BillTracker/routes/import.js

'use strict';

const express = require('express');
const router  = express.Router();
const {
  previewSpreadsheet,
  applyImportDecisions,
  getImportHistory,
} = require('../services/spreadsheetImportService');
const {
  previewUserDbImport,
  applyUserDbImport,
} = require('../services/userDbImportService');

function makeErrorId() {
  return `imp_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 8)}`;
}

function sendImportError(res, err, fallback, defaultCode) {
  if (err.status) {
    return res.status(err.status).json({
      error: fallback,
      message: err.message,
      code: err.code || defaultCode,
      details: Array.isArray(err.details) ? err.details : [],
    });
  }

  const errorId = makeErrorId();
  console.error(`[import] ${fallback} (${errorId}):`, err.stack || err.message);
  return res.status(500).json({
    error: fallback,
    message: 'Unexpected import server error. Please try again or adjust the import decisions.',
    code: defaultCode,
    error_id: errorId,
  });
}

// ─── POST /api/import/spreadsheet/preview ─────────────────────────────────────
// Accepts an XLSX file as raw binary body.
// Send with Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
// or application/octet-stream. Optionally pass X-Filename header for audit logging.
// Returns a preview with proposed row mappings and bill matches; writes no data.

router.post(
  '/spreadsheet/preview',
  express.raw({
    type: [
      'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
      'application/octet-stream',
      'application/xlsx',
      'application/vnd.ms-excel',
    ],
    limit: '10mb',
  }),
  async (req, res) => {
    try {
      if (!Buffer.isBuffer(req.body) || req.body.length === 0) {
        return res.status(400).json({
          error: 'XLSX file is required. Send as raw binary with Content-Type application/octet-stream or the XLSX MIME type.',
        });
      }

      const rawFilename = req.headers['x-filename'];
      const originalFilename = rawFilename
        ? rawFilename.replace(/[^a-zA-Z0-9._\-\s]/g, '').trim().slice(0, 255)
        : null;

      const options = {
        sheet_name:        req.query.sheet             || null,
        parse_all_sheets:  req.query.parse_all_sheets === 'true',
        default_year:      req.query.year   ? parseInt(req.query.year,  10) : null,
        default_month:     req.query.month  ? parseInt(req.query.month, 10) : null,
        original_filename: originalFilename,
      };

      if (options.default_year && (options.default_year < 2000 || options.default_year > 2100)) {
        return res.status(400).json({ error: 'year must be between 2000 and 2100' });
      }
      if (options.default_month && (options.default_month < 1 || options.default_month > 12)) {
        return res.status(400).json({ error: 'month must be between 1 and 12' });
      }

      const result = await previewSpreadsheet(req.user.id, req.body, options);
      res.json(result);
    } catch (err) {
      return sendImportError(res, err, 'Import preview failed', 'IMPORT_PREVIEW_ERROR');
    }
  },
);

// ─── POST /api/import/spreadsheet/apply ──────────────────────────────────────
// Applies confirmed import decisions from a previous preview session.
// Body: { import_session_id, decisions: [...], options: { overwrite: false } }
// Each decision must have: row_id, action, and action-specific fields.
// Only writes data for explicitly confirmed decisions; skips ambiguous rows.

router.post('/spreadsheet/apply', express.json({ limit: '2mb' }), async (req, res) => {
  try {
    const { import_session_id, decisions, options } = req.body || {};

    if (!import_session_id || typeof import_session_id !== 'string') {
      return res.status(400).json({ error: 'import_session_id is required' });
    }
    if (!Array.isArray(decisions) || decisions.length === 0) {
      return res.status(400).json({ error: 'decisions array is required and must not be empty' });
    }
    if (decisions.length > 5000) {
      return res.status(400).json({ error: 'Too many decisions in a single apply request (max 5000)' });
    }

    const result = await applyImportDecisions(
      req.user.id,
      import_session_id,
      decisions,
      options || {},
    );
    res.json(result);
  } catch (err) {
    return sendImportError(res, err, 'Import apply failed', 'IMPORT_APPLY_ERROR');
  }
});

// ─── POST /api/import/user-db/preview ────────────────────────────────────────
// Accepts a SQLite user data export created by this app. This is not an admin
// full-database restore and writes no live bill/payment/category data.

