const express = require('express'); const { standardizeError } = require('../middleware/errorFormatter'); const router = express.Router(); const { getDb, ensureUserDefaultCategories } = require('../db/database'); const { accountingActiveSql } = require('../services/paymentAccountingService'); // GET /api/categories router.get('/', (req, res) => { try { const db = getDb(); ensureUserDefaultCategories(req.user.id); const categories = db.prepare(` SELECT id, user_id, name, sort_order, spending_enabled, group_id, created_at, updated_at FROM categories WHERE user_id = ? AND deleted_at IS NULL ORDER BY CASE WHEN sort_order IS NULL THEN 1 ELSE 0 END, sort_order ASC, name COLLATE NOCASE ASC `).all(req.user.id); const billsByCategory = db.prepare(` SELECT b.id, b.category_id, b.name, b.active, b.expected_amount, b.due_day, COUNT(p.id) AS payment_count, COALESCE(SUM(p.amount), 0) AS total_paid, MAX(p.paid_date) AS last_paid_date FROM bills b LEFT JOIN payments p ON p.bill_id = b.id AND p.deleted_at IS NULL AND ${accountingActiveSql('p')} WHERE b.user_id = ? AND b.category_id = ? AND b.deleted_at IS NULL GROUP BY b.id ORDER BY b.active DESC, b.due_day ASC, b.name COLLATE NOCASE ASC `); const shaped = categories.map(category => { const bills = billsByCategory.all(req.user.id, category.id).map(bill => ({ ...bill, active: !!bill.active, payment_count: Number(bill.payment_count || 0), total_paid: Number(bill.total_paid || 0), last_paid_date: bill.last_paid_date || null, })); const activeBillCount = bills.filter(bill => bill.active).length; const inactiveBillCount = bills.length - activeBillCount; const paymentCount = bills.reduce((sum, bill) => sum + bill.payment_count, 0); return { ...category, spending_enabled: !!category.spending_enabled, bill_count: activeBillCount, active_bill_count: activeBillCount, inactive_bill_count: inactiveBillCount, payment_count: paymentCount, bill_names: bills.map(bill => bill.name), bills, }; }); res.json(shaped); } catch (err) { console.error('[categories GET]', err.message); res.status(500).json({ error: 'Failed to load categories' }); } }); // PUT /api/categories/reorder router.put('/reorder', (req, res) => { const db = getDb(); const entries = Object.entries(req.body || {}).map(([categoryId, sortOrder]) => ({ categoryId: Number(categoryId), sortOrder: Number(sortOrder), })); if (entries.length === 0) { return res.status(400).json(standardizeError('At least one category order is required', 'VALIDATION_ERROR', 'reorder')); } const invalid = entries.find(({ categoryId, sortOrder }) => ( !Number.isInteger(categoryId) || categoryId <= 0 || !Number.isInteger(sortOrder) || sortOrder < 0 )); if (invalid) { return res.status(400).json(standardizeError('Reorder payload must map category ids to non-negative integer positions', 'VALIDATION_ERROR', 'reorder')); } const ids = entries.map(item => item.categoryId); const placeholders = ids.map(() => '?').join(','); const owned = db.prepare(` SELECT id FROM categories WHERE user_id = ? AND deleted_at IS NULL AND id IN (${placeholders}) `).all(req.user.id, ...ids); if (owned.length !== ids.length) { return res.status(404).json(standardizeError('One or more categories were not found', 'NOT_FOUND', 'category_id')); } const update = db.prepare("UPDATE categories SET sort_order = ?, updated_at = datetime('now') WHERE id = ? AND user_id = ?"); db.transaction((items) => { for (const item of items) update.run(item.sortOrder, item.categoryId, req.user.id); })(entries); res.json({ success: true }); }); // POST /api/categories router.post('/', (req, res) => { const db = getDb(); const { name } = req.body; if (!name) return res.status(400).json(standardizeError('name is required', 'VALIDATION_ERROR', 'name')); try { const result = db.prepare('INSERT INTO categories (user_id, name) VALUES (?, ?)').run(req.user.id, name.trim()); const created = db.prepare('SELECT * FROM categories WHERE id = ?').get(result.lastInsertRowid); res.status(201).json(created); } catch (e) { if (e.message.includes('UNIQUE')) { return res.status(409).json(standardizeError('Category already exists', 'CONFLICT', 'name')); } throw e; } }); // PUT /api/categories/:id router.put('/:id', (req, res) => { const db = getDb(); const { name, spending_enabled, group_id } = req.body; if (!name) return res.status(400).json(standardizeError('name is required', 'VALIDATION_ERROR', 'name')); const cat = db.prepare('SELECT id FROM categories WHERE id = ? AND user_id = ? AND deleted_at IS NULL').get(req.params.id, req.user.id); if (!cat) return res.status(404).json(standardizeError('Category not found', 'NOT_FOUND', 'id')); if (group_id !== undefined && group_id !== null) { const group = db.prepare('SELECT id FROM category_groups WHERE id = ? AND user_id = ?').get(group_id, req.user.id); if (!group) return res.status(404).json(standardizeError('Category group not found', 'NOT_FOUND', 'group_id')); } try { const fields = ["name = ?", "updated_at = datetime('now')"]; const values = [name.trim()]; if (spending_enabled !== undefined) { fields.push('spending_enabled = ?'); values.push(spending_enabled ? 1 : 0); } if (group_id !== undefined) { fields.push('group_id = ?'); values.push(group_id); } db.prepare(`UPDATE categories SET ${fields.join(', ')} WHERE id = ? AND user_id = ?`) .run(...values, req.params.id, req.user.id); const updated = db.prepare('SELECT id, name, sort_order, spending_enabled, group_id, created_at, updated_at FROM categories WHERE id = ? AND user_id = ? AND deleted_at IS NULL').get(req.params.id, req.user.id); res.json({ ...updated, spending_enabled: !!updated.spending_enabled }); } catch (e) { if (e.message?.includes('UNIQUE')) { return res.status(409).json(standardizeError('Category already exists', 'CONFLICT', 'name')); } console.error('[categories PUT]', e.message); res.status(500).json({ error: 'Failed to update category' }); } }); // ── Category groups ────────────────────────────────────────────────────────── // GET /api/category-groups router.get('/groups', (req, res) => { const db = getDb(); const groups = db.prepare(` SELECT id, name, sort_order, created_at, updated_at FROM category_groups WHERE user_id = ? ORDER BY sort_order ASC, name COLLATE NOCASE ASC `).all(req.user.id); res.json(groups); }); // POST /api/category-groups router.post('/groups', (req, res) => { const db = getDb(); const { name } = req.body; if (!name?.trim()) return res.status(400).json(standardizeError('name is required', 'VALIDATION_ERROR', 'name')); try { const maxOrder = db.prepare('SELECT COALESCE(MAX(sort_order), -1) AS m FROM category_groups WHERE user_id = ?').get(req.user.id).m; const result = db.prepare('INSERT INTO category_groups (user_id, name, sort_order) VALUES (?, ?, ?)') .run(req.user.id, name.trim(), maxOrder + 1); const created = db.prepare('SELECT id, name, sort_order, created_at, updated_at FROM category_groups WHERE id = ?').get(result.lastInsertRowid); res.status(201).json(created); } catch (e) { if (e.message?.includes('UNIQUE')) { return res.status(409).json(standardizeError('Category group already exists', 'CONFLICT', 'name')); } console.error('[category-groups POST]', e.message); res.status(500).json({ error: 'Failed to create category group' }); } }); // PUT /api/category-groups/:id router.put('/groups/:id', (req, res) => { const db = getDb(); const { name, sort_order } = req.body; const group = db.prepare('SELECT id FROM category_groups WHERE id = ? AND user_id = ?').get(req.params.id, req.user.id); if (!group) return res.status(404).json(standardizeError('Category group not found', 'NOT_FOUND', 'id')); try { const fields = ["updated_at = datetime('now')"]; const values = []; if (name !