models/responses/ResponseStatsOrganization';
@@ -20,14 +22,28 @@ export class StatsController {
     @ResponseSchema(ResponseStats)
     @OpenAPI({ description: "A very basic stats endpoint providing basic counters for a dashboard or simmilar" })
     async get() {
-        let connection = getConnection();
-        let runners = await connection.getRepository(Runner).find({ relations: ['scans', 'scans.track'] });
-        let teams = await connection.getRepository(RunnerTeam).find();
-        let orgs = await connection.getRepository(RunnerOrganization).find();
-        let users = await connection.getRepository(User).find();
-        let scans = await connection.getRepository(Scan).find();
+        const connection = getConnection();
+        const runnersViaSelfservice = await connection.getRepository(Runner).count({ where: { created_via: "selfservice" } });
+        const runnersViaKiosk = await connection.getRepository(Runner).count({ where: { created_via: "kiosk" } });
+        const runners = await connection.getRepository(Runner).count();
+        const teams = await connection.getRepository(RunnerTeam).count();
+        const orgs = await connection.getRepository(RunnerOrganization).count();
+        const users = await connection.getRepository(User).count();
+        const scans = await connection.getRepository(Scan).count({ where: { valid: true } });
+
+        const distance_query = await connection.getRepository(Scan).createQueryBuilder('scan')
+            .leftJoinAndSelect("scan.track", "track").where("scan.valid = TRUE")
+            .select("SUM(track.distance)", "sum_track").addSelect("SUM(_distance)", "sum_distance")
+            .getRawOne();
+        let distace = parseInt(distance_query.sum_track)
+        if (distance_query.sum_distance) {
+            distace += parseInt(distance_query.sum_distance)
+        }
+
         let donations = await connection.getRepository(Donation).find({ relations: ['runner', 'runner.scans', 'runner.scans.track'] });
-        return new ResponseStats(runners, teams, orgs, users, scans, donations)
+        const donors = await connection.getRepository(Donor).count();
+
+        return new ResponseStats(runnersViaSelfservice, runners, teams, orgs, users, scans, donations, distace, donors, runnersViaKiosk)
     }
 
     @Get("/runners/distance")
@@ -36,7 +52,10 @@ export class StatsController {
     @OpenAPI({ description: "Returns the top ten runners by distance.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
     async getTopRunnersByDistance() {
         let runners = await getConnection().getRepository(Runner).find({ relations: ['scans', 'group', 'distanceDonations', 'scans.track'] });
-        let topRunners = runners.sort((runner1, runner2) => runner1.distance - runner2.distance).slice(0, 9);
+        if (!runners || runners.length == 0) {
+            return [];
+        }
+        let topRunners = runners.sort((runner1, runner2) => runner2.distance - runner1.distance).slice(0, 10);
         let responseRunners: ResponseStatsRunner[] = new Array<ResponseStatsRunner>();
         topRunners.forEach(runner => {
             responseRunners.push(new ResponseStatsRunner(runner));
@@ -49,8 +68,11 @@ export class StatsController {
     @ResponseSchema(ResponseStatsRunner, { isArray: true })
     @OpenAPI({ description: "Returns the top ten runners by donations.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
     async getTopRunnersByDonations() {
-        let runners = await getConnection().getRepository(Runner).find({ relations: ['scans', 'group', 'distanceDonations', 'scans.track'] });
-        let topRunners = runners.sort((runner1, runner2) => runner1.distanceDonationAmount - runner2.distanceDonationAmount).slice(0, 9);
+        let runners = await getConnection().getRepository(Runner).find({ relations: ['group', 'distanceDonations', 'distanceDonations.runner', 'distanceDonations.runner.scans', 'distanceDonations.runner.scans.track'] });
+        if (!runners || runners.length == 0) {
+            return [];
+        }
+        let topRunners = runners.sort((runner1, runner2) => runner2.distanceDonationAmount - runner1.distanceDonationAmount).slice(0, 10);
         let responseRunners: ResponseStatsRunner[] = new Array<ResponseStatsRunner>();
         topRunners.forEach(runner => {
             responseRunners.push(new ResponseStatsRunner(runner));
@@ -58,6 +80,34 @@ export class StatsController {
         return responseRunners;
     }
 
+    @Get("/runners/laptime")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsRunner, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten runners by fastest laptime on your selected track (track by id).", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopRunnersByLaptime(@QueryParam("track") track: number) {
+        let scans = await getConnection().getRepository(TrackScan).find({ relations: ['track', 'runner', 'runner.group', 'runner.scans', 'runner.scans.track', 'runner.distanceDonations'] });
+        if (!scans || scans.length == 0) {
+            return [];
+        }
+        scans = scans.filter((s) => { return s.track.id == track && s.valid == true && s.lapTime != 0 }).sort((scan1, scan2) => scan1.lapTime - scan2.lapTime);
+
+        let topScans = new Array<TrackScan>();
+        let knownRunners = new Array<number>();
+        for (let i = 0; i < scans.length && topScans.length < 10; i++) {
+            const element = scans[i];
+            if (!knownRunners.includes(element.runner.id)) {
+                topScans.push(element);
+                knownRunners.push(element.runner.id);
+            }
+        }
+
+        let responseRunners: ResponseStatsRunner[] = new Array<ResponseStatsRunner>();
+        topScans.forEach(scan => {
+            responseRunners.push(new ResponseStatsRunner(scan.runner, scan.lapTime));
+        });
+        return responseRunners;
+    }
+
     @Get("/scans")
     @UseBefore(StatsAuth)
     @ResponseSchema(ResponseStatsRunner, { isArray: true })
@@ -71,8 +121,11 @@ export class StatsController {
     @ResponseSchema(ResponseStatsTeam, { isArray: true })
     @OpenAPI({ description: "Returns the top ten teams by distance.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
     async getTopTeamsByDistance() {
-        let teams = await getConnection().getRepository(RunnerTeam).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track'] });
-        let topTeams = teams.sort((team1, team2) => team1.distance - team2.distance).slice(0, 9);
+        let teams = await getConnection().getRepository(RunnerTeam).find({ relations: ['parentGroup', 'runners', 'runners.scans', 'runners.scans.track'] });
+        if (!teams || teams.length == 0) {
+            return [];
+        }
+        let topTeams = teams.sort((team1, team2) => team2.distance - team1.distance).slice(0, 10);
         let responseTeams: ResponseStatsTeam[] = new Array<ResponseStatsTeam>();
         topTeams.forEach(team => {
             responseTeams.push(new ResponseStatsTeam(team));
@@ -85,8 +138,11 @@ export class StatsController {
     @ResponseSchema(ResponseStatsTeam, { isArray: true })
     @OpenAPI({ description: "Returns the top ten teams by donations.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
     async getTopTeamsByDonations() {
-        let teams = await getConnection().getRepository(RunnerTeam).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track'] });
-        let topTeams = teams.sort((team1, team2) => team1.distanceDonationAmount - team2.distanceDonationAmount).slice(0, 9);
+        let teams = await getConnection().getRepository(RunnerTeam).find({ relations: ['parentGroup', 'runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track'] });
+        if (!teams || teams.length == 0) {
+            return [];
+        }
+        let topTeams = teams.sort((team1, team2) => team2.distanceDonationAmount - team1.distanceDonationAmount).slice(0, 10);
         let responseTeams: ResponseStatsTeam[] = new Array<ResponseStatsTeam>();
         topTeams.forEach(team => {
             responseTeams.push(new ResponseStatsTeam(team));
@@ -100,7 +156,10 @@ export class StatsController {
     @OpenAPI({ description: "Returns the top ten organizations by distance.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
     async getTopOrgsByDistance() {
         let orgs = await getConnection().getRepository(RunnerOrganization).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.scans', 'teams.runners.distanceDonations', 'teams.runners.scans.track'] });
-        let topOrgs = orgs.sort((org1, org2) => org1.distance - org2.distance).slice(0, 9);
+        if (!orgs || orgs.length == 0) {
+            return [];
+        }
+        let topOrgs = orgs.sort((org1, org2) => org2.distance - org1.distance).slice(0, 10);
         let responseOrgs: ResponseStatsOrgnisation[] = new Array<ResponseStatsOrgnisation>();
         topOrgs.forEach(org => {
             responseOrgs.push(new ResponseStatsOrgnisation(org));
@@ -113,8 +172,11 @@ export class StatsController {
     @ResponseSchema(ResponseStatsOrgnisation, { isArray: true })
     @OpenAPI({ description: "Returns the top ten organizations by donations.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
     async getTopOrgsByDonations() {
-        let orgs = await getConnection().getRepository(RunnerOrganization).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.scans', 'teams.runners.distanceDonations', 'teams.runners.scans.track'] });
-        let topOrgs = orgs.sort((org1, org2) => org1.distanceDonationAmount - org2.distanceDonationAmount).slice(0, 9);
+        let orgs = await getConnection().getRepository(RunnerOrganization).find({ relations: ['runners', 'runners.distanceDonations', 'runners.distanceDonations.runner', 'runners.distanceDonations.runner.scans', 'runners.distanceDonations.runner.scans.track', 'teams', 'teams.runners', 'teams.runners.distanceDonations', 'teams.runners.distanceDonations.runner', 'teams.runners.distanceDonations.runner.scans', 'teams.runners.distanceDonations.runner.scans.track'] });
+        if (!orgs || orgs.length == 0) {
+            return [];
+        }
+        let topOrgs = orgs.sort((org1, org2) => org2.distanceDonationAmount - org1.distanceDonationAmount).slice(0, 10);
         let responseOrgs: ResponseStatsOrgnisation[] = new Array<ResponseStatsOrgnisation>();
         topOrgs.forEach(org => {
             responseOrgs.push(new ResponseStatsOrgnisation(org));

src/controllers/TrackController.ts

@@ -1,6 +1,6 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnectionManager } from 'typeorm';
 import { TrackHasScanStationsError, TrackIdsNotMatchingError, TrackLapTimeCantBeNegativeError, TrackNotFoundError } from "../errors/TrackErrors";
 import { CreateTrack } from '../models/actions/create/CreateTrack';
 import { UpdateTrack } from '../models/actions/update/UpdateTrack';
@@ -25,9 +25,17 @@ export class TrackController {
 	@Authorized("TRACK:GET")
 	@ResponseSchema(ResponseTrack, { isArray: true })
 	@OpenAPI({ description: 'Lists all tracks.' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
 		let responseTracks: ResponseTrack[] = new Array<ResponseTrack>();
-		const tracks = await this.trackRepository.find();
+		let tracks: Array<Track>;
+
+		if (page != undefined) {
+			tracks = await this.trackRepository.find({ skip: page * page_size, take: page_size });
+		}
+		else {
+			tracks = await this.trackRepository.find();
+		}
+
 		tracks.forEach(track => {
 			responseTracks.push(new ResponseTrack(track));
 		});

src/controllers/UserController.ts

@@ -1,7 +1,7 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
-import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
+import { Repository, getConnectionManager } from 'typeorm';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserDeletionNotConfirmedError, UserIdsNotMatchingError, UserNotFoundError, UsernameContainsIllegalCharacterError } from '../errors/UserErrors';
 import { UserGroupNotFoundError } from '../errors/UserGroupErrors';
 import { CreateUser } from '../models/actions/create/CreateUser';
 import { UpdateUser } from '../models/actions/update/UpdateUser';
@@ -28,9 +28,17 @@ export class UserController {
 	@Authorized("USER:GET")
 	@ResponseSchema(ResponseUser, { isArray: true })
 	@OpenAPI({ description: 'Lists all users. <br> This includes their groups and permissions granted to them.' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
 		let responseUsers: ResponseUser[] = new Array<ResponseUser>();
-		const users = await this.userRepository.find({ relations: ['permissions', 'groups', 'groups.permissions'] });
+		let users: Array<User>;
+
+		if (page != undefined) {
+			users = await this.userRepository.find({ relations: ['permissions', 'groups', 'groups.permissions'], skip: page * page_size, take: page_size });
+		}
+		else {
+			users = await this.userRepository.find({ relations: ['permissions', 'groups', 'groups.permissions'] });
+		}
+
 		users.forEach(user => {
 			responseUsers.push(new ResponseUser(user));
 		});
@@ -66,6 +74,10 @@ export class UserController {
 	@ResponseSchema(ResponseUser)
 	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
+	@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
 	@OpenAPI({ description: 'Create a new user. <br> If you want to grant permissions to the user you have to create them seperately by posting to /api/permissions after creating the user.' })
 	async post(@Body({ validate: true }) createUser: CreateUser) {
 		let user;
@@ -85,6 +97,10 @@ export class UserController {
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
 	@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainUppercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainLowercaseLetterError, { statusCode: 406 })
+	@ResponseSchema(PasswordMustContainNumberError, { statusCode: 406 })
+	@ResponseSchema(PasswordTooShortError, { statusCode: 406 })
 	@OpenAPI({ description: "Update the user whose id you provided. <br> To change the permissions directly granted to the user please use /api/permissions instead. <br> Please remember that ids can't be changed." })
 	async put(@Param('id') id: number, @Body({ validate: true }) updateUser: UpdateUser) {
 		let oldUser = await this.userRepository.findOne({ id: id });

src/controllers/UserGroupController.ts

@@ -1,6 +1,6 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { getConnectionManager, Repository } from 'typeorm';
+import { Repository, getConnectionManager } from 'typeorm';
 import { UserGroupIdsNotMatchingError, UserGroupNotFoundError } from '../errors/UserGroupErrors';
 import { CreateUserGroup } from '../models/actions/create/CreateUserGroup';
 import { UpdateUserGroup } from '../models/actions/update/UpdateUserGroup';
@@ -27,9 +27,16 @@ export class UserGroupController {
 	@Authorized("USERGROUP:GET")
 	@ResponseSchema(ResponseUserGroup, { isArray: true })
 	@OpenAPI({ description: 'Lists all groups. <br> The information provided might change while the project continues to evolve.' })
-	async getAll() {
+	async getAll(@QueryParam("page", { required: false }) page: number, @QueryParam("page_size", { required: false }) page_size: number = 100) {
 		let responseGroups: ResponseUserGroup[] = new Array<ResponseUserGroup>();
-		const groups = await this.userGroupsRepository.find({ relations: ['permissions'] });
+		let groups: Array<UserGroup>;
+
+		if (page != undefined) {
+			groups = await this.userGroupsRepository.find({ relations: ['permissions'], skip: page * page_size, take: page_size });
+		} else {
+			groups = await this.userGroupsRepository.find({ relations: ['permissions'] });
+		}
+
 		groups.forEach(group => {
 			responseGroups.push(group.toResponse());
 		});

src/errors/RunnerErrors.ts

@@ -47,14 +47,14 @@ export class RunnerEmailNeededError extends NotAcceptableError {
 }
 
