// @ts-nocheck — route controller converted to .cts; handler req/res typed, full type-check deferred (thin glue over typed services). import type { Req, Res, Next } from '../types/http'; const express = require('express'); const { ValidationError, NotFoundError, ConflictError } = require('../utils/apiError.cts'); const router = express.Router(); const { getDb, ensureUserDefaultCategories } = require('../db/database.cts'); const { accountingActiveSql } = require('../services/paymentAccountingService.cts'); const { kysely, all } = require('../db/kysely.cts'); const { sql } = require('kysely'); // Maps a SQLite UNIQUE-constraint violation to a friendly 409; re-throws anything // else so the terminal handler returns a safe 500. function asConflict(e, message, field) { if (e.message?.includes('UNIQUE')) throw ConflictError(message, field); throw e; } // GET /api/categories router.get('/', (req: Req, res: Res) => { const db = getDb(); ensureUserDefaultCategories(req.user.id); const categories = db .prepare( ` SELECT id, user_id, name, sort_order, spending_enabled, group_id, created_at, updated_at FROM categories WHERE user_id = ? AND deleted_at IS NULL ORDER BY CASE WHEN sort_order IS NULL THEN 1 ELSE 0 END, sort_order ASC, name COLLATE NOCASE ASC `, ) .all(req.user.id); const billsByCategory = db.prepare(` SELECT b.id, b.category_id, b.name, b.active, b.expected_amount, b.due_day, COUNT(p.id) AS payment_count, COALESCE(SUM(p.amount), 0) AS total_paid, MAX(p.paid_date) AS last_paid_date FROM bills b LEFT JOIN payments p ON p.bill_id = b.id AND p.deleted_at IS NULL AND ${accountingActiveSql('p')} WHERE b.user_id = ? AND b.category_id = ? AND b.deleted_at IS NULL GROUP BY b.id ORDER BY b.active DESC, b.due_day ASC, b.name COLLATE NOCASE ASC `); const shaped = categories.map((category) => { const bills = billsByCategory.all(req.user.id, category.id).map((bill) => ({ ...bill, active: !!bill.active, payment_count: Number(bill.payment_count || 0), total_paid: Number(bill.total_paid || 0), last_paid_date: bill.last_paid_date || null, })); const activeBillCount = bills.filter((bill) => bill.active).length; const inactiveBillCount = bills.length - activeBillCount; const paymentCount = bills.reduce((sum, bill) => sum + bill.payment_count, 0); return { ...category, spending_enabled: !!category.spending_enabled, bill_count: activeBillCount, active_bill_count: activeBillCount, inactive_bill_count: inactiveBillCount, payment_count: paymentCount, bill_names: bills.map((bill) => bill.name), bills, }; }); res.json(shaped); }); // PUT /api/categories/reorder router.put('/reorder', (req: Req, res: Res) => { const db = getDb(); const entries = Object.entries(req.body || {}).map(([categoryId, sortOrder]) => ({ categoryId: Number(categoryId), sortOrder: Number(sortOrder), })); if (entries.length === 0) { throw ValidationError('At least one category order is required', 'reorder'); } const invalid = entries.find( ({ categoryId, sortOrder }) => !Number.isInteger(categoryId) || categoryId <= 0 || !Number.isInteger(sortOrder) || sortOrder < 0, ); if (invalid) { throw ValidationError( 'Reorder payload must map category ids to non-negative integer positions', 'reorder', ); } const ids = entries.map((item) => item.categoryId); const placeholders = ids.map(() => '?').join(','); const owned = db .prepare( ` SELECT id FROM categories WHERE user_id = ? AND deleted_at IS NULL AND id IN (${placeholders}) `, ) .all(req.user.id, ...ids); if (owned.length !== ids.length) { throw NotFoundError('One or more categories were not found', 'category_id'); } const update = db.prepare( "UPDATE categories SET sort_order = ?, updated_at = datetime('now') WHERE id = ? AND user_id = ?", ); db.transaction((items) => { for (const item of items) update.run(item.sortOrder, item.categoryId, req.user.id); })(entries); res.json({ success: true }); }); // POST /api/categories router.post('/', (req: Req, res: Res) => { const db = getDb(); const { name } = req.body; if (!name) throw ValidationError('name is required', 'name'); try { const result = db .prepare('INSERT INTO categories (user_id, name) VALUES (?, ?)') .run(req.user.id, name.trim()); const created = db.prepare('SELECT * FROM categories WHERE id = ?').get(result.lastInsertRowid); res.status(201).json(created); } catch (e) { asConflict(e, 'Category already exists', 'name'); } }); // PUT /api/categories/:id router.put('/:id', (req: Req, res: Res) => { const db = getDb(); const { name, spending_enabled, group_id } = req.body; if (!name) throw ValidationError('name is required', 'name'); const cat = db .prepare('SELECT id FROM categories WHERE id = ? AND user_id = ? AND deleted_at IS NULL') .get(req.params.id, req.user.id); if (!cat) throw NotFoundError('Category not found', 'id'); if (group_id !== undefined && group_id !== null) { const group = db .prepare('SELECT id FROM category_groups WHERE id = ? AND user_id = ?') .get(group_id, req.user.id); if (!group) throw NotFoundError('Category group not found', 'group_id'); } try { const fields = ['name = ?', "updated_at = datetime('now')"]; const values = [name.trim()]; if (spending_enabled !== undefined) { fields.push('spending_enabled = ?'); values.push(spending_enabled ? 1 : 0); } if (group_id !