== undefined) { if (!name.trim()) return res.status(400).json(standardizeError('name is required', 'VALIDATION_ERROR', 'name')); fields.push('name = ?'); values.push(name.trim()); } if (sort_order !== undefined) { fields.push('sort_order = ?'); values.push(Number(sort_order)); } db.prepare(`UPDATE category_groups SET ${fields.join(', ')} WHERE id = ? AND user_id = ?`) .run(...values, req.params.id, req.user.id); const updated = db.prepare('SELECT id, name, sort_order, created_at, updated_at FROM category_groups WHERE id = ? AND user_id = ?').get(req.params.id, req.user.id); res.json(updated); } catch (e) { if (e.message?.includes('UNIQUE')) { return res.status(409).json(standardizeError('Category group already exists', 'CONFLICT', 'name')); } console.error('[category-groups PUT]', e.message); res.status(500).json({ error: 'Failed to update category group' }); } }); // DELETE /api/category-groups/:id router.delete('/groups/:id', (req, res) => { const db = getDb(); const group = db.prepare('SELECT id FROM category_groups WHERE id = ? AND user_id = ?').get(req.params.id, req.user.id); if (!group) return res.status(404).json(standardizeError('Category group not found', 'NOT_FOUND', 'id')); db.prepare('DELETE FROM category_groups WHERE id = ? AND user_id = ?').run(req.params.id, req.user.id); res.json({ success: true }); }); // PATCH /api/categories/:id/spending — toggle spending_enabled without requiring name router.patch('/:id/spending', (req, res) => { const db = getDb(); const cat = db.prepare('SELECT id, spending_enabled FROM categories WHERE id = ? AND user_id = ? AND deleted_at IS NULL').get(req.params.id, req.user.id); if (!cat) return res.status(404).json(standardizeError('Category not found', 'NOT_FOUND', 'id')); const enabled = req.body?.spending_enabled !== undefined ? !!req.body.spending_enabled : !cat.spending_enabled; try { db.prepare("UPDATE categories SET spending_enabled=?, updated_at=datetime('now') WHERE id=? AND user_id=?") .run(enabled ? 1 : 0, req.params.id, req.user.id); res.json({ id: cat.id, spending_enabled: enabled }); } catch (err) { console.error('[categories PATCH spending]', err.message); res.status(500).json({ error: 'Failed to update category' }); } }); // DELETE /api/categories/:id router.delete('/:id', (req, res) => { const db = getDb(); const cat = db.prepare('SELECT id, name FROM categories WHERE id = ? AND user_id = ? AND deleted_at IS NULL').get(req.params.id, req.user.id); if (!cat) return res.status(404).json(standardizeError('Category not found', 'NOT_FOUND', 'id')); const deleted = db.prepare("UPDATE categories SET deleted_at = datetime('now'), updated_at = datetime('now') WHERE id = ? AND user_id = ? AND deleted_at IS NULL") .run(req.params.id, req.user.id); res.json({ success: true, deleted: deleted.changes, deleted_category_id: cat.id, deleted_category_name: cat.name, recoverable_until_days: 30, }); }); // POST /api/categories/:id/restore — undo category soft delete router.post('/:id/restore', (req, res) => { const db = getDb(); const cat = db.prepare('SELECT id, name FROM categories WHERE id = ? AND user_id = ? AND deleted_at IS NOT NULL').get(req.params.id, req.user.id); if (!cat) return res.status(404).json(standardizeError('Deleted category not found', 'NOT_FOUND', 'id')); db.prepare("UPDATE categories SET deleted_at = NULL, updated_at = datetime('now') WHERE id = ? AND user_id = ?") .run(req.params.id, req.user.id); res.json(db.prepare('SELECT * FROM categories WHERE id = ? AND user_id = ?').get(req.params.id, req.user.id)); }); module.exports = router;