 /**
- * Error to throw when a runner already requested a new selfservice link in the last 24hrs.
+ * Error to throw when a runner already requested a new selfservice link in the last 30s.
  */
 export class RunnerSelfserviceTimeoutError extends NotAcceptableError {
 	@IsString()
 	name = "RunnerSelfserviceTimeoutError"
 
 	@IsString()
-	message = "You can only reqest a new token every 24hrs."
+	message = "You can only reqest a new token every 30s."
 }
 
 /**

src/errors/UserErrors.ts

@@ -71,4 +71,33 @@ export class UserDeletionNotConfirmedError extends NotAcceptableError {
 
 	@IsString()
 	message = "You are trying to delete a user! \n If you're sure about doing this: provide the ?force=true query param."
+}
+
+export class PasswordMustContainUppercaseLetterError extends NotAcceptableError {
+	@IsString()
+	name = "PasswordMustContainUppercaseLetterError"
+
+	@IsString()
+	message = "Passwords must contain at least one uppercase letter."
+}
+export class PasswordMustContainLowercaseLetterError extends NotAcceptableError {
+	@IsString()
+	name = "PasswordMustContainLowercaseLetterError"
+
+	@IsString()
+	message = "Passwords must contain at least one lowercase letter."
+}
+export class PasswordMustContainNumberError extends NotAcceptableError {
+	@IsString()
+	name = "PasswordMustContainNumberError"
+
+	@IsString()
+	message = "Passwords must contain at least one number."
+}
+export class PasswordTooShortError extends NotAcceptableError {
+	@IsString()
+	name = "PasswordTooShortError"
+
+	@IsString()
+	message = "Passwords must be at least ten characters long."
 }

src/loaders/database.ts

@@ -1,5 +1,6 @@
 import { createConnection } from "typeorm";
 import { runSeeder } from 'typeorm-seeding';
+import consola from 'consola';
 import { config } from '../config';
 import { ConfigFlag } from '../models/entities/ConfigFlags';
 import SeedPublicOrg from '../seeds/SeedPublicOrg';
@@ -11,6 +12,11 @@ import SeedUsers from '../seeds/SeedUsers';
  */
 export default async () => {
     const connection = await createConnection();
+    
+    // Log discovered entities for debugging
+    consola.info(`TypeORM discovered ${connection.entityMetadatas.length} entities:`);
+    consola.info(connection.entityMetadatas.map(m => m.name).sort().join(', '));
+    
     await connection.synchronize();
 
     //The data seeding part

src/loaders/index.ts

@@ -1,4 +1,8 @@
 import { Application } from "express";
+import consola from "consola";
+import { config } from "../config";
+import NatsClient from "../nats/NatsClient";
+import { warmAll } from "../nats/RunnerKV";
 import databaseLoader from "./database";
 import expressLoader from "./express";
 import openapiLoader from "./openapi";
@@ -9,6 +13,16 @@ import openapiLoader from "./openapi";
  */
 export default async (app: Application) => {
     await databaseLoader();
+    await NatsClient.connect();
+    
+    if (config.nats_prewarm) {
+        consola.info("Prewarming NATS runner cache...");
+        const startTime = Date.now();
+        await warmAll();
+        const duration = Date.now() - startTime;
+        consola.success(`NATS runner cache prewarmed in ${duration}ms`);
+    }
+    
     await openapiLoader(app);
     await expressLoader(app);
     return app;

src/mailer.ts

@@ -18,9 +18,19 @@ export class Mailer {
      */
     public static async sendResetMail(to_address: string, token: string, locale: string = "en") {
         try {
-            await axios.post(`${Mailer.base}/reset?locale=${locale}&key=${Mailer.key}`, {
-                address: to_address,
-                resetKey: token
+            await axios.request({
+                method: 'POST',
+                url: `${Mailer.base}/api/v1/email`,
+                headers: {
+                    authorization: `Bearer ${Mailer.key}`,
+                    'content-type': 'application/json'
+                },
+                data: {
+                    to: to_address,
+                    templateName: 'password-reset',
+                    language: locale,
+                    data: { token: token }
+                }
             });
         } catch (error) {
             if (Mailer.testing) { return true; }
@@ -32,12 +42,26 @@ export class Mailer {
      * Function for sending a runner selfservice welcome mail.
      * @param to_address The address the mail will be sent to. Should always get pulled from a runner object.
      * @param token The requested selfservice token - will be combined with the app_url to generate a selfservice profile link.
-     */
-    public static async sendSelfserviceWelcomeMail(to_address: string, token: string, locale: string = "en") {
+    */
+    public static async sendSelfserviceWelcomeMail(to_address: string, runner_id: number, firstname: string, middlename: string, lastname: string, token: string, locale: string = "en") {
         try {
-            await axios.post(`${Mailer.base}/registration?locale=${locale}&key=${Mailer.key}`, {
-                address: to_address,
-                selfserviceToken: token
+            await axios.request({
+                method: 'POST',
+                url: `${Mailer.base}/api/v1/email`,
+                headers: {
+                    authorization: `Bearer ${Mailer.key}`,
+                    'content-type': 'application/json'
+                },
+                data: {
+                    to: to_address,
+                    templateName: 'welcome',
+                    language: locale,
+                    data: {
+                        name: `${firstname} ${middlename} ${lastname}`,
+                        barcode_content: `${runner_id}`,
+                        link: `${process.env.SELFSERVICE_URL}/profile/${token}`
+                    }
+                }
             });
         } catch (error) {
             if (Mailer.testing) { return true; }
@@ -49,15 +73,45 @@ export class Mailer {
      * Function for sending a runner selfservice link forgotten mail.
      * @param to_address The address the mail will be sent to. Should always get pulled from a runner object.
      * @param token The requested selfservice token - will be combined with the app_url to generate a selfservice profile link.
-     */
-    public static async sendSelfserviceForgottenMail(to_address: string, token: string, locale: string = "en") {
+    */
+    public static async sendSelfserviceForgottenMail(to_address: string, runner_id: number, firstname: string, middlename: string, lastname: string, token: string, locale: string = "en") {
         try {
-            await axios.post(`${Mailer.base}/registration_forgot?locale=${locale}&key=${Mailer.key}`, {
-                address: to_address,
-                selfserviceToken: token
+            console.log("Mail request", {
+                to: to_address,
+                templateName: 'welcome',
+                language: locale,
+                data: {
+                    to: to_address,
+                    templateName: 'welcome',
+                    language: locale,
+                    data: {
+                        name: `${firstname} ${middlename} ${lastname}`,
+                        barcode_content: `${runner_id}`,
+                        link: `${process.env.SELFSERVICE_URL}/profile/${token}`
+                    }
+                }
+            })
+            await axios.request({
+                method: 'POST',
+                url: `${Mailer.base}/api/v1/email`,
+                headers: {
+                    authorization: `Bearer ${Mailer.key}`,
+                    'content-type': 'application/json'
+                },
+                data: {
+                    to: to_address,
+                    templateName: 'welcome',
+                    language: locale,
+                    data: {
+                        name: `${firstname} ${middlename} ${lastname}`,
+                        barcode_content: `${runner_id}`,
+                        link: `${process.env.SELFSERVICE_URL}/profile/${token}`
+                    }
+                }
             });
         } catch (error) {
             if (Mailer.testing) { return true; }
+            console.error("Error while sending selfservice forgotten mail:", error.message);
             throw new MailSendingError();
         }
     }

src/middlewares/ScanAuth.ts

@@ -1,69 +1,129 @@
-import * as argon2 from "argon2";
+import crypto from 'crypto';
 import { Request, Response } from 'express';
 import { getConnectionManager } from 'typeorm';
+import { config } from '../config';
+import { deleteStationEntry, getStationEntry, setStationEntry, StationKVEntry } from '../nats/StationKV';
 import { ScanStation } from '../models/entities/ScanStation';
 import authchecker from './authchecker';
 
+/**
+ * Computes the HMAC-SHA256 of the provided token using the station token secret.
+ */
+function computeHmac(token: string): string {
+    return crypto.createHmac('sha256', config.station_token_secret).update(token).digest('hex');
+}
+
+/**
+ * Constant-time comparison of two hex HMAC strings.
+ * Returns true if they match.
+ */
+function verifyHmac(provided_token: string, storedHash: string): boolean {
+    const expectedHash = computeHmac(provided_token);
+    const expectedBuf = Buffer.from(expectedHash);
+    const storedBuf = Buffer.from(storedHash);
+    return expectedBuf.length === storedBuf.length && crypto.timingSafeEqual(expectedBuf, storedBuf);
+}
+
 /**
  * This middleware handles the authentication of scan station api tokens.
  * The tokens have to be provided via Bearer authorization header.
+ *
+ * Auth flow:
+ *   1. Extract prefix from token (PREFIX.KEY format)
+ *   2. Try NATS KV cache lookup by prefix — warm path: HMAC verify, no DB
+ *   3. On cache miss: DB lookup → HMAC verify → write to KV cache
+ *   4. On no station match at all: fall back to JWT auth (SCAN:CREATE permission)
+ *
+ * On success sets req.isStationAuth = true and req.stationId on the request object.
+ * These are internal server-side properties — not HTTP headers, not spoofable by clients.
+ *
  * You have to manually use this middleware via @UseBefore(ScanAuth) instead of using @Authorized().
  * @param req Express request object.
  * @param res Express response object.
  * @param next Next function to call on success.
  */
 const ScanAuth = async (req: Request, res: Response, next: () => void) => {
-    let provided_token: string = req.headers["authorization"];
-    if (provided_token == "" || provided_token === undefined || provided_token === null) {
-        res.status(401).send({ http_code: 401, short: "no_token", message: "No api token provided." });
+    let provided_token: string = req.headers['authorization'];
+    if (!provided_token) {
+        res.status(401).send({ http_code: 401, short: 'no_token', message: 'No api token provided.' });
         return;
     }
 
-    try {
-        provided_token = provided_token.replace("Bearer ", "");
-    } catch (error) {
-        res.status(401).send({ http_code: 401, short: "no_token", message: "No valid jwt or api token provided." });
+    provided_token = provided_token.replace('Bearer ', '');
+
+    const prefix = provided_token.split('.')[0];
+    if (!prefix) {
+        res.status(401).send({ http_code: 401, short: 'invalid_token', message: 'Api token non-existent or invalid syntax.' });
         return;
     }
 
-    let prefix = "";
-    try {
-        prefix = provided_token.split(".")[0];
-    }
-    finally {
-        if (prefix == "" || prefix == undefined || prefix == null) {
-            res.status(401).send({ http_code: 401, short: "invalid_token", message: "Api token non-existent or invalid syntax." });
+    // --- KV cache lookup (warm path) ---
+    const cached = await getStationEntry(prefix);
+    if (cached) {
+        if (!cached.enabled) {
+            res.status(401).send({ http_code: 401, short: 'station_disabled', message: 'Station is disabled.' });
             return;
         }
+        if (!verifyHmac(provided_token, cached.tokenHash)) {
+            res.status(401).send({ http_code: 401, short: 'invalid_token', message: 'Api token non-existent or invalid syntax.' });
+            return;
+        }
+        req.isStationAuth = true;
+        req.stationId = cached.id;
+        next();
+        return;
     }
 