router.post(
  '/user-db/preview',
  express.raw({
    type: [
      'application/octet-stream',
      'application/x-sqlite3',
      'application/vnd.sqlite3',
      'application/x-sqlite',
      'application/vnd.sqlite',
    ],
    limit: '50mb',
  }),
  async (req, res) => {
    try {
      const rawFilename = req.headers['x-filename'];
      const originalFilename = rawFilename
        ? rawFilename.replace(/[^a-zA-Z0-9._\-\s]/g, '').trim().slice(0, 255)
        : null;
      const result = await previewUserDbImport(req.user.id, req.body, { original_filename: originalFilename });
      res.json(result);
    } catch (err) {
      return sendImportError(res, err, 'User SQLite import preview failed', 'USER_DB_IMPORT_PREVIEW_ERROR');
    }
  },
);

// ─── POST /api/import/user-db/apply ──────────────────────────────────────────
// Applies a previously previewed user SQLite export session. User ownership is
// derived from req.user only; existing data is skipped by default.

router.post('/user-db/apply', express.json({ limit: '1mb' }), async (req, res) => {
  try {
    const { import_session_id, options } = req.body || {};
    if (!import_session_id || typeof import_session_id !== 'string') {
      return res.status(400).json({ error: 'import_session_id is required' });
    }
    const result = await applyUserDbImport(req.user.id, import_session_id, options || {});
    res.json(result);
  } catch (err) {
    return sendImportError(res, err, 'User SQLite import apply failed', 'USER_DB_IMPORT_APPLY_ERROR');
  }
});

// ─── GET /api/import/history ──────────────────────────────────────────────────
// Returns the authenticated user's import history (last 100 imports).

router.get('/history', (req, res) => {
  try {
    const history = getImportHistory(req.user.id);
    res.json({ history });
  } catch (err) {
    console.error('[import] history error:', err.message);
    res.status(500).json({ error: 'Failed to load import history' });
  }
});

module.exports = router;
initial commit 2026-05-03 19:51:57 -05:00			`'use strict';`

			`const express = require('express');`
			`const router = express.Router();`
			`const {`
			`previewSpreadsheet,`
			`applyImportDecisions,`
			`getImportHistory,`
			`} = require('../services/spreadsheetImportService');`
			`const {`
			`previewUserDbImport,`
			`applyUserDbImport,`
			`} = require('../services/userDbImportService');`

			`function makeErrorId() {`
			return `imp_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 8)}`;
			`}`

			`function sendImportError(res, err, fallback, defaultCode) {`
			`if (err.status) {`
			`return res.status(err.status).json({`
			`error: fallback,`
			`message: err.message,`
			`code: err.code \|\| defaultCode,`
			`details: Array.isArray(err.details) ? err.details : [],`
			`});`
			`}`

			`const errorId = makeErrorId();`
			console.error(`[import] ${fallback} (${errorId}):`, err.stack \|\| err.message);
			`return res.status(500).json({`
			`error: fallback,`
			`message: 'Unexpected import server error. Please try again or adjust the import decisions.',`
			`code: defaultCode,`
			`error_id: errorId,`
			`});`
			`}`

			`// ─── POST /api/import/spreadsheet/preview ─────────────────────────────────────`
			`// Accepts an XLSX file as raw binary body.`
			`// Send with Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet`
			`// or application/octet-stream. Optionally pass X-Filename header for audit logging.`
			`// Returns a preview with proposed row mappings and bill matches; writes no data.`

			`router.post(`
			`'/spreadsheet/preview',`
			`express.raw({`
			`type: [`
			`'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',`
			`'application/octet-stream',`
			`'application/xlsx',`
			`'application/vnd.ms-excel',`
			`],`
			`limit: '10mb',`
			`}),`
			`async (req, res) => {`
			`try {`
			`if (!Buffer.isBuffer(req.body) \|\| req.body.length === 0) {`
			`return res.status(400).json({`
			`error: 'XLSX file is required. Send as raw binary with Content-Type application/octet-stream or the XLSX MIME type.',`
			`});`
			`}`

			`const rawFilename = req.headers['x-filename'];`
			`const originalFilename = rawFilename`
			`? rawFilename.replace(/[^a-zA-Z0-9._\-\s]/g, '').trim().slice(0, 255)`
			`: null;`

			`const options = {`
			`sheet_name: req.query.sheet \|\| null,`
			`parse_all_sheets: req.query.parse_all_sheets === 'true',`
			`default_year: req.query.year ? parseInt(req.query.year, 10) : null,`
			`default_month: req.query.month ? parseInt(req.query.month, 10) : null,`
			`original_filename: originalFilename,`
			`};`

