lucien/bank-app
1
0
Fork 0
generated from lucien/api-template
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add: added routes and improved frontend

Browse source
This commit is contained in:
Lukian 2025-04-27 18:23:16 +02:00
parent 37c96f5341
commit 94e4d5750f
15 changed files with 1039 additions and 172 deletions
Download patch file Download diff file Expand all files Collapse all files

52
back/api/@me.js
View file

@ -1,11 +1,11 @@
const express = require('express');
const router = express.Router();
const { getConnection, getUserAccounts, getUserCards } = require('../libs/mysql');
const { getConnection, getUserAccounts, getUserCards, getUserTransfers, setAccountBalance, getAccount, addTransfer } = require('../libs/mysql');
const { checkAuth } = require('../libs/middlewares');
router.post('/', checkAuth, async (req, res) => {
const user = req.user;
res.send({ id: user.id, name: user.name, lastname: user.lastname, admin: user.admin });
res.send(user);
});
router.post('/accounts', checkAuth, async (req, res) => {
@ -13,11 +13,7 @@ router.post('/accounts', checkAuth, async (req, res) => {
const connection = await getConnection();
const accounts = await getUserAccounts(connection, user.id);
connection.end();
if (!accounts[0]) {
return res.status(404).send({ error: 'No accounts found' });
}
res.send({ accounts: accounts });
res.send(accounts);
});
router.post('/cards', checkAuth, async (req, res) => {
@ -25,11 +21,47 @@ router.post('/cards', checkAuth, async (req, res) => {
const connection = await getConnection();
const cards = await getUserCards(connection, user.id);
connection.end();
res.send(cards);
});
if (!cards[0]) {
return res.status(404).send({ error: 'No cards found' });
router.post('/transfers', checkAuth, async (req, res) => {
const user = req.user;
const connection = await getConnection();
const transfers = await getUserTransfers(connection, user.id);
connection.end();
res.send(transfers);
});
router.post('/send-money', checkAuth, async (req, res) => {
const user = req.user;
const { account_from_id, account_to_id, amount, name } = req.body;
if (!account_from_id || !account_to_id || !amount || !name) {
return res.status(400).send({ error: 'Missing required fields' });
}
res.send({ cards: cards });
const connection = await getConnection();
const accountFrom = await getAccount(connection, account_from_id);
const accountTo = await getAccount(connection, account_to_id);
if (!accountFrom[0] || !accountTo[0]) {
return res.status(400).send({ error: 'Invalid account ID' });
}
if (accountFrom[0].client_id !== user.id) {
return res.status(403).send({ error: 'You are not authorized to send money from this account' });
}
if (accountFrom[0].balance < amount) {
return res.status(400).send({ error: 'Insufficient funds' });
}
await setAccountBalance(connection, account_from_id, accountFrom[0].balance - amount);
await setAccountBalance(connection, account_to_id, accountTo[0].balance + amount);
await addTransfer(connection, account_from_id, account_to_id, name, amount);
connection.end();
res.send({ message: 'Money sent successfully' });
});
module.exports = router;

9
back/api/accounts.js
View file

@ -1,9 +0,0 @@
const express = require('express');
const { getConnection } = require('../libs/mysql');
const { checkAuth } = require('../libs/middlewares');
const router = express.Router();
module.exports = router;