-    const station = await getConnectionManager().get().getRepository(ScanStation).findOne({ prefix: prefix });
+    // --- DB lookup (cold path) ---
+    const station = await getConnectionManager().get().getRepository(ScanStation).findOne({ prefix }, { relations: ['track'] });
+
     if (!station) {
+        // No station with this prefix — fall back to JWT auth
         let user_authorized = false;
         try {
-            let action = { request: req, response: res, context: null, next: next }
-            user_authorized = await authchecker(action, ["SCAN:CREATE"]);
-        }
-        finally {
-            if (user_authorized == false) {
-                res.status(401).send({ http_code: 401, short: "invalid_token", message: "Api token non-existent or invalid syntax." });
+            const action = { request: req, response: res, context: null, next };
+            user_authorized = await authchecker(action, ['SCAN:CREATE']);
+        } finally {
+            if (!user_authorized) {
+                res.status(401).send({ http_code: 401, short: 'invalid_token', message: 'Api token non-existent or invalid syntax.' });
                 return;
             }
-            else {
-                next();
-            }
+            next();
         }
+        return;
     }
-    else {
-        if (station.enabled == false) {
-            res.status(401).send({ http_code: 401, short: "station_disabled", message: "Station is disabled." });
-        }
-        if (!(await argon2.verify(station.key, provided_token))) {
-            res.status(401).send({ http_code: 401, short: "invalid_token", message: "Api token non-existent or invalid syntax." });
-            return;
-        }
-        req.headers["station_id"] = station.id.toString();
-        next();
+
+    // Station found — verify token before caching
+    const tokenHash = computeHmac(provided_token);
+    const storedBuf = Buffer.from(station.key);
+    const computedBuf = Buffer.from(tokenHash);
+    const valid = computedBuf.length === storedBuf.length && crypto.timingSafeEqual(computedBuf, storedBuf);
+
+    if (!valid) {
+        res.status(401).send({ http_code: 401, short: 'invalid_token', message: 'Api token non-existent or invalid syntax.' });
+        return;
     }
-}
-export default ScanAuth;
+
+    if (!station.enabled) {
+        res.status(401).send({ http_code: 401, short: 'station_disabled', message: 'Station is disabled.' });
+        return;
+    }
+
+    // Write to KV cache for subsequent requests
+    const entry: StationKVEntry = {
+        id: station.id,
+        enabled: station.enabled,
+        tokenHash,
+        trackId: station.track.id,
+        trackDistance: station.track.distance,
+        minimumLapTime: station.track.minimumLapTime ?? 0,
+    };
+    await setStationEntry(prefix, entry);
+
+    req.isStationAuth = true;
+    req.stationId = station.id;
+    next();
+};
+
+export default ScanAuth;
+export { deleteStationEntry };

src/middlewares/StatsAuth.ts

@@ -1,4 +1,4 @@
-import * as argon2 from "argon2";
+import * as Bun from 'bun';
 import { Request, Response } from 'express';
 import { getConnectionManager } from 'typeorm';
 import { StatsClient } from '../models/entities/StatsClient';
@@ -55,7 +55,7 @@ const StatsAuth = async (req: Request, res: Response, next: () => void) => {
         }
     }
     else {
-        if (!(await argon2.verify(client.key, provided_token))) {
+        if (!(await Bun.password.verify(provided_token, client.key))) {
             res.status(401).send("Api token invalid.");
             return;
         }

src/models/actions/ResetPassword.ts

@@ -1,4 +1,4 @@
-import * as argon2 from "argon2";
+import * as Bun from 'bun';
 import { IsNotEmpty, IsOptional, IsString } from 'class-validator';
 import * as jsonwebtoken from 'jsonwebtoken';
 import { getConnectionManager } from 'typeorm';
@@ -49,7 +49,7 @@ export class ResetPassword {
         if (found_user.refreshTokenCount !== decoded["refreshTokenCount"]) { throw new RefreshTokenCountInvalidError(); }
 
         found_user.refreshTokenCount = found_user.refreshTokenCount + 1;
-        found_user.password = await argon2.hash(this.password + found_user.uuid);
+        found_user.password = await Bun.password.hash(this.password + found_user.uuid);
         await getConnectionManager().get().getRepository(User).save(found_user);
 
         return "password reset successfull";

src/models/actions/create/CreateAnonymousDonation.ts

@@ -0,0 +1,29 @@
+import { IsInt, IsPositive } from 'class-validator';
+import { FixedDonation } from '../../entities/FixedDonation';
+import { CreateDonation } from './CreateDonation';
+
+/**
+ * This class is used to create a new FixedDonation entity from a json body (post request).
+ */
+export class CreateAnonymousDonation extends CreateDonation {
+
+    /**
+     * The donation's amount.
+     * The unit is your currency's smallest unit (default: euro cent).
+     */
+    @IsInt()
+    @IsPositive()
+    amount: number;
+
+    /**
+     * Creates a new FixedDonation entity from this.
+     */
+    public async toEntity(): Promise<FixedDonation> {
+        let newDonation = new FixedDonation;
+
+        newDonation.amount = this.amount;
+        newDonation.paidAmount = this.amount;
+
+        return newDonation;
+    }
+}

src/models/actions/create/CreateAuth.ts

@@ -1,4 +1,4 @@
-import * as argon2 from "argon2";
+import * as Bun from 'bun';
 import { IsEmail, IsNotEmpty, IsOptional, IsString } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import { InvalidCredentialsError, PasswordNeededError, UserDisabledError, UserNotFoundError } from '../../../errors/AuthError';
@@ -56,16 +56,16 @@ export class CreateAuth {
             throw new UserNotFoundError();
         }
         if (found_user.enabled == false) { throw new UserDisabledError(); }
-        if (!(await argon2.verify(found_user.password, this.password + found_user.uuid))) {
+        if (!(await Bun.password.verify(this.password + found_user.uuid, found_user.password))) {
             throw new InvalidCredentialsError();
         }
 
         //Create the access token
-        const timestamp_accesstoken_expiry = Math.floor(Date.now() / 1000) + 5 * 60
+        const timestamp_accesstoken_expiry = Math.floor(Date.now() / 1000) + 24 * 60 * 60
         newAuth.access_token = JwtCreator.createAccess(found_user, timestamp_accesstoken_expiry);
         newAuth.access_token_expires_at = timestamp_accesstoken_expiry
         //Create the refresh token
-        const timestamp_refresh_expiry = Math.floor(Date.now() / 1000) + 10 * 36000
+        const timestamp_refresh_expiry = Math.floor(Date.now() / 1000) + 7 * 24 * 60 * 60
         newAuth.refresh_token = JwtCreator.createRefresh(found_user, timestamp_refresh_expiry);
         newAuth.refresh_token_expires_at = timestamp_refresh_expiry
         return newAuth;

src/models/actions/create/CreateDistanceDonation.ts

@@ -1,4 +1,4 @@
-import { IsInt, IsPositive } from 'class-validator';
+import { IsInt, IsOptional, IsPositive } from 'class-validator';
 import { getConnection } from 'typeorm';
 import { RunnerNotFoundError } from '../../../errors/RunnerErrors';
 import { DistanceDonation } from '../../entities/DistanceDonation';
@@ -10,6 +10,21 @@ import { CreateDonation } from './CreateDonation';
  */
 export class CreateDistanceDonation extends CreateDonation {
 
+    /**
+     * The donation's associated donor's id.
+     * This is important to link donations to donors.
+     */
+    @IsInt()
+    @IsPositive()
+    donor: number;
+
+    /**
+     * The donation's paid amount in the smalles unit of your currency (default: euro cent).
+     */
+    @IsInt()
+    @IsOptional()
+    paidAmount?: number;
+
     /**
      * The donation's associated runner's id.
      * This is important to link the runner's distance ran to the donation.
@@ -33,6 +48,7 @@ export class CreateDistanceDonation extends CreateDonation {
         let newDonation = new DistanceDonation;
 
         newDonation.amountPerDistance = this.amountPerDistance;
+        newDonation.paidAmount = this.paidAmount;
         newDonation.donor = await this.getDonor();
         newDonation.runner = await this.getRunner();
 

src/models/actions/create/CreateDonation.ts

@@ -1,6 +1,5 @@
-import { IsInt, IsPositive } from 'class-validator';
+import { IsInt, IsOptional } from 'class-validator';
 import { getConnection } from 'typeorm';
-import { DonorNotFoundError } from '../../../errors/DonorErrors';
 import { Donation } from '../../entities/Donation';
 import { Donor } from '../../entities/Donor';
 
@@ -8,14 +7,14 @@ import { Donor } from '../../entities/Donor';
  * This class is used to create a new Donation entity from a json body (post request).
  */
 export abstract class CreateDonation {
-    /**
-     * The donation's associated donor's id.
-     * This is important to link donations to donors.
-     */
     @IsInt()
-    @IsPositive()
+    @IsOptional()
     donor: number;
 
+    @IsInt()
+    @IsOptional()
+    paidAmount?: number;
+
     /**
      * Creates a new Donation entity from this.
      */
@@ -26,9 +25,6 @@ export abstract class CreateDonation {
      */
     public async getDonor(): Promise<Donor> {
         const donor = await getConnection().getRepository(Donor).findOne({ id: this.donor });
-        if (!donor) {
-            throw new DonorNotFoundError();
-        }
         return donor;
     }
 }

src/models/actions/create/CreateFixedDonation.ts

@@ -6,6 +6,21 @@ import { CreateDonation } from './CreateDonation';
  * This class is used to create a new FixedDonation entity from a json body (post request).
  */
 export class CreateFixedDonation extends CreateDonation {
+
+    /**
+     * The donation's associated donor's id.
+     * This is important to link donations to donors.
+     */
+    @IsInt()
+    @IsPositive()
+    donor: number;
+
+    /**
+     * The donation's paid amount in the smalles unit of your currency (default: euro cent).
+     */
+    @IsInt()
+    paidAmount?: number;
+
     /**
      * The donation's amount.
      * The unit is your currency's smallest unit (default: euro cent).
@@ -21,6 +36,7 @@ export class CreateFixedDonation extends CreateDonation {
         let newDonation = new FixedDonation;
 
         newDonation.amount = this.amount;
+        newDonation.paidAmount = this.paidAmount;
         newDonation.donor = await this.getDonor();
 
         return newDonation;

src/models/actions/create/CreateParticipant.ts

@@ -50,4 +50,11 @@ export abstract class CreateParticipant {
     @IsOptional()
     @IsObject()
     address?: Address;
+
+    /**
+     * how the participant got into the system
+     */
+    @IsOptional()
+    @IsString()
+    created_via?: string;
 }

src/models/actions/create/CreateRunner.ts

@@ -32,6 +32,9 @@ export class CreateRunner extends CreateParticipant {
         newRunner.email = this.email;
         newRunner.group = await this.getGroup();
         newRunner.address = this.address;
+        if (this.created_via) {
+            newRunner.created_via = this.created_via;
+        }
         Address.validate(newRunner.address);
 
         return newRunner;

src/models/actions/create/CreateRunnerOrganization.ts

@@ -1,5 +1,4 @@
 import { IsBoolean, IsObject, IsOptional } from 'class-validator';
-import * as uuid from 'uuid';
 import { Address } from '../../entities/Address';
 import { RunnerOrganization } from '../../entities/RunnerOrganization';
 import { CreateRunnerGroup } from './CreateRunnerGroup';
@@ -35,7 +34,7 @@ export class CreateRunnerOrganization extends CreateRunnerGroup {
         Address.validate(newRunnerOrganization.address);
 
         if (this.registrationEnabled) {
-            newRunnerOrganization.key = uuid.v4().toUpperCase();
+            newRunnerOrganization.key = crypto.randomUUID()
         }
 
         return newRunnerOrganization;

src/models/actions/create/CreateScanStation.ts

@@ -1,8 +1,7 @@
-import * as argon2 from "argon2";
 import { IsBoolean, IsInt, IsOptional, IsPositive, IsString } from 'class-validator';
 import crypto from 'crypto';
 import { getConnection } from 'typeorm';
-import * as uuid from 'uuid';
+import { config } from '../../../config';
 import { TrackNotFoundError } from '../../../errors/TrackErrors';
 import { ScanStation } from '../../entities/ScanStation';
 import { Track } from '../../entities/Track';
@@ -42,10 +41,10 @@ export class CreateScanStation {
         newStation.enabled = this.enabled;
         newStation.track = await this.getTrack();
 
-        let newUUID = uuid.v4().toUpperCase();
+        let newUUID = crypto.randomUUID().toUpperCase();
         newStation.prefix = crypto.createHash("sha3-512").update(newUUID).digest('hex').substring(0, 7).toUpperCase();
-        newStation.key = await argon2.hash(newStation.prefix + "." + newUUID);
         newStation.cleartextkey = newStation.prefix + "." + newUUID;
+        newStation.key = crypto.createHmac("sha256", config.station_token_secret).update(newStation.cleartextkey).digest('hex');
 
         return newStation;
     }

src/models/actions/create/CreateSelfServiceCitizenRunner.ts

@@ -26,6 +26,7 @@ export class CreateSelfServiceCitizenRunner extends CreateParticipant {
     public async toEntity(): Promise<Runner> {
         let newRunner: Runner = new Runner();
 