			`if (options.default_year && (options.default_year < 2000 \|\| options.default_year > 2100)) {`
			`return res.status(400).json({ error: 'year must be between 2000 and 2100' });`
			`}`
			`if (options.default_month && (options.default_month < 1 \|\| options.default_month > 12)) {`
			`return res.status(400).json({ error: 'month must be between 1 and 12' });`
			`}`

			`const result = await previewSpreadsheet(req.user.id, req.body, options);`
			`res.json(result);`
			`} catch (err) {`
			`return sendImportError(res, err, 'Import preview failed', 'IMPORT_PREVIEW_ERROR');`
			`}`
			`},`
			`);`

			`// ─── POST /api/import/spreadsheet/apply ──────────────────────────────────────`
			`// Applies confirmed import decisions from a previous preview session.`
			`// Body: { import_session_id, decisions: [...], options: { overwrite: false } }`
			`// Each decision must have: row_id, action, and action-specific fields.`
			`// Only writes data for explicitly confirmed decisions; skips ambiguous rows.`

			`router.post('/spreadsheet/apply', express.json({ limit: '2mb' }), async (req, res) => {`
			`try {`
			`const { import_session_id, decisions, options } = req.body \|\| {};`

			`if (!import_session_id \|\| typeof import_session_id !== 'string') {`
			`return res.status(400).json({ error: 'import_session_id is required' });`
			`}`
			`if (!Array.isArray(decisions) \|\| decisions.length === 0) {`
			`return res.status(400).json({ error: 'decisions array is required and must not be empty' });`
			`}`
			`if (decisions.length > 5000) {`
			`return res.status(400).json({ error: 'Too many decisions in a single apply request (max 5000)' });`
			`}`

			`const result = await applyImportDecisions(`
			`req.user.id,`
			`import_session_id,`
			`decisions,`
			`options \|\| {},`
			`);`
			`res.json(result);`
			`} catch (err) {`
			`return sendImportError(res, err, 'Import apply failed', 'IMPORT_APPLY_ERROR');`
			`}`
			`});`

			`// ─── POST /api/import/user-db/preview ────────────────────────────────────────`
			`// Accepts a SQLite user data export created by this app. This is not an admin`
			`// full-database restore and writes no live bill/payment/category data.`

			`router.post(`
			`'/user-db/preview',`
			`express.raw({`
			`type: [`
			`'application/octet-stream',`
			`'application/x-sqlite3',`
			`'application/vnd.sqlite3',`
			`'application/x-sqlite',`
			`'application/vnd.sqlite',`
			`],`
			`limit: '50mb',`
			`}),`
			`async (req, res) => {`
			`try {`
			`const rawFilename = req.headers['x-filename'];`
			`const originalFilename = rawFilename`
			`? rawFilename.replace(/[^a-zA-Z0-9._\-\s]/g, '').trim().slice(0, 255)`
			`: null;`
			`const result = await previewUserDbImport(req.user.id, req.body, { original_filename: originalFilename });`
			`res.json(result);`
			`} catch (err) {`
			`return sendImportError(res, err, 'User SQLite import preview failed', 'USER_DB_IMPORT_PREVIEW_ERROR');`
			`}`
			`},`
			`);`

			`// ─── POST /api/import/user-db/apply ──────────────────────────────────────────`
			`// Applies a previously previewed user SQLite export session. User ownership is`
			`// derived from req.user only; existing data is skipped by default.`

			`router.post('/user-db/apply', express.json({ limit: '1mb' }), async (req, res) => {`
			`try {`
			`const { import_session_id, options } = req.body \|\| {};`
			`if (!import_session_id \|\| typeof import_session_id !== 'string') {`
			`return res.status(400).json({ error: 'import_session_id is required' });`
			`}`
			`const result = await applyUserDbImport(req.user.id, import_session_id, options \|\| {});`
			`res.json(result);`
			`} catch (err) {`
			`return sendImportError(res, err, 'User SQLite import apply failed', 'USER_DB_IMPORT_APPLY_ERROR');`
			`}`
			`});`

			`// ─── GET /api/import/history ──────────────────────────────────────────────────`
			`// Returns the authenticated user's import history (last 100 imports).`

			`router.get('/history', (req, res) => {`
			`try {`
			`const history = getImportHistory(req.user.id);`
			`res.json({ history });`
			`} catch (err) {`
			`console.error('[import] history error:', err.message);`
			`res.status(500).json({ error: 'Failed to load import history' });`
			`}`
			`});`

			`module.exports = router;`