'use strict'; const express = require('express'); const router = express.Router(); const { previewSpreadsheet, applyImportDecisions, getImportHistory, } = require('../services/spreadsheetImportService'); const { previewUserDbImport, applyUserDbImport, } = require('../services/userDbImportService'); function makeErrorId() { return `imp_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 8)}`; } function sendImportError(res, err, fallback, defaultCode) { if (err.status) { return res.status(err.status).json({ error: fallback, message: err.message, code: err.code || defaultCode, details: Array.isArray(err.details) ? err.details : [], }); } const errorId = makeErrorId(); console.error(`[import] ${fallback} (${errorId}):`, err.stack || err.message); return res.status(500).json({ error: fallback, message: 'Unexpected import server error. Please try again or adjust the import decisions.', code: defaultCode, error_id: errorId, }); } // ─── POST /api/import/spreadsheet/preview ───────────────────────────────────── // Accepts an XLSX file as raw binary body. // Send with Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet // or application/octet-stream. Optionally pass X-Filename header for audit logging. // Returns a preview with proposed row mappings and bill matches; writes no data. router.post( '/spreadsheet/preview', express.raw({ type: [ 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 'application/octet-stream', 'application/xlsx', 'application/vnd.ms-excel', ], limit: '10mb', }), async (req, res) => { try { if (!Buffer.isBuffer(req.body) || req.body.length === 0) { return res.status(400).json({ error: 'XLSX file is required. Send as raw binary with Content-Type application/octet-stream or the XLSX MIME type.', }); } const rawFilename = req.headers['x-filename']; const originalFilename = rawFilename ? rawFilename.replace(/[^a-zA-Z0-9._\-\s]/g, '').trim().slice(0, 255) : null; const options = { sheet_name: req.query.sheet || null, parse_all_sheets: req.query.parse_all_sheets === 'true', default_year: req.query.year ? parseInt(req.query.year, 10) : null, default_month: req.query.month ? parseInt(req.query.month, 10) : null, original_filename: originalFilename, }; if (options.default_year && (options.default_year < 2000 || options.default_year > 2100)) { return res.status(400).json({ error: 'year must be between 2000 and 2100' }); } if (options.default_month && (options.default_month < 1 || options.default_month > 12)) { return res.status(400).json({ error: 'month must be between 1 and 12' }); } const result = await previewSpreadsheet(req.user.id, req.body, options); res.json(result); } catch (err) { return sendImportError(res, err, 'Import preview failed', 'IMPORT_PREVIEW_ERROR'); } }, ); // ─── POST /api/import/spreadsheet/apply ────────────────────────────────────── // Applies confirmed import decisions from a previous preview session. // Body: { import_session_id, decisions: [...], options: { overwrite: false } } // Each decision must have: row_id, action, and action-specific fields. // Only writes data for explicitly confirmed decisions; skips ambiguous rows. router.post('/spreadsheet/apply', express.json({ limit: '2mb' }), async (req, res) => { try { const { import_session_id, decisions, options } = req.body || {}; if (!import_session_id || typeof import_session_id !== 'string') { return res.status(400).json({ error: 'import_session_id is required' }); } if (!Array.isArray(decisions) || decisions.length === 0) { return res.status(400).json({ error: 'decisions array is required and must not be empty' }); } if (decisions.length > 5000) { return res.status(400).json({ error: 'Too many decisions in a single apply request (max 5000)' }); } const result = await applyImportDecisions( req.user.id, import_session_id, decisions, options || {}, ); res.json(result); } catch (err) { return sendImportError(res, err, 'Import apply failed', 'IMPORT_APPLY_ERROR'); } }); // ─── POST /api/import/user-db/preview ──────────────────────────────────────── // Accepts a SQLite user data export created by this app. This is not an admin // full-database restore and writes no live bill/payment/category data. router.post( '/user-db/preview', express.raw({ type: [ 'application/octet-stream', 'application/x-sqlite3', 'application/vnd.sqlite3', 'application/x-sqlite', 'application/vnd.sqlite', ], limit: '50mb', }), async (req, res) => { try { const rawFilename = req.headers['x-filename']; const originalFilename = rawFilename ? rawFilename.replace(/[^a-zA-Z0-9._\-\s]/g, '').trim().slice(0, 255) : null; const result = await previewUserDbImport(req.user.id, req.body, { original_filename: originalFilename }); res.json(result); } catch (err) { return sendImportError(res, err, 'User SQLite import preview failed', 'USER_DB_IMPORT_PREVIEW_ERROR'); } }, ); // ─── POST /api/import/user-db/apply ────────────────────────────────────────── // Applies a previously previewed user SQLite export session. User ownership is // derived from req.user only; existing data is skipped by default. router.post('/user-db/apply', express.json({ limit: '1mb' }), async (req, res) => { try { const { import_session_id, options } = req.body || {}; if (!import_session_id || typeof import_session_id !== 'string') { return res.status(400).json({ error: 'import_session_id is required' }); } const result = await applyUserDbImport(req.user.id, import_session_id, options || {}); res.json(result); } catch (err) { return sendImportError(res, err, 'User SQLite import apply failed', 'USER_DB_IMPORT_APPLY_ERROR'); } }); // ─── GET /api/import/history ────────────────────────────────────────────────── // Returns the authenticated user's import history (last 100 imports). router.get('/history', (req, res) => { try { const history = getImportHistory(req.user.id); res.json({ history }); } catch (err) { console.error('[import] history error:', err.message); res.status(500).json({ error: 'Failed to load import history' }); } }); module.exports = router;