+        newRunner.created_via = "selfservice";
         newRunner.firstname = this.firstname;
         newRunner.middlename = this.middlename;
         newRunner.lastname = this.lastname;

src/models/actions/create/CreateSelfServiceRunner.ts

@@ -28,6 +28,7 @@ export class CreateSelfServiceRunner extends CreateParticipant {
     public async toEntity(group: RunnerGroup): Promise<Runner> {
         let newRunner: Runner = new Runner();
 
+        newRunner.created_via = "selfservice";
         newRunner.firstname = this.firstname;
         newRunner.middlename = this.middlename;
         newRunner.lastname = this.lastname;

src/models/actions/create/CreateStatsClient.ts

@@ -1,7 +1,6 @@
-import * as argon2 from "argon2";
+import * as Bun from 'bun';
 import { IsOptional, IsString } from 'class-validator';
 import crypto from 'crypto';
-import * as uuid from 'uuid';
 import { StatsClient } from '../../entities/StatsClient';
 
 /**
@@ -23,9 +22,9 @@ export class CreateStatsClient {
 
         newClient.description = this.description;
 
-        let newUUID = uuid.v4().toUpperCase();
+        let newUUID = crypto.randomUUID().toUpperCase();
         newClient.prefix = crypto.createHash("sha3-512").update(newUUID).digest('hex').substring(0, 7).toUpperCase();
-        newClient.key = await argon2.hash(newClient.prefix + "." + newUUID);
+        newClient.key = await Bun.password.hash(newClient.prefix + "." + newUUID);
         newClient.cleartextkey = newClient.prefix + "." + newUUID;
 
         return newClient;

src/models/actions/create/CreateTrackScan.ts

@@ -57,11 +57,12 @@ export class CreateTrackScan {
      * @returns The runnerCard whom's id you provided.
      */
     public async getCard(): Promise<RunnerCard> {
-        const track = await getConnection().getRepository(RunnerCard).findOne({ id: this.card }, { relations: ["runner"] });
-        if (!track) {
+        const id = this.card % 200000000000;
+        const runnerCard = await getConnection().getRepository(RunnerCard).findOne({ id: id }, { relations: ["runner"] });
+        if (!runnerCard) {
             throw new RunnerCardNotFoundError();
         }
-        return track;
+        return runnerCard;
     }
 
     /**
@@ -85,14 +86,13 @@ export class CreateTrackScan {
      * @returns The validated scan with it's laptime set.
      */
     public async validateScan(scan: TrackScan): Promise<TrackScan> {
-        const scans = await getConnection().getRepository(TrackScan).find({ where: { runner: scan.runner, valid: true }, relations: ["track"] });
-        if (scans.length == 0) {
+        const latestScan = await getConnection().getRepository(TrackScan).findOne({ where: { runner: scan.runner, valid: true }, relations: ["track"], order: { id: 'DESC' } });
+        if (!latestScan) {
             scan.lapTime = 0;
             scan.valid = true;
         }
         else {
-            const newestScan = scans[scans.length - 1];
-            scan.lapTime = scan.timestamp - newestScan.timestamp;
+            scan.lapTime = scan.timestamp - latestScan.timestamp;
             scan.valid = (scan.lapTime > scan.track.minimumLapTime);
         }
         return scan;

src/models/actions/create/CreateUser.ts

@@ -1,9 +1,9 @@
-import * as argon2 from "argon2";
+import * as Bun from 'bun';
+import { passwordStrength } from "check-password-strength";
 import { IsBoolean, IsEmail, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
-import * as uuid from 'uuid';
 import { config } from '../../../config';
-import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
 import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
 import { User } from '../../entities/User';
 import { UserGroup } from '../../entities/UserGroup';
@@ -94,20 +94,26 @@ export class CreateUser {
         if (!this.email) {
             throw new UserEmailNeededError();
         }
-        if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
+        if (this.username?.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
+
+        let password_strength = passwordStrength(this.password);
+        if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
+        if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
+        if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
+        if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
 
         newUser.email = this.email
         newUser.username = this.username
         newUser.firstname = this.firstname
         newUser.middlename = this.middlename
         newUser.lastname = this.lastname
-        newUser.uuid = uuid.v4()
+        newUser.uuid = crypto.randomUUID()
         newUser.phone = this.phone
-        newUser.password = await argon2.hash(this.password + newUser.uuid);
+        newUser.password = Bun.password.hash(this.password + newUser.uuid);
         newUser.groups = await this.getGroups();
         newUser.enabled = this.enabled;
 
-        if (!this.profilePic) { newUser.profilePic = `https://dev.lauf-fuer-kaya.de/lfk-logo.png`; }
+        if (!this.profilePic) { newUser.profilePic = `https://lauf-fuer-kaya.de/lfk-logo.png`; }
         else { newUser.profilePic = this.profilePic; }
 
         return newUser;

src/models/actions/update/UpdateDistanceDonation.ts

@@ -32,6 +32,7 @@ export class UpdateDistanceDonation extends UpdateDonation {
      */
     public async update(donation: DistanceDonation): Promise<DistanceDonation> {
         donation.amountPerDistance = this.amountPerDistance;
+        donation.paidAmount = this.paidAmount;
         donation.donor = await this.getDonor();
         donation.runner = await this.getRunner();
 

src/models/actions/update/UpdateDonation.ts

@@ -1,4 +1,4 @@
-import { IsInt, IsPositive } from 'class-validator';
+import { IsInt, IsOptional, IsPositive } from 'class-validator';
 import { getConnection } from 'typeorm';
 import { DonorNotFoundError } from '../../../errors/DonorErrors';
 import { Donation } from '../../entities/Donation';
@@ -23,6 +23,13 @@ export abstract class UpdateDonation {
     @IsPositive()
     donor: number;
 
+    /**
+     * The donation's paid amount in the smalles unit of your currency (default: euro cent).
+     */
+    @IsInt()
+    @IsOptional()
+    paidAmount?: number;
+
     /**
      * Creates a new Donation entity from this.
      */

src/models/actions/update/UpdateFixedDonation.ts

@@ -20,6 +20,7 @@ export class UpdateFixedDonation extends UpdateDonation {
      */
     public async update(donation: FixedDonation): Promise<FixedDonation> {
         donation.amount = this.amount;
+        donation.paidAmount = this.paidAmount;
         donation.donor = await this.getDonor();
 
         return donation;

src/models/actions/update/UpdateRunnerCardByCode.ts

@@ -0,0 +1,50 @@
+import { IsBoolean, IsInt, IsNotEmpty, IsOptional, IsString } from 'class-validator';
+import { getConnection } from 'typeorm';
+import { RunnerNotFoundError } from '../../../errors/RunnerErrors';
+import { Runner } from '../../entities/Runner';
+import { RunnerCard } from '../../entities/RunnerCard';
+
+/**
+ * This class is used to update a RunnerCard entity (via put request).
+ */
+export class UpdateRunnerCardByCode {
+    /**
+     * The card's code.
+     */
+    @IsString()
+    @IsNotEmpty()
+    code?: string;
+
+    /**
+     * The runner's id.
+     */
+    @IsInt()
+    @IsOptional()
+    runner?: number;
+
+    /**
+     * Is the updated card enabled (for fraud reasons)?
+     * Default: true
+     */
+    @IsBoolean()
+    enabled: boolean = true;
+
+    /**
+     * Creates a new RunnerCard entity from this.
+     */
+    public async update(card: RunnerCard): Promise<RunnerCard> {
+        card.enabled = this.enabled;
+        card.runner = await this.getRunner();
+
+        return card;
+    }
+
+    public async getRunner(): Promise<Runner> {
+        if (!this.runner) { return null; }
+        const runner = await getConnection().getRepository(Runner).findOne({ id: this.runner });
+        if (!runner) {
+            throw new RunnerNotFoundError();
+        }
+        return runner;
+    }
+}

src/models/actions/update/UpdateRunnerOrganization.ts

@@ -1,5 +1,4 @@
 import { IsBoolean, IsInt, IsObject, IsOptional } from 'class-validator';
-import * as uuid from 'uuid';
 import { Address } from '../../entities/Address';
 import { RunnerOrganization } from '../../entities/RunnerOrganization';
 import { CreateRunnerGroup } from '../create/CreateRunnerGroup';
@@ -42,7 +41,7 @@ export class UpdateRunnerOrganization extends CreateRunnerGroup {
         Address.validate(organization.address);
 
         if (this.registrationEnabled && !organization.key) {
-            organization.key = uuid.v4().toUpperCase();
+            organization.key = crypto.randomUUID().toUpperCase();
         }
         else {
             organization.key = null;

src/models/actions/update/UpdateUser.ts

@@ -1,12 +1,14 @@
-import * as argon2 from "argon2";
+import * as Bun from 'bun';
+import { passwordStrength } from "check-password-strength";
 import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import { config } from '../../../config';
-import { UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
+import { PasswordMustContainLowercaseLetterError, PasswordMustContainNumberError, PasswordMustContainUppercaseLetterError, PasswordTooShortError, UserEmailNeededError, UsernameContainsIllegalCharacterError } from '../../../errors/UserErrors';
 import { UserGroupNotFoundError } from '../../../errors/UserGroupErrors';
 import { User } from '../../entities/User';
 import { UserGroup } from '../../entities/UserGroup';
 
+
 /**
  * This class is used to update a User entity (via put request).
  */
@@ -104,7 +106,12 @@ export class UpdateUser {
         if (this.username.includes("@")) { throw new UsernameContainsIllegalCharacterError(); }
 
         if (this.password) {
-            user.password = await argon2.hash(this.password + user.uuid);
+            let password_strength = passwordStrength(this.password);
+            if (!password_strength.contains.includes("uppercase")) { throw new PasswordMustContainUppercaseLetterError(); }
+            if (!password_strength.contains.includes("lowercase")) { throw new PasswordMustContainLowercaseLetterError(); }
+            if (!password_strength.contains.includes("number")) { throw new PasswordMustContainNumberError(); }
+            if (!(password_strength.length > 9)) { throw new PasswordTooShortError(); }
+            user.password = await Bun.password.hash(this.password + user.uuid);
             user.refreshTokenCount = user.refreshTokenCount + 1;
         }
 
@@ -117,7 +124,7 @@ export class UpdateUser {
         user.phone = this.phone;
         user.groups = await this.getGroups();
 
-        if (!this.profilePic) { user.profilePic = `https://dev.lauf-fuer-kaya.de/lfk-logo.png`; }
+        if (!this.profilePic) { user.profilePic = `https://lauf-fuer-kaya.de/lfk-logo.png`; }
         else { user.profilePic = this.profilePic; }
 
         return user;

src/models/entities/ConfigFlags.ts

@@ -1,8 +1,10 @@
 import {
+    IsInt,
     IsNotEmpty,
+    IsPositive,
     IsString
 } from "class-validator";
-import { Column, Entity, PrimaryColumn } from "typeorm";
+import { BeforeInsert, BeforeUpdate, Column, Entity, PrimaryColumn } from "typeorm";
 
 /**
  * Defines the ConfigFlag entity.
@@ -24,4 +26,25 @@ export class ConfigFlag {
     @IsString()
     @IsNotEmpty()
     value: string;
+
+    @Column({ type: 'bigint', nullable: true, readonly: true })
+    @IsInt()
+    @IsPositive()
+    created_at: number;
+
+    @Column({ type: 'bigint', nullable: true })
+    @IsInt()
+    @IsPositive()
+    updated_at: number;
+
+    @BeforeInsert()
+    public setCreatedAt() {
+        this.created_at = Math.floor(Date.now() / 1000);
+        this.updated_at = Math.floor(Date.now() / 1000);
+    }
+
+    @BeforeUpdate()
+    public setUpdatedAt() {
+        this.updated_at = Math.floor(Date.now() / 1000);
+    }
 }

src/models/entities/DistanceDonation.ts

@@ -1,22 +1,23 @@
 import { IsInt, IsNotEmpty, IsPositive } from "class-validator";
-import { ChildEntity, Column, ManyToOne } from "typeorm";
+import { ChildEntity, Column, Index, ManyToOne } from "typeorm";
 import { ResponseDistanceDonation } from '../responses/ResponseDistanceDonation';
 import { Donation } from "./Donation";
-import { Runner } from "./Runner";
+import type { Runner } from "./Runner";
 
 /**
  * Defines the DistanceDonation entity.
  * For distanceDonations a donor pledges to donate a certain amount for each kilometer ran by a runner.
-*/
+ */
 @ChildEntity()
+@Index(['runner'])
 export class DistanceDonation extends Donation {
   /**
    * The donation's associated runner.
    * Used as the source of the donation's distance.
    */
   @IsNotEmpty()
-  @ManyToOne(() => Runner, runner => runner.distanceDonations)
-  runner: Runner;
+  @ManyToOne(() => require("./Runner").Runner, (runner: Runner) => runner.distanceDonations)
+  runner!: Runner;
 
   /**
    * The donation's amount donated per distance.