== undefined) { fields.push('group_id = ?'); values.push(group_id); } db.prepare(`UPDATE categories SET ${fields.join(', ')} WHERE id = ? AND user_id = ?`).run( ...values, req.params.id, req.user.id, ); const updated = db .prepare( 'SELECT id, name, sort_order, spending_enabled, group_id, created_at, updated_at FROM categories WHERE id = ? AND user_id = ? AND deleted_at IS NULL', ) .get(req.params.id, req.user.id); res.json({ ...updated, spending_enabled: !!updated.spending_enabled }); } catch (e) { asConflict(e, 'Category already exists', 'name'); } }); // ── Category groups ────────────────────────────────────────────────────────── // GET /api/category-groups — typed via Kysely (built, then run synchronously). router.get('/groups', (req: Req, res: Res) => { const groups = all( kysely() .selectFrom('category_groups') .select(['id', 'name', 'sort_order', 'created_at', 'updated_at']) .where('user_id', '=', req.user.id) .orderBy('sort_order', 'asc') .orderBy(sql`name collate nocase`, 'asc'), ); res.json(groups); }); // POST /api/category-groups router.post('/groups', (req: Req, res: Res) => { const db = getDb(); const { name } = req.body; if (!name?.trim()) throw ValidationError('name is required', 'name'); try { const maxOrder = db .prepare('SELECT COALESCE(MAX(sort_order), -1) AS m FROM category_groups WHERE user_id = ?') .get(req.user.id).m; const result = db .prepare('INSERT INTO category_groups (user_id, name, sort_order) VALUES (?, ?, ?)') .run(req.user.id, name.trim(), maxOrder + 1); const created = db .prepare( 'SELECT id, name, sort_order, created_at, updated_at FROM category_groups WHERE id = ?', ) .get(result.lastInsertRowid); res.status(201).json(created); } catch (e) { asConflict(e, 'Category group already exists', 'name'); } }); // PUT /api/category-groups/:id router.put('/groups/:id', (req: Req, res: Res) => { const db = getDb(); const { name, sort_order } = req.body; const group = db .prepare('SELECT id FROM category_groups WHERE id = ? AND user_id = ?') .get(req.params.id, req.user.id); if (!group) throw NotFoundError('Category group not found', 'id'); try { const fields = ["updated_at = datetime('now')"]; const values = []; if (name !== undefined) { if (!name.trim()) throw ValidationError('name is required', 'name'); fields.push('name = ?'); values.push(name.trim()); } if (sort_order !== undefined) { fields.push('sort_order = ?'); values.push(Number(sort_order)); } db.prepare(`UPDATE category_groups SET ${fields.join(', ')} WHERE id = ? AND user_id = ?`).run( ...values, req.params.id, req.user.id, ); const updated = db .prepare( 'SELECT id, name, sort_order, created_at, updated_at FROM category_groups WHERE id = ? AND user_id = ?', ) .get(req.params.id, req.user.id); res.json(updated); } catch (e) { asConflict(e, 'Category group already exists', 'name'); } }); // DELETE /api/category-groups/:id router.delete('/groups/:id', (req: Req, res: Res) => { const db = getDb(); const group = db .prepare('SELECT id FROM category_groups WHERE id = ? AND user_id = ?') .get(req.params.id, req.user.id); if (!group) throw NotFoundError('Category group not found', 'id'); db.prepare('DELETE FROM category_groups WHERE id = ? AND user_id = ?').run( req.params.id, req.user.id, ); res.json({ success: true }); }); // PATCH /api/categories/:id/spending — toggle spending_enabled without requiring name router.patch('/:id/spending', (req: Req, res: Res) => { const db = getDb(); const cat = db .prepare( 'SELECT id, spending_enabled FROM categories WHERE id = ? AND user_id = ? AND deleted_at IS NULL', ) .get(req.params.id, req.user.id); if (!cat) throw NotFoundError('Category not found', 'id'); const enabled = req.body?.spending_enabled !== undefined ? !!req.body.spending_enabled : !cat.spending_enabled; db.prepare( "UPDATE categories SET spending_enabled=?, updated_at=datetime('now') WHERE id=? AND user_id=?", ).run(enabled ? 1 : 0, req.params.id, req.user.id); res.json({ id: cat.id, spending_enabled: enabled }); }); // DELETE /api/categories/:id router.delete('/:id', (req: Req, res: Res) => { const db = getDb(); const cat = db .prepare('SELECT id, name FROM categories WHERE id = ? AND user_id = ? AND deleted_at IS NULL') .get(req.params.id, req.user.id); if (!cat) throw NotFoundError('Category not found', 'id'); const deleted = db .prepare( "UPDATE categories SET deleted_at = datetime('now'), updated_at = datetime('now') WHERE id = ? AND user_id = ? AND deleted_at IS NULL", ) .run(req.params.id, req.user.id); res.json({ success: true, deleted: deleted.changes, deleted_category_id: cat.id, deleted_category_name: cat.name, recoverable_until_days: 30, }); }); // POST /api/categories/:id/restore — undo category soft delete router.post('/:id/restore', (req: Req, res: Res) => { const db = getDb(); const cat = db .prepare( 'SELECT id, name FROM categories WHERE id = ? AND user_id = ? AND deleted_at IS NOT NULL', ) .get(req.params.id, req.user.id); if (!cat) throw NotFoundError('Deleted category not found', 'id'); db.prepare( "UPDATE categories SET deleted_at = NULL, updated_at = datetime('now') WHERE id = ? AND user_id = ?", ).run(req.params.id, req.user.id); res.json( db .prepare('SELECT * FROM categories WHERE id = ? AND user_id = ?') .get(req.params.id, req.user.id), ); }); module.exports = router;