205
back/api/users.js
View file

@ -1,9 +1,212 @@
const express = require('express');
const { getConnection, addUser } = require('../libs/mysql');
const { getConnection, addUser, getUsers, getUser, getUserAccounts, addAccount, removeAccount, getUserCards, addCard, removeCard, setAccountBalance, getAccount } = require('../libs/mysql');
const { checkAuth } = require('../libs/middlewares');
const router = express.Router();
router.post('/', checkAuth, async (req, res) => {
const user = req.user;
if (!user.admin) {
return res.status(403).json({ error: 'Permission denied' });
}
const connection = await getConnection();
const users = await getUsers(connection);
connection.end();
res.send(users );
});
router.post('/:id', checkAuth, async (req, res) => {
const this_user = req.user;
const { id } = req.params;
if (!this_user.admin) {
return res.status(403).json({ error: 'Permission denied' });
}
const connection = await getConnection();
const user = await getUser(connection, id);
connection.end();
if (!user[0]) {
return res.status(404).send({ error: 'User not found' });
}
res.send(user[0]);
});
router.post('/:id/accounts', checkAuth, async (req, res) => {
const this_user = req.user;
const { id } = req.params;
if (!this_user.admin) {
return res.status(403).json({ error: 'Permission denied' });
}
const connection = await getConnection();
const user = await getUser(connection, id);
if (!user[0]) {
return res.status(404).send({ error: 'User not found' });
}
const accounts = await getUserAccounts(connection, id);
connection.end();
res.send(accounts);
});
router.post('/:user_id/accounts/:account_id/delete', checkAuth, async (req, res) => {
const this_user = req.user;
const { user_id, account_id } = req.params;
if (!this_user.admin) {
return res.status(403).json({ error: 'Permission denied' });
}
const connection = await getConnection();
const user = await getUser(connection, user_id);
if (!user[0]) {
return res.status(404).send({ error: 'User not found' });
}
await removeAccount(connection, account_id);
connection.end();
res.send({ message: 'Account removed' });
});
router.post('/:user_id/accounts/:account_id/add-balance', checkAuth, async (req, res) => {
const this_user = req.user;
const { user_id, account_id } = req.params;
const { balance } = req.body;
if (!this_user.admin) {
return res.status(403).json({ error: 'Permission denied' });
}
if (!balance) {
return res.status(400).json({ error: 'Balance is required' });
}
const connection = await getConnection();
const user = await getUser(connection, user_id);
if (!user[0]) {
return res.status(404).send({ error: 'User not found' });
}
const account = await getAccount(connection, account_id);
if (!account[0]) {
return res.status(404).send({ error: 'Account not found' });
}
await setAccountBalance(connection, account_id, account[0].balance + balance);
connection.end();
res.send({ message: 'Balance added' });
});
router.post('/:id/create-account', checkAuth, async (req, res) => {
const this_user = req.user;
const { name } = req.body;
const { id } = req.params;
if (!this_user.admin) {
return res.status(403).json({ error: 'Permission denied' });
}
if (!name) {
return res.status(400).json({ error: 'Name is required' });
}
const connection = await getConnection();
const user = await getUser(connection, id);
if (!user[0]) {
return res.status(404).send({ error: 'User not found' });
}
await addAccount(connection, id, name);
connection.end();
res.send({ message: 'Account created' });
});
router.post('/:id/cards', checkAuth, async (req, res) => {
const this_user = req.user;
const { id } = req.params;
if (!this_user.admin) {
return res.status(403).json({ error: 'Permission denied' });
}
const connection = await getConnection();
const user = await getUser(connection, id);
if (!user[0]) {
return res.status(404).send({ error: 'User not found' });
}
const cards = await getUserCards(connection, id);
connection.end();
res.send(cards);
});
router.post('/:user_id/cards/:card_id/delete', checkAuth, async (req, res) => {
const this_user = req.user;
const { user_id, card_id } = req.params;
if (!this_user.admin) {
return res.status(403).json({ error: 'Permission denied' });
}
const connection = await getConnection();
const user = await getUser(connection, user_id);
if (!user[0]) {
return res.status(404).send({ error: 'User not found' });
}
await removeCard(connection, card_id);
connection.end();
res.send({ message: 'Card removed' });
});
router.post('/:user_id/create-card', checkAuth, async (req, res) => {
const this_user = req.user;
const { user_id } = req.params;
const { account_id } = req.body;
if (!this_user.admin) {
return res.status(403).json({ error: 'Permission denied' });
}
const connection = await getConnection();
const user = await getUser(connection, user_id);
if (!user[0]) {
return res.status(404).send({ error: 'User not found' });
}
const numero = Math.floor(Math.random() * 1000000000);
const expiration = new Date();
expiration.setFullYear(expiration.getFullYear() + 5);
const expirationString = `${expiration.getMonth() + 1}/${expiration.getFullYear() % 100}`;
const cvc = Math.floor(Math.random() * 1000);
await addCard(connection, account_id, numero, expirationString, cvc);
connection.end();
res.send({ message: 'Card created' });
});
router.post('/add', checkAuth, async (req, res) => {
const user = req.user;
const { name, lastname, email, numero, password } = req.body;