src/models/entities/Donation.ts

@@ -1,18 +1,19 @@
 import {
   IsInt,
-  IsNotEmpty
+  IsPositive
 } from "class-validator";
-import { Entity, ManyToOne, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
+import { BeforeInsert, BeforeUpdate, Column, Entity, Index, ManyToOne, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
 import { ResponseDonation } from '../responses/ResponseDonation';
-import { Donor } from './Donor';
+import type { Donor } from './Donor';
 
 /**
  * Defines the Donation entity.
  * A donation just associates a donor with a donation amount.
  * The specifics of the amoun's determination has to be implemented in child classes.
-*/
+ */
 @Entity()
 @TableInheritance({ column: { name: "type", type: "varchar" } })
+@Index(['donor'])
 export abstract class Donation {
   /**
    * Autogenerated unique id (primary key).
@@ -24,9 +25,8 @@ export abstract class Donation {
   /**
    * The donations's donor.
    */
-  @IsNotEmpty()
-  @ManyToOne(() => Donor, donor => donor.donations)
-  donor: Donor;
+  @ManyToOne(() => require("./Donor").Donor, (donor: Donor) => donor.donations)
+  donor!: Donor;
 
   /**
    * The donation's amount in cents (or whatever your currency's smallest unit is.).
@@ -34,6 +34,34 @@ export abstract class Donation {
    */
   public abstract get amount(): number;
 
+  /**
+   * The donation's paid amount in cents (or whatever your currency's smallest unit is.).
+   * Used to mark donations as paid.
+   */
+  @Column({ nullable: true })
+  @IsInt()
+  paidAmount: number;
+
+  @Column({ type: 'bigint', nullable: true, readonly: true })
+  @IsInt()
+  @IsPositive()
+  created_at: number;
+
+  @Column({ type: 'bigint', nullable: true })
+  @IsInt()
+  @IsPositive()
+  updated_at: number;
+
+  @BeforeInsert()
+  public setCreatedAt() {
+    this.created_at = Math.floor(Date.now() / 1000);
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
+
+  @BeforeUpdate()
+  public setUpdatedAt() {
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
 
   /**
    * Turns this entity into it's response class.

src/models/entities/Donor.ts

@@ -1,7 +1,7 @@
 import { IsBoolean, IsInt } from "class-validator";
 import { ChildEntity, Column, OneToMany } from "typeorm";
 import { ResponseDonor } from '../responses/ResponseDonor';
-import { Donation } from './Donation';
+import type { Donation } from './Donation';
 import { Participant } from "./Participant";
 
 /**
@@ -21,8 +21,8 @@ export class Donor extends Participant {
  * Used to link the participant as the donor of a donation.
  * Attention: Only runner's can be associated as a distanceDonations distance source.
  */
-  @OneToMany(() => Donation, donation => donation.donor, { nullable: true })
-  donations: Donation[];
+  @OneToMany(() => require("./Donation").Donation, (donation: Donation) => donation.donor, { nullable: true })
+  donations!: Donation[];
 
   /**
    * Returns the total donations of a donor based on his linked donations.
@@ -33,6 +33,15 @@ export class Donor extends Participant {
     return this.donations.reduce((sum, current) => sum + current.amount, 0);
   }
 
+  /**
+   * Returns the total paid donations of a donor based on his linked donations.
+  */
+  @IsInt()
+  public get paidDonationAmount(): number {
+    if (!this.donations) { return 0; }
+    return this.donations.reduce((sum, current) => sum + current.paidAmount, 0);
+  }
+
   /**
    * Turns this entity into it's response class.
    */

src/models/entities/GroupContact.ts

@@ -1,17 +1,19 @@
-import {
-  IsEmail,
-  IsInt,
-  IsNotEmpty,
-  IsOptional,
-  IsPhoneNumber,
-
-  IsString
-} from "class-validator";
-import { Column, Entity, OneToMany, PrimaryGeneratedColumn } from "typeorm";
-import { config } from '../../config';
-import { ResponseGroupContact } from '../responses/ResponseGroupContact';
-import { Address } from "./Address";
-import { RunnerGroup } from "./RunnerGroup";
+import {
+  IsEmail,
+  IsInt,
+  IsNotEmpty,
+  IsOptional,
+  IsPhoneNumber,
+
+  IsPositive,
+
+  IsString
+} from "class-validator";
+import { BeforeInsert, BeforeUpdate, Column, Entity, OneToMany, PrimaryGeneratedColumn } from "typeorm";
+import { config } from '../../config';
+import { ResponseGroupContact } from '../responses/ResponseGroupContact';
+import { Address } from "./Address";
+import type { RunnerGroup } from "./RunnerGroup";
 
 /**
  * Defines the GroupContact entity.
@@ -75,11 +77,32 @@ export class GroupContact {
   @IsEmail()
   email?: string;
 
-  /**
-    * Used to link contacts to groups.
-    */
-  @OneToMany(() => RunnerGroup, group => group.contact, { nullable: true })
-  groups: RunnerGroup[];
+  /**
+    * Used to link contacts to groups.
+    */
+  @OneToMany(() => require("./RunnerGroup").RunnerGroup, (group: RunnerGroup) => group.contact, { nullable: true })
+  groups!: RunnerGroup[];
+
+  @Column({ type: 'bigint', nullable: true, readonly: true })
+  @IsInt()
+  @IsPositive()
+  created_at: number;
+
+  @Column({ type: 'bigint', nullable: true })
+  @IsInt()
+  @IsPositive()
+  updated_at: number;
+
+  @BeforeInsert()
+  public setCreatedAt() {
+    this.created_at = Math.floor(Date.now() / 1000);
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
+
+  @BeforeUpdate()
+  public setUpdatedAt() {
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
 
   /**
    * Turns this entity into it's response class.

src/models/entities/Participant.ts

@@ -5,20 +5,23 @@ import {
   IsOptional,
   IsPhoneNumber,
 
+  IsPositive,
+
   IsString
 } from "class-validator";
-import { Column, Entity, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
+import { BeforeInsert, BeforeUpdate, Column, Entity, Index, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
 import { config } from '../../config';
 import { ResponseParticipant } from '../responses/ResponseParticipant';
 import { Address } from "./Address";
 
-/**
- * Defines the Participant entity.
- * Participans can donate and therefor be associated with donation entities.
-*/
-@Entity()
-@TableInheritance({ column: { name: "type", type: "varchar" } })
-export abstract class Participant {
+/**
+ * Defines the Participant entity.
+ * Participans can donate and therefor be associated with donation entities.
+ */
+@Entity()
+@TableInheritance({ column: { name: "type", type: "varchar" } })
+@Index(['email'])
+export abstract class Participant {
   /**
    * Autogenerated unique id (primary key).
    */
@@ -75,6 +78,35 @@ export abstract class Participant {
   @IsEmail()
   email?: string;
 
+  /**
+   * how the participant got into the system
+   */
+  @Column({ nullable: true, default: "backend" })
+  @IsOptional()
+  @IsString()
+  created_via?: string;
+
+  @Column({ type: 'bigint', nullable: true, readonly: true })
+  @IsInt()
+  @IsPositive()
+  created_at: number;
+
+  @Column({ type: 'bigint', nullable: true })
+  @IsInt()
+  @IsPositive()
+  updated_at: number;
+
+  @BeforeInsert()
+  public setCreatedAt() {
+    this.created_at = Math.floor(Date.now() / 1000);
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
+
+  @BeforeUpdate()
+  public setUpdatedAt() {
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
+
   /**
    * Turns this entity into it's response class.
    */

src/models/entities/Permission.ts

@@ -1,13 +1,14 @@
 import {
   IsEnum,
   IsInt,
-  IsNotEmpty
+  IsNotEmpty,
+  IsPositive
 } from "class-validator";
-import { Column, Entity, ManyToOne, PrimaryGeneratedColumn } from "typeorm";
+import { BeforeInsert, BeforeUpdate, Column, Entity, ManyToOne, PrimaryGeneratedColumn } from "typeorm";
 import { PermissionAction } from '../enums/PermissionAction';
 import { PermissionTarget } from '../enums/PermissionTargets';
 import { ResponsePermission } from '../responses/ResponsePermission';
-import { Principal } from './Principal';
+import type { Principal } from './Principal';
 /**
  * Defines the Permission entity.
  * Permissions can be granted to principals.
@@ -25,8 +26,8 @@ export class Permission {
   /**
    * The permission's principal.
    */
-  @ManyToOne(() => Principal, principal => principal.permissions)
-  principal: Principal;
+  @ManyToOne(() => require("./Principal").Principal, (principal: Principal) => principal.permissions)
+  principal!: Principal;
 
   /**
    * The permission's target.
@@ -45,6 +46,27 @@ export class Permission {
   @IsEnum(PermissionAction)
   action: PermissionAction;
 
+  @Column({ type: 'bigint', nullable: true, readonly: true })
+  @IsInt()
+  @IsPositive()
+  created_at: number;
+
+  @Column({ type: 'bigint', nullable: true })
+  @IsInt()
+  @IsPositive()
+  updated_at: number;
+
+  @BeforeInsert()
+  public setCreatedAt() {
+    this.created_at = Math.floor(Date.now() / 1000);
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
+
+  @BeforeUpdate()
+  public setUpdatedAt() {
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
+
   /**
    * Turn this into a string for exporting and jwts.
    * Mainly used to shrink the size of jwts (otherwise the would contain entire objects).

src/models/entities/Principal.ts

@@ -1,7 +1,7 @@
-import { IsInt } from 'class-validator';
-import { Entity, OneToMany, PrimaryGeneratedColumn, TableInheritance } from 'typeorm';
+import { IsInt, IsPositive } from 'class-validator';
+import { BeforeInsert, BeforeUpdate, Column, Entity, OneToMany, PrimaryGeneratedColumn, TableInheritance } from 'typeorm';
 import { ResponsePrincipal } from '../responses/ResponsePrincipal';
-import { Permission } from './Permission';
+import type { Permission } from './Permission';
 
 /**
  * Defines the principal entity.
@@ -20,8 +20,29 @@ export abstract class Principal {
   /**
   * The participant's permissions.
   */
-  @OneToMany(() => Permission, permission => permission.principal, { nullable: true })
-  permissions: Permission[];
+  @OneToMany(() => require("./Permission").Permission, (permission: Permission) => permission.principal, { nullable: true })
+  permissions!: Permission[];
+
+  @Column({ type: 'bigint', nullable: true, readonly: true })
+  @IsInt()
+  @IsPositive()
+  created_at: number;
+
+  @Column({ type: 'bigint', nullable: true })
+  @IsInt()
+  @IsPositive()
+  updated_at: number;
+
+  @BeforeInsert()
+  public setCreatedAt() {
+    this.created_at = Math.floor(Date.now() / 1000);
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
+
+  @BeforeUpdate()
+  public setUpdatedAt() {
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
 
   /**
    * Turns this entity into it's response class.

src/models/entities/Runner.ts

@@ -1,18 +1,19 @@
 import { IsInt, IsNotEmpty, IsOptional, IsString } from "class-validator";
-import { ChildEntity, Column, ManyToOne, OneToMany } from "typeorm";
+import { ChildEntity, Column, Index, ManyToOne, OneToMany } from "typeorm";
 import { ResponseRunner } from '../responses/ResponseRunner';
-import { DistanceDonation } from "./DistanceDonation";
+import type { DistanceDonation } from "./DistanceDonation";
 import { Participant } from "./Participant";
-import { RunnerCard } from "./RunnerCard";
+import type { RunnerCard } from "./RunnerCard";
 import { RunnerGroup } from "./RunnerGroup";
-import { Scan } from "./Scan";
+import type { Scan } from "./Scan";
 
 /**
  * Defines the runner entity.
  * Runners differ from participants in being able to actually accumulate a ran distance through scans.
  * Runner's get organized in groups.
-*/
+ */
 @ChildEntity()
+@Index(['group'])
 export class Runner extends Participant {
   /**
    * The runner's associated group.
@@ -26,22 +27,22 @@ export class Runner extends Participant {
    * The runner's associated distanceDonations.
    * Used to link runners to distanceDonations in order to calculate the donation's amount based on the distance the runner ran.
    */
-  @OneToMany(() => DistanceDonation, distanceDonation => distanceDonation.runner, { nullable: true })
-  distanceDonations: DistanceDonation[];
+  @OneToMany(() => require("./DistanceDonation").DistanceDonation, (distanceDonation: DistanceDonation) => distanceDonation.runner, { nullable: true })
+  distanceDonations!: DistanceDonation[];
 
   /**
    * The runner's associated cards.
    * Used to link runners to cards - yes a runner be associated with multiple cards this came in handy in the past.
    */
-  @OneToMany(() => RunnerCard, card => card.runner, { nullable: true })
-  cards: RunnerCard[];
+  @OneToMany(() => require("./RunnerCard").RunnerCard, (card: RunnerCard) => card.runner, { nullable: true })
+  cards!: RunnerCard[];
 
   /**
    * The runner's associated scans.
    * Used to link runners to scans (valid and fraudulant).
    */
-  @OneToMany(() => Scan, scan => scan.runner, { nullable: true })
-  scans: Scan[];
+  @OneToMany(() => require("./Scan").Scan, (scan: Scan) => scan.runner, { nullable: true })
+  scans!: Scan[];
 
   /**
   * The last time the runner requested a selfservice link.
@@ -57,7 +58,10 @@ export class Runner extends Participant {
    * This is implemented here to avoid duplicate code in other files.
    */
   public get validScans(): Scan[] {
-    return this.scans.filter(scan => scan.valid == true);
+    if (this.scans) {
+      return this.scans.filter(scan => scan.valid == true);
+    }
+    return []
   }
 
   /**
@@ -81,6 +85,6 @@ export class Runner extends Participant {
    * Turns this entity into it's response class.
    */
   public toResponse(): ResponseRunner {
-    return new ResponseRunner(this);
+    return new ResponseRunner(this, true);
   }
 }

src/models/entities/RunnerCard.ts

@@ -3,20 +3,23 @@ import {
 
   IsInt,
 
-  IsOptional
+  IsOptional,
+  IsPositive
 } from "class-validator";
-import { Column, Entity, ManyToOne, OneToMany, PrimaryGeneratedColumn } from "typeorm";
+import { BeforeInsert, BeforeUpdate, Column, Entity, Index, ManyToOne, OneToMany, PrimaryGeneratedColumn } from "typeorm";
 import { RunnerCardIdOutOfRangeError } from '../../errors/RunnerCardErrors';
 import { ResponseRunnerCard } from '../responses/ResponseRunnerCard';
-import { Runner } from "./Runner";
-import { TrackScan } from "./TrackScan";
+import type { Runner } from "./Runner";
+import type { TrackScan } from "./TrackScan";
 
 /**
  * Defines the RunnerCard entity.
  * A runnerCard is a physical representation for a runner.
  * It can be associated with a runner to create scans via the scan station's.
-*/
+ */
 @Entity()
+@Index(['runner'])
+@Index(['enabled'])
 export class RunnerCard {
   /**
    * Autogenerated unique id (primary key).
@@ -30,8 +33,8 @@ export class RunnerCard {
    * To increase reusability a card can be reassigned.
    */
   @IsOptional()
-  @ManyToOne(() => Runner, runner => runner.cards, { nullable: true })
-  runner: Runner;
+  @ManyToOne(() => require("./Runner").Runner, (runner: Runner) => runner.cards, { nullable: true })
+  runner!: Runner;
 
   /**
    * Is the card enabled (for fraud reasons)?
@@ -45,20 +48,35 @@ export class RunnerCard {
    * The card's associated scans.
    * Used to link cards to track scans.
    */
-  @OneToMany(() => TrackScan, scan => scan.track, { nullable: true })
-  scans: TrackScan[];
+  @OneToMany(() => require("./TrackScan").TrackScan, (scan: TrackScan) => scan.card, { nullable: true })
+  scans!: TrackScan[];
+
+  @Column({ type: 'bigint', nullable: true, readonly: true })
+  @IsInt()
+  @IsPositive()
+  created_at: number;
+
+  @Column({ type: 'bigint', nullable: true })
+  @IsInt()
+  @IsPositive()
+  updated_at: number;
+
+  @BeforeInsert()
+  public setCreatedAt() {
+    this.created_at = Math.floor(Date.now() / 1000);
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
+
+  @BeforeUpdate()
+  public setUpdatedAt() {
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
 
   /**
    * Generates a ean-13 compliant string for barcode generation.
    */
   public get code(): string {
-    const multiply = [1, 3];
-    let total = 0;
-    this.paddedId.split('').forEach((letter, index) => {
-      total += parseInt(letter, 10) * multiply[index % 2];
-    });
-    const checkSum = (Math.ceil(total / 10) * 10) - total;
-    return this.paddedId + checkSum.toString();
+    return this.paddedId
   }
 
   /**
@@ -67,10 +85,11 @@ export class RunnerCard {
   private get paddedId(): string {
     let id: string = this.id.toString();
 
-    if (id.length > 12) {
+    if (id.length > 11) {
       throw new RunnerCardIdOutOfRangeError();
     }
-    while (id.length < 12) { id = '0' + id; }
+    while (id.length < 11) { id = '0' + id; }
+    id = '2' + id;
 
     return id;
   }

src/models/entities/RunnerGroup.ts

@@ -2,12 +2,13 @@ import {
   IsInt,
   IsNotEmpty,
   IsOptional,
+  IsPositive,
   IsString
 } from "class-validator";
-import { Column, Entity, ManyToOne, OneToMany, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
+import { BeforeInsert, BeforeUpdate, Column, Entity, ManyToOne, OneToMany, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
 import { ResponseRunnerGroup } from '../responses/ResponseRunnerGroup';
 import { GroupContact } from "./GroupContact";
-import { Runner } from "./Runner";
+import type { Runner } from "./Runner";
 
 /**
  * Defines the RunnerGroup entity.
@@ -43,14 +44,38 @@ export abstract class RunnerGroup {
    * The group's associated runners.
    * Used to link runners to a runner group.
    */
-  @OneToMany(() => Runner, runner => runner.group, { nullable: true })
-  runners: Runner[];
+  @OneToMany(() => require("./Runner").Runner, (runner: Runner) => runner.group, { nullable: true })
+  runners!: Runner[];
+
+  @Column({ type: 'bigint', nullable: true, readonly: true })
+  @IsInt()
+  @IsPositive()
+  created_at: number;
+
+  @Column({ type: 'bigint', nullable: true })
+  @IsInt()
+  @IsPositive()
+  updated_at: number;
+
+  @BeforeInsert()
+  public setCreatedAt() {
+    this.created_at = Math.floor(Date.now() / 1000);
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
+
+  @BeforeUpdate()
+  public setUpdatedAt() {
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
 
   /**
    * Returns the total distance ran by this group's runners based on all their valid scans.
   */
   @IsInt()
   public get distance(): number {
+    if (!this.runners || this.runners.length == 0) {
+      return 0;
+    }
     return this.runners.reduce((sum, current) => sum + current.distance, 0);
   }
 

src/models/entities/RunnerOrganization.ts

@@ -4,7 +4,7 @@ import { ResponseRunnerOrganization } from '../responses/ResponseRunnerOrganizat
 import { Address } from './Address';
 import { Runner } from './Runner';
 import { RunnerGroup } from "./RunnerGroup";
-import { RunnerTeam } from "./RunnerTeam";
+import type { RunnerTeam } from "./RunnerTeam";
 
 /**
  * Defines the RunnerOrganization entity.
@@ -24,8 +24,8 @@ export class RunnerOrganization extends RunnerGroup {
    * The organization's teams.
    * Used to link teams to a organization.
    */
-  @OneToMany(() => RunnerTeam, team => team.parentGroup, { nullable: true })
-  teams: RunnerTeam[];
+  @OneToMany(() => require("./RunnerTeam").RunnerTeam, (team: RunnerTeam) => team.parentGroup, { nullable: true })
+  teams!: RunnerTeam[];
 
   /**
    * The organization's api key for self-service registration.

src/models/entities/RunnerTeam.ts

@@ -1,14 +1,15 @@
 import { IsNotEmpty } from "class-validator";
-import { ChildEntity, ManyToOne } from "typeorm";
+import { ChildEntity, Index, ManyToOne } from "typeorm";
 import { ResponseRunnerTeam } from '../responses/ResponseRunnerTeam';
 import { RunnerGroup } from "./RunnerGroup";
-import { RunnerOrganization } from "./RunnerOrganization";
+import type { RunnerOrganization } from "./RunnerOrganization";
 
 /**
  * Defines the RunnerTeam entity.
  * This usually is a school class or department in a company.
-*/
+ */
 @ChildEntity()
+@Index(['parentGroup'])
 export class RunnerTeam extends RunnerGroup {
 
   /**
@@ -16,7 +17,7 @@ export class RunnerTeam extends RunnerGroup {
    * Every team has to be part of a runnerOrganization - this get's checked on creation and update.
    */
   @IsNotEmpty()
-  @ManyToOne(() => RunnerOrganization, org => org.teams, { nullable: true })
+  @ManyToOne(() => require("./RunnerOrganization").RunnerOrganization, (org: RunnerOrganization) => org.teams, { nullable: true })
   parentGroup?: RunnerOrganization;
 
   /**

src/models/entities/Scan.ts

@@ -5,16 +5,19 @@ import {
 
   IsPositive
 } from "class-validator";
-import { Column, Entity, ManyToOne, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
+import { BeforeInsert, BeforeUpdate, Column, Entity, Index, ManyToOne, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
 import { ResponseScan } from '../responses/ResponseScan';
-import { Runner } from "./Runner";
+import type { Runner } from "./Runner";
 
 /**
  * Defines the Scan entity.
  * A scan basicly adds a certain distance to a runner's total ran distance.
-*/
+ */
 @Entity()
 @TableInheritance({ column: { name: "type", type: "varchar" } })
+@Index(['runner'])
+@Index(['runner', 'created_at'])
+@Index(['valid'])
 export class Scan {
   /**
    * Autogenerated unique id (primary key).
@@ -28,8 +31,8 @@ export class Scan {
    * This is important to link ran distances to runners.
    */
   @IsNotEmpty()
-  @ManyToOne(() => Runner, runner => runner.scans, { nullable: false })
-  runner: Runner;
+  @ManyToOne(() => require("./Runner").Runner, (runner: Runner) => runner.scans, { nullable: false })
+  runner!: Runner;
 
   /**
    * Is the scan valid (for fraud reasons).
@@ -40,6 +43,27 @@ export class Scan {
   @IsBoolean()
   valid: boolean = true;
 
+  @Column({ type: 'bigint', nullable: true, readonly: true })
+  @IsInt()
+  @IsPositive()
+  created_at: number;
+
+  @Column({ type: 'bigint', nullable: true })
+  @IsInt()
+  @IsPositive()
+  updated_at: number;
+
+  @BeforeInsert()
+  public setCreatedAt() {
+    this.created_at = Math.floor(Date.now() / 1000);
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
+
+  @BeforeUpdate()
+  public setUpdatedAt() {
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
+
   /**
    * The scan's distance in meters.
    * This is the "real" value used by "normal" scans..

src/models/entities/ScanStation.ts

@@ -3,18 +3,22 @@ import {
   IsInt,
   IsNotEmpty,
   IsOptional,
+  IsPositive,
   IsString
 } from "class-validator";
-import { Column, Entity, ManyToOne, OneToMany, PrimaryGeneratedColumn } from "typeorm";
+import { BeforeInsert, BeforeUpdate, Column, Entity, Index, ManyToOne, OneToMany, PrimaryGeneratedColumn } from "typeorm";
 import { ResponseScanStation } from '../responses/ResponseScanStation';
-import { Track } from "./Track";
-import { TrackScan } from "./TrackScan";
+import type { Track } from "./Track";
+import type { TrackScan } from "./TrackScan";
 
 /**
  * Defines the ScanStation entity.
  * ScanStations get used to create TrackScans for runners based on a scan of their runnerCard.
-*/
+ */
 @Entity()
+@Index(['track'])
+@Index(['prefix'])
+@Index(['enabled'])
 export class ScanStation {
   /**
    * Autogenerated unique id (primary key).
@@ -37,8 +41,8 @@ export class ScanStation {
    * All scans created by this station will also be associated with this track.
    */
   @IsNotEmpty()
-  @ManyToOne(() => Track, track => track.stations, { nullable: false })
-  track: Track;
+  @ManyToOne(() => require("./Track").Track, (track: Track) => track.stations, { nullable: false })
+  track!: Track;
 
   /**
    * The client's api key prefix.
@@ -68,8 +72,8 @@ export class ScanStation {
   /**
    * Used to link track scans to a scan station.
    */
-  @OneToMany(() => TrackScan, scan => scan.track, { nullable: true })
-  scans: TrackScan[];
+  @OneToMany(() => require("./TrackScan").TrackScan, (scan: TrackScan) => scan.station, { nullable: true })
+  scans!: TrackScan[];
 
   /**
   * Is this station enabled?
@@ -78,6 +82,27 @@ export class ScanStation {
   @IsBoolean()
   enabled?: boolean = true;
 
+  @Column({ type: 'bigint', nullable: true, readonly: true })
+  @IsInt()
+  @IsPositive()
+  created_at: number;
+
+  @Column({ type: 'bigint', nullable: true })
+  @IsInt()
+  @IsPositive()
+  updated_at: number;
+
+  @BeforeInsert()
+  public setCreatedAt() {
+    this.created_at = Math.floor(Date.now() / 1000);
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
+
+  @BeforeUpdate()
+  public setUpdatedAt() {
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
+
   /**
    * Turns this entity into it's response class.
    */

src/models/entities/StatsClient.ts

@@ -1,5 +1,5 @@
-import { IsInt, IsOptional, IsString } from "class-validator";
-import { Column, Entity, PrimaryGeneratedColumn } from "typeorm";
+import { IsInt, IsOptional, IsPositive, IsString } from "class-validator";
+import { BeforeInsert, BeforeUpdate, Column, Entity, PrimaryGeneratedColumn } from "typeorm";
 import { ResponseStatsClient } from '../responses/ResponseStatsClient';
 /**
  * Defines the StatsClient entity.
@@ -47,6 +47,27 @@ export class StatsClient {
     @IsOptional()
     cleartextkey?: string;
 
+    @Column({ type: 'bigint', nullable: true, readonly: true })
+    @IsInt()
+    @IsPositive()
+    created_at: number;
+
+    @Column({ type: 'bigint', nullable: true })
+    @IsInt()
+    @IsPositive()
+    updated_at: number;
+
+    @BeforeInsert()
+    public setCreatedAt() {
+        this.created_at = Math.floor(Date.now() / 1000);
+        this.updated_at = Math.floor(Date.now() / 1000);
+    }
+
+    @BeforeUpdate()
+    public setUpdatedAt() {
+        this.updated_at = Math.floor(Date.now() / 1000);
+    }
+
     /**
    * Turns this entity into it's response class.
    */

src/models/entities/Track.ts

@@ -5,10 +5,10 @@ import {
   IsPositive,
   IsString
 } from "class-validator";
-import { Column, Entity, OneToMany, PrimaryGeneratedColumn } from "typeorm";
+import { BeforeInsert, BeforeUpdate, Column, Entity, OneToMany, PrimaryGeneratedColumn } from "typeorm";
 import { ResponseTrack } from '../responses/ResponseTrack';
-import { ScanStation } from "./ScanStation";
-import { TrackScan } from "./TrackScan";
+import type { ScanStation } from "./ScanStation";
+import type { TrackScan } from "./TrackScan";
 
 /**
  * Defines the Track entity.
@@ -53,15 +53,36 @@ export class Track {
    * Used to link scan stations to a certain track.
    * This makes the configuration of the scan stations easier.
    */
-  @OneToMany(() => ScanStation, station => station.track, { nullable: true })
-  stations: ScanStation[];
+  @OneToMany(() => require("./ScanStation").ScanStation, (station: ScanStation) => station.track, { nullable: true })
+  stations!: ScanStation[];
 
   /**
    * Used to link track scans to a track.
    * The scan will derive it's distance from the track's distance.
    */
-  @OneToMany(() => TrackScan, scan => scan.track, { nullable: true })
-  scans: TrackScan[];
+  @OneToMany(() => require("./TrackScan").TrackScan, (scan: TrackScan) => scan.track, { nullable: true })
+  scans!: TrackScan[];
+
+  @Column({ type: 'bigint', nullable: true, readonly: true })
+  @IsInt()
+  @IsPositive()
+  created_at: number;
+
+  @Column({ type: 'bigint', nullable: true })
+  @IsInt()
+  @IsPositive()
+  updated_at: number;
+
+  @BeforeInsert()
+  public setCreatedAt() {
+    this.created_at = Math.floor(Date.now() / 1000);
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
+
+  @BeforeUpdate()
+  public setUpdatedAt() {
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
 
   /**
    * Turns this entity into it's response class.

src/models/entities/TrackScan.ts

@@ -6,42 +6,47 @@ import {
 
   IsPositive
 } from "class-validator";
-import { ChildEntity, Column, ManyToOne } from "typeorm";
+import { ChildEntity, Column, Index, ManyToOne } from "typeorm";
 import { ResponseTrackScan } from '../responses/ResponseTrackScan';
-import { RunnerCard } from "./RunnerCard";
+import type { RunnerCard } from "./RunnerCard";
 import { Scan } from "./Scan";
-import { ScanStation } from "./ScanStation";
-import { Track } from "./Track";
+import type { ScanStation } from "./ScanStation";
+import type { Track } from "./Track";
 
 /**
  * Defines the TrackScan entity.
  * A track scan usaually get's generated by a scan station.
-*/
+ */
 @ChildEntity()
+@Index(['track'])
+@Index(['card'])
+@Index(['station'])
+@Index(['timestamp'])
+@Index(['station', 'timestamp'])
 export class TrackScan extends Scan {
   /**
    * The scan's associated track.
    * This is used to determine the scan's distance.
    */
   @IsNotEmpty()
-  @ManyToOne(() => Track, track => track.scans, { nullable: true })
-  track: Track;
+  @ManyToOne(() => require("./Track").Track, (track: Track) => track.scans, { nullable: true })
+  track!: Track;
 
   /**
    * The runnerCard associated with the scan.
    * This get's saved for documentation and management purposes.
    */
   @IsNotEmpty()
-  @ManyToOne(() => RunnerCard, card => card.scans, { nullable: true })
-  card: RunnerCard;
+  @ManyToOne(() => require("./RunnerCard").RunnerCard, (card: RunnerCard) => card.scans, { nullable: true })
+  card!: RunnerCard;
 
   /**
    * The scanning station that created the scan.
    * Mainly used for logging and traceing back scans (or errors)
    */
   @IsNotEmpty()
-  @ManyToOne(() => ScanStation, station => station.scans, { nullable: true })
-  station: ScanStation;
+  @ManyToOne(() => require("./ScanStation").ScanStation, (station: ScanStation) => station.scans, { nullable: true })
+  station!: ScanStation;
 
   /**
    * The scan's distance in meters.

src/models/entities/User.ts

@@ -1,19 +1,20 @@
-import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl, IsUUID } from "class-validator";
-import { ChildEntity, Column, JoinTable, ManyToMany, OneToMany } from "typeorm";
-import { config } from '../../config';
-import { ResponsePrincipal } from '../responses/ResponsePrincipal';
-import { ResponseUser } from '../responses/ResponseUser';
-import { Permission } from './Permission';
-import { Principal } from './Principal';
-import { UserAction } from './UserAction';
-import { UserGroup } from './UserGroup';
+import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl, IsUUID } from "class-validator";
+import { ChildEntity, Column, Index, JoinTable, ManyToMany, OneToMany } from "typeorm";
+import { config } from '../../config';
+import { ResponsePrincipal } from '../responses/ResponsePrincipal';
+import { ResponseUser } from '../responses/ResponseUser';
+import { Permission } from './Permission';
+import { Principal } from './Principal';
+import type { UserAction } from './UserAction';
+import { UserGroup } from './UserGroup';
 
-/**
- * Defines the User entity.
- * Users are the ones that can use the "admin" webui and do stuff in the backend.
-*/
-@ChildEntity()
-export class User extends Principal {
+/**
+ * Defines the User entity.
+ * Users are the ones that can use the "admin" webui and do stuff in the backend.
+ */
+@ChildEntity()
+@Index(['enabled'])
+export class User extends Principal {
   /**
   * The user's uuid.
   * Mainly gets used as a per-user salt for the password hash.
@@ -124,11 +125,11 @@ export class User extends Principal {
 
   /**
    * The actions performed by this user.
-   * For documentation purposes only, will be implemented later.
-   */
-  @IsOptional()
-  @OneToMany(() => UserAction, action => action.user, { nullable: true })
-  actions: UserAction[]
+   * For documentation purposes only, will be implemented later.
+   */
+  @IsOptional()
+  @OneToMany(() => require("./UserAction").UserAction, (action: UserAction) => action.user, { nullable: true })
+  actions!: UserAction[]
 
   /**
    * Resolves all permissions granted to this user through groups.

src/models/entities/UserAction.ts

@@ -3,11 +3,12 @@ import {
   IsInt,
   IsNotEmpty,
   IsOptional,
+  IsPositive,
   IsString
 } from "class-validator";
-import { Column, Entity, ManyToOne, PrimaryGeneratedColumn } from "typeorm";
+import { BeforeInsert, BeforeUpdate, Column, Entity, ManyToOne, PrimaryGeneratedColumn } from "typeorm";
 import { PermissionAction } from '../enums/PermissionAction';
-import { User } from './User';
+import type { User } from './User';
 
 /**
  * Defines the UserAction entity.
@@ -25,8 +26,8 @@ export class UserAction {
   /**
    * The user that performed the action.
    */
-  @ManyToOne(() => User, user => user.actions)
-  user: User
+  @ManyToOne(() => require("./User").User, (user: User) => user.actions)
+  user!: User
 
   /**
    * The actions's target (e.g. Track#2)
@@ -53,6 +54,27 @@ export class UserAction {
   @IsString()
   changed: string;
 
+  @Column({ type: 'bigint', nullable: true, readonly: true })
+  @IsInt()
+  @IsPositive()
+  created_at: number;
+
+  @Column({ type: 'bigint', nullable: true })
+  @IsInt()
+  @IsPositive()
+  updated_at: number;
+
+  @BeforeInsert()
+  public setCreatedAt() {
+    this.created_at = Math.floor(Date.now() / 1000);
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
+
+  @BeforeUpdate()
+  public setUpdatedAt() {
+    this.updated_at = Math.floor(Date.now() / 1000);
+  }
+
   /**
    * Turns this entity into it's response class.
    */

src/models/entities/index.ts

@@ -0,0 +1,35 @@
+/**
+ * Entity barrel file for Bun compatibility.
+ * Imports all entities in the correct order to resolve circular dependencies.
+ */
+
+// Base/parent entities first
+export * from './Participant';
+export * from './Donation';
+export * from './Scan';
+
+// Child entities that depend on the above
+export * from './Runner';
+export * from './DistanceDonation';
+export * from './FixedDonation';
+export * from './TrackScan';
+
+// Entities with cross-references
+export * from './RunnerCard';
+export * from './RunnerGroup';
+export * from './RunnerOrganization';
+export * from './RunnerTeam';
+export * from './ScanStation';
+export * from './Track';
+
+// Independent entities
+export * from './Address';
+export * from './ConfigFlags';
+export * from './Donor';
+export * from './GroupContact';
+export * from './Permission';
+export * from './Principal';
+export * from './StatsClient';
+export * from './User';
+export * from './UserAction';
+export * from './UserGroup';

src/models/enums/DonationStatus.ts

@@ -0,0 +1,7 @@
+/**
+ * This enum contains all status a donation can inherit regarding it's payment status.
+ */
+export enum DonationStatus {
+    OPEN = 'OPEN',
+    PAID = 'PAID'
+}

src/models/enums/ResponseObjectType.ts

@@ -35,4 +35,5 @@ export enum ResponseObjectType {
     USER = 'USER',
     USERGROUP = 'USERGROUP',
     USERPERMISSIONS = 'USERPERMISSIONS',
+    SELFSERVICEDONOR = 'SELFSERVICEDONOR'
 }

src/models/responses/ResponseAnonymousDonation.ts

@@ -0,0 +1,68 @@
+import { IsInt, IsPositive } from "class-validator";
+import { Donation } from '../entities/Donation';
+import { DonationStatus } from '../enums/DonationStatus';
+import { ResponseObjectType } from '../enums/ResponseObjectType';
+import { IResponse } from './IResponse';
+
+/**
+ * Defines the donation response.
+*/
+export class ResponseAnonymousDonation implements IResponse {
+
+    /**
+    * The responseType.
+    * This contains the type of class/entity this response contains.
+    */
+    responseType: ResponseObjectType = ResponseObjectType.DONATION;
+
+    /**
+    * The donation's payment status.
+    * Provides you with a quick indicator of it's payment status.
+    */
+    status: DonationStatus;
+
+    /**
+     * The donation's id.
+     */
+    @IsInt()
+    @IsPositive()
+    id: number;
+
+    /**
+     * The donation's amount in the smalles unit of your currency (default: euro cent).
+     */
+    @IsInt()
+    amount: number;
+
+    /**
+     * The donation's paid amount in the smalles unit of your currency (default: euro cent).
+     */
+    @IsInt()
+    paidAmount: number;
+
+    @IsInt()
+    @IsPositive()
+    created_at: number;
+
+    @IsInt()
+    @IsPositive()
+    updated_at: number;
+
+    /**
+     * Creates a ResponseDonation object from a scan.
+     * @param donation The donation the response shall be build for.
+     */
+    public constructor(donation: Donation) {
+        this.id = donation.id;
+        this.amount = donation.amount;
+        this.paidAmount = donation.paidAmount || 0;
+        if (this.paidAmount < this.amount) {
+            this.status = DonationStatus.OPEN;
+        }
+        else {
+            this.status = DonationStatus.PAID;
+        }
+        this.created_at = donation.created_at;
+        this.updated_at = donation.updated_at;
+    }
+}

src/models/responses/ResponseDonation.ts

@@ -1,8 +1,9 @@
 import { IsInt, IsNotEmpty, IsPositive } from "class-validator";
 import { Donation } from '../entities/Donation';
+import { DonationStatus } from '../enums/DonationStatus';
 import { ResponseObjectType } from '../enums/ResponseObjectType';
 import { IResponse } from './IResponse';
-import { ResponseDonor } from './ResponseDonor';
+import type { ResponseDonor } from './ResponseDonor';
 
 /**
  * Defines the donation response.
@@ -15,6 +16,12 @@ export class ResponseDonation implements IResponse {
     */
     responseType: ResponseObjectType = ResponseObjectType.DONATION;
 
+    /**
+    * The donation's payment status.
+    * Provides you with a quick indicator of it's payment status.
+    */
+    status: DonationStatus;
+
     /**
      * The donation's id.
      */
@@ -26,7 +33,7 @@ export class ResponseDonation implements IResponse {
      * The donation's donor.
      */
     @IsNotEmpty()
-    donor: ResponseDonor;
+    donor?: ResponseDonor;
 
     /**
      * The donation's amount in the smalles unit of your currency (default: euro cent).
@@ -34,13 +41,38 @@ export class ResponseDonation implements IResponse {
     @IsInt()
     amount: number;
 
+    /**
+     * The donation's paid amount in the smalles unit of your currency (default: euro cent).
+     */
+    @IsInt()
+    paidAmount: number;
+
+    @IsInt()
+    @IsPositive()
+    created_at: number;
+
+    @IsInt()
+    @IsPositive()
+    updated_at: number;
+
     /**
      * Creates a ResponseDonation object from a scan.
      * @param donation The donation the response shall be build for.
      */
     public constructor(donation: Donation) {
         this.id = donation.id;
-        this.donor = donation.donor.toResponse();
+        if (donation.donor) {
+            this.donor = donation.donor.toResponse();
+        }
         this.amount = donation.amount;
+        this.paidAmount = donation.paidAmount || 0;
+        if (this.paidAmount < this.amount) {
+            this.status = DonationStatus.OPEN;
+        }
+        else {
+            this.status = DonationStatus.PAID;
+        }
+        this.created_at = donation.created_at;
+        this.updated_at = donation.updated_at;
     }
 }

src/models/responses/ResponseDonor.ts

@@ -4,6 +4,7 @@ import {
 import { Donor } from '../entities/Donor';
 import { ResponseObjectType } from '../enums/ResponseObjectType';
 import { IResponse } from './IResponse';
+import type { ResponseDonation } from './ResponseDonation';
 import { ResponseParticipant } from './ResponseParticipant';
 
 /**
@@ -28,6 +29,14 @@ export class ResponseDonor extends ResponseParticipant implements IResponse {
     @IsInt()
     donationAmount: number;
 
+    /**
+    * Returns the total paid donations of a donor based on his linked donations.
+    */
+    @IsInt()
+    paidDonationAmount: number;
+
+    donations?: Array<ResponseDonation>;
+
     /**
      * Creates a ResponseRunner object from a runner.
      * @param runner The user the response shall be build for.
@@ -36,5 +45,13 @@ export class ResponseDonor extends ResponseParticipant implements IResponse {
         super(donor);
         this.receiptNeeded = donor.receiptNeeded;
         this.donationAmount = donor.donationAmount;
+        this.paidDonationAmount = donor.paidDonationAmount;
+        const ResponseDonation = require('./ResponseDonation').ResponseDonation;
+        this.donations = new Array<ResponseDonation>();
+        if (donor.donations?.length > 0) {
+            for (const donation of donor.donations) {
+                this.donations.push(donation.toResponse())
+            }
+        }
     }
 }

src/models/responses/ResponseGroupContact.ts

@@ -1,4 +1,4 @@
-import { IsInt, IsObject, IsString } from "class-validator";
+import { IsInt, IsObject, IsPositive, IsString } from "class-validator";
 import { Address } from '../entities/Address';
 import { GroupContact } from '../entities/GroupContact';
 import { ResponseObjectType } from '../enums/ResponseObjectType';
@@ -64,6 +64,14 @@ export class ResponseGroupContact implements IResponse {
     @IsObject()
     address?: Address;
 
+    @IsInt()
+    @IsPositive()
+    created_at: number;
+
+    @IsInt()
+    @IsPositive()
+    updated_at: number;
+
     /**
      * Creates a ResponseGroupContact object from a contact.
      * @param contact The contact the response shall be build for.
@@ -82,5 +90,7 @@ export class ResponseGroupContact implements IResponse {
                 this.groups.push(group.toResponse());
             }
         }
+        this.created_at = contact.created_at;
+        this.updated_at = contact.updated_at;
     }
 }

src/models/responses/ResponseParticipant.ts

@@ -1,4 +1,4 @@
-import { IsInt, IsObject, IsOptional, IsString } from "class-validator";
+import { IsInt, IsObject, IsOptional, IsPositive, IsString } from "class-validator";
 import { Address } from '../entities/Address';
 import { Participant } from '../entities/Participant';
 import { ResponseObjectType } from '../enums/ResponseObjectType';
@@ -50,6 +50,12 @@ export abstract class ResponseParticipant implements IResponse {
     @IsString()
     email?: string;
 
+    /**
+     * how the participant got into the system
+     */
+    @IsString()
+    created_via?: string;
+
     /**
      * The participant's address.
      */
@@ -57,6 +63,14 @@ export abstract class ResponseParticipant implements IResponse {
     @IsObject()
     address?: Address;
 
+    @IsInt()
+    @IsPositive()
+    created_at: number;
+
+    @IsInt()
+    @IsPositive()
+    updated_at: number;
+
     /**
      * Creates a ResponseParticipant object from a participant.
      * @param participant The participant the response shall be build for.
@@ -64,10 +78,13 @@ export abstract class ResponseParticipant implements IResponse {
     public constructor(participant: Participant) {
         this.id = participant.id;
         this.firstname = participant.firstname;
+        this.created_via = participant.created_via;
         this.middlename = participant.middlename;
         this.lastname = participant.lastname;
         this.phone = participant.phone;
         this.email = participant.email;
         this.address = participant.address;
+        this.created_at = participant.created_at;
+        this.updated_at = participant.updated_at;
     }
 }

src/models/responses/ResponsePermission.ts

@@ -2,7 +2,8 @@ import {
     IsEnum,
     IsInt,
     IsNotEmpty,
-    IsObject
+    IsObject,
+    IsPositive
 } from "class-validator";
 import { Permission } from '../entities/Permission';
 import { PermissionAction } from '../enums/PermissionAction';
@@ -48,6 +49,14 @@ export class ResponsePermission implements IResponse {
     @IsEnum(PermissionAction)
     action: PermissionAction;
 
+    @IsInt()
+    @IsPositive()
+    created_at: number;
+
+    @IsInt()
+    @IsPositive()
+    updated_at: number;
+
     /**
      * Creates a ResponsePermission object from a permission.
      * @param permission The permission the response shall be build for.
@@ -57,5 +66,7 @@ export class ResponsePermission implements IResponse {
         this.principal = permission.principal.toResponse();
         this.target = permission.target;
         this.action = permission.action;
+        this.created_at = permission.created_at;
+        this.updated_at = permission.updated_at;
     }
 }

src/models/responses/ResponsePrincipal.ts

@@ -1,5 +1,6 @@
 import {
-    IsInt
+    IsInt,
+    IsPositive
 } from "class-validator";
 import { Principal } from '../entities/Principal';
 import { ResponseObjectType } from '../enums/ResponseObjectType';
@@ -22,11 +23,21 @@ export abstract class ResponsePrincipal implements IResponse {
     @IsInt()
     id: number;
 
+    @IsInt()
+    @IsPositive()
+    created_at: number;
+
+    @IsInt()
+    @IsPositive()
+    updated_at: number;
+
     /**
      * Creates a ResponsePrincipal object from a principal.
      * @param principal The principal the response shall be build for.
      */
     public constructor(principal: Principal) {
         this.id = principal.id;
+        this.created_at = principal.created_at;
+        this.updated_at = principal.updated_at;
     }
 }

src/models/responses/ResponseRunner.ts

@@ -1,7 +1,10 @@
 import {
     IsInt,
-    IsObject
+    IsObject,
+    IsOptional,
+    IsString
 } from "class-validator";
+import { JwtCreator } from '../../jwtcreator';
 import { Runner } from '../entities/Runner';
 import { ResponseObjectType } from '../enums/ResponseObjectType';
 import { IResponse } from './IResponse';
@@ -24,20 +27,43 @@ export class ResponseRunner extends ResponseParticipant implements IResponse {
     @IsInt()
     distance: number;
 
+    /**
+     * The runner's current donation amount based on distance.
+     * Only available for queries for single runners.
+     */
+    @IsInt()
+    donationAmount: number;
+
     /**
      * The runner's group.
      */
     @IsObject()
     group: ResponseRunnerGroup;
 
+    /**
+     * A selfservice link for our new runner.
+     */
+    @IsOptional()
+    @IsString()
+    selfserviceLink: string;
+
     /**
      * Creates a ResponseRunner object from a runner.
      * @param runner The user the response shall be build for.
      */
-    public constructor(runner: Runner) {
+    public constructor(runner: Runner, generateSelfServiceLink: boolean = false) {
         super(runner);
         if (!runner.scans) { this.distance = 0 }
         else { this.distance = runner.validScans.reduce((sum, current) => sum + current.distance, 0); }
         if (runner.group) { this.group = runner.group.toResponse(); }
+
+        if (runner.distanceDonations) {
+            this.donationAmount = runner.distanceDonations.reduce((sum, current) => sum + (current.amountPerDistance * runner.distance / 1000), 0);
+        }
+
+        if (generateSelfServiceLink) {
+            const token = JwtCreator.createSelfService(runner);
+            this.selfserviceLink = `${process.env.SELFSERVICE_URL}/profile/${token}`;
+        }
     }
 }

src/models/responses/ResponseRunnerCard.ts

@@ -1,4 +1,4 @@
-import { IsBoolean, IsEAN, IsInt, IsNotEmpty, IsObject, IsString } from "class-validator";
+import { IsBoolean, IsEAN, IsInt, IsNotEmpty, IsObject, IsPositive, IsString } from "class-validator";
 import { RunnerCard } from '../entities/RunnerCard';
 import { ResponseObjectType } from '../enums/ResponseObjectType';
 import { IResponse } from './IResponse';
@@ -42,6 +42,14 @@ export class ResponseRunnerCard implements IResponse {
     @IsBoolean()
     enabled: boolean = true;
 
+    @IsInt()
+    @IsPositive()
+    created_at: number;
+
+    @IsInt()
+    @IsPositive()
+    updated_at: number;
+
     /**
      * Creates a ResponseRunnerCard object from a runner card.
      * @param card The card the response shall be build for.
@@ -57,5 +65,7 @@ export class ResponseRunnerCard implements IResponse {
         }
 
         this.enabled = card.enabled;
+        this.created_at = card.created_at;
+        this.updated_at = card.updated_at;
     }
 }

src/models/responses/ResponseRunnerGroup.ts

@@ -1,4 +1,4 @@
-import { IsInt, IsNotEmpty, IsObject, IsOptional, IsString } from "class-validator";
+import { IsInt, IsNotEmpty, IsNumber, IsObject, IsOptional, IsPositive, IsString } from "class-validator";
 import { RunnerGroup } from '../entities/RunnerGroup';
 import { ResponseObjectType } from '../enums/ResponseObjectType';
 import { IResponse } from './IResponse';
@@ -36,6 +36,18 @@ export abstract class ResponseRunnerGroup implements IResponse {
     @IsOptional()
     contact?: ResponseGroupContact;
 
+    @IsOptional()
+    @IsNumber()
+    total_distance: number
+
+    @IsInt()
+    @IsPositive()
+    created_at: number;
+
+    @IsInt()
+    @IsPositive()
+    updated_at: number;
+
     /**
      * Creates a ResponseRunnerGroup object from a runnerGroup.
      * @param group The runnerGroup the response shall be build for.
@@ -44,5 +56,8 @@ export abstract class ResponseRunnerGroup implements IResponse {
         this.id = group.id;
         this.name = group.name;
         if (group.contact) { this.contact = group.contact.toResponse(); };
+        if (group.runners) { this.total_distance = group.runners.reduce((p, c) => p + c.distance, 0) }
+        this.created_at = group.created_at;
+        this.updated_at = group.updated_at;
     }
 }

src/models/responses/ResponseRunnerOrganization.ts

@@ -14,7 +14,7 @@ import { RunnerOrganization } from '../entities/RunnerOrganization';
 import { ResponseObjectType } from '../enums/ResponseObjectType';
 import { IResponse } from './IResponse';
 import { ResponseRunnerGroup } from './ResponseRunnerGroup';
-import { ResponseRunnerTeam } from './ResponseRunnerTeam';
+import type { ResponseRunnerTeam } from './ResponseRunnerTeam';
 
 /**
  * Defines the runnerOrganization response.
@@ -37,7 +37,7 @@ export class ResponseRunnerOrganization extends ResponseRunnerGroup implements I
      * The runnerOrganization associated teams.
      */
     @IsArray()
-    teams: ResponseRunnerTeam[];
+    teams?: ResponseRunnerTeam[];
 
     /**
      * The organization's registration key.
@@ -62,11 +62,15 @@ export class ResponseRunnerOrganization extends ResponseRunnerGroup implements I
     public constructor(org: RunnerOrganization) {
         super(org);
         this.address = org.address;
+        const ResponseRunnerTeam = require('./ResponseRunnerTeam').ResponseRunnerTeam;
         this.teams = new Array<ResponseRunnerTeam>();
         if (org.teams) {
             for (let team of org.teams) {
                 this.teams.push(team.toResponse());
             }
+            for (const team of this.teams) {
+                this.total_distance += team.total_distance;
+            }
         }
 
         if (!org.key) { this.registrationEnabled = false; }