first build commit

src/app/api/accounts/[id]/route.ts

@@ -0,0 +1,63 @@
+import { NextResponse } from 'next/server'
+import { auth } from '@/lib/auth'
+import { prisma } from '@/lib/prisma'
+import { updateAccountSchema } from '@/lib/validations/account'
+
+type Params = { params: Promise<{ id: string }> }
+
+export async function GET(_req: Request, { params }: Params) {
+  const session = await auth()
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const { id } = await params
+  const account = await prisma.account.findFirst({
+    where: { id, userId: session.user.id },
+  })
+
+  if (!account) return NextResponse.json({ error: 'Not found' }, { status: 404 })
+  return NextResponse.json(account)
+}
+
+export async function PATCH(req: Request, { params }: Params) {
+  const session = await auth()
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const { id } = await params
+  const body = await req.json()
+  const parsed = updateAccountSchema.safeParse(body)
+  if (!parsed.success) {
+    return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 })
+  }
+
+  const existing = await prisma.account.findFirst({
+    where: { id, userId: session.user.id },
+  })
+  if (!existing) return NextResponse.json({ error: 'Not found' }, { status: 404 })
+
+  const account = await prisma.account.update({
+    where: { id },
+    data: parsed.data,
+  })
+
+  return NextResponse.json(account)
+}
+
+export async function DELETE(_req: Request, { params }: Params) {
+  const session = await auth()
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const { id } = await params
+  const existing = await prisma.account.findFirst({
+    where: { id, userId: session.user.id },
+  })
+  if (!existing) return NextResponse.json({ error: 'Not found' }, { status: 404 })
+
+  await prisma.account.delete({ where: { id } })
+  return new NextResponse(null, { status: 204 })
+}

src/app/api/accounts/route.ts

@@ -0,0 +1,37 @@
+import { NextResponse } from 'next/server'
+import { auth } from '@/lib/auth'
+import { prisma } from '@/lib/prisma'
+import { createAccountSchema } from '@/lib/validations/account'
+
+export async function GET() {
+  const session = await auth()
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const accounts = await prisma.account.findMany({
+    where: { userId: session.user.id },
+    orderBy: { createdAt: 'asc' },
+  })
+
+  return NextResponse.json(accounts)
+}
+
+export async function POST(req: Request) {
+  const session = await auth()
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const body = await req.json()
+  const parsed = createAccountSchema.safeParse(body)
+  if (!parsed.success) {
+    return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 })
+  }
+
+  const account = await prisma.account.create({
+    data: { ...parsed.data, userId: session.user.id },
+  })
+
+  return NextResponse.json(account, { status: 201 })
+}

src/app/api/auth/[...nextauth]/route.ts

@@ -0,0 +1,3 @@
+import { handlers } from '@/lib/auth'
+
+export const { GET, POST } = handlers

src/app/api/budgets/[id]/route.ts

@@ -0,0 +1,45 @@
+import { NextResponse } from 'next/server'
+import { auth } from '@/lib/auth'
+import { prisma } from '@/lib/prisma'
+import { updateBudgetSchema } from '@/lib/validations/budget'
+
+type Params = { params: Promise<{ id: string }> }
+
+export async function PATCH(req: Request, { params }: Params) {
+  const session = await auth()
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const { id } = await params
+  const body = await req.json()
+  const parsed = updateBudgetSchema.safeParse(body)
+  if (!parsed.success) {
+    return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 })
+  }
+
+  const existing = await prisma.budget.findFirst({
+    where: { id, userId: session.user.id },
+  })
+  if (!existing) return NextResponse.json({ error: 'Not found' }, { status: 404 })
+
+  const budget = await prisma.budget.update({ where: { id }, data: parsed.data })
+  return NextResponse.json(budget)
+}
+
+export async function DELETE(_req: Request, { params }: Params) {
+  const session = await auth()
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const { id } = await params
+  const existing = await prisma.budget.findFirst({
+    where: { id, userId: session.user.id },
+  })
+  if (!existing) return NextResponse.json({ error: 'Not found' }, { status: 404 })
+
+  // onDelete: SetNull in schema nulls out Transaction.budgetId automatically
+  await prisma.budget.delete({ where: { id } })
+  return new NextResponse(null, { status: 204 })
+}

src/app/api/budgets/route.ts

@@ -0,0 +1,37 @@
+import { NextResponse } from 'next/server'
+import { auth } from '@/lib/auth'
+import { prisma } from '@/lib/prisma'
+import { createBudgetSchema } from '@/lib/validations/budget'
+
+export async function GET() {
+  const session = await auth()
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const budgets = await prisma.budget.findMany({
+    where: { userId: session.user.id },
+    orderBy: { createdAt: 'asc' },
+  })
+
+  return NextResponse.json(budgets)
+}
+
+export async function POST(req: Request) {
+  const session = await auth()
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const body = await req.json()
+  const parsed = createBudgetSchema.safeParse(body)
+  if (!parsed.success) {
+    return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 })
+  }
+
+  const budget = await prisma.budget.create({
+    data: { ...parsed.data, userId: session.user.id },
+  })
+
+  return NextResponse.json(budget, { status: 201 })
+}

src/app/api/dashboard/route.ts

@@ -0,0 +1,78 @@
+import { NextResponse } from 'next/server'
+import { auth } from '@/lib/auth'
+import { prisma } from '@/lib/prisma'
+import { monthBounds, monthLabel } from '@/lib/utils/dates'
+
+export async function GET() {
+  const session = await auth()
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const userId = session.user.id
+  const { start, end } = monthBounds()
+
+  const [accounts, cashFlowRows, budgets, spendRows, recentTx] = await Promise.all([
+    prisma.account.findMany({
+      where: { userId, isActive: true },
+      select: { id: true, name: true, type: true, currentBalanceCents: true },
+      orderBy: { name: 'asc' },
+    }),
+    prisma.$queryRaw<{ type: string; total: bigint }[]>`
+      SELECT t.type, COALESCE(SUM(t."amountCents"), 0)::bigint AS total
+      FROM "Transaction" t
+      JOIN "Account" a ON t."accountId" = a.id
+      WHERE a."userId" = ${userId}
+        AND a.type = 'BANK'
+        AND t.date >= ${start}
+        AND t.date <= ${end}
+      GROUP BY t.type
+    `,
+    prisma.budget.findMany({
+      where: { userId, isActive: true },
+      orderBy: { name: 'asc' },
+    }),
+    prisma.$queryRaw<{ budgetId: string; total: bigint }[]>`
+      SELECT t."budgetId", COALESCE(SUM(t."amountCents"), 0)::bigint AS total
+      FROM "Transaction" t
+      JOIN "Account" a ON t."accountId" = a.id
+      WHERE a."userId" = ${userId}
+        AND t."budgetId" IS NOT NULL
+        AND t.type = 'DEBIT'
+        AND t.date >= ${start}
+        AND t.date <= ${end}
+      GROUP BY t."budgetId"
+    `,
+    prisma.transaction.findMany({
+      where: { account: { userId } },
+      include: { account: { select: { name: true } } },
+      orderBy: { date: 'desc' },
+      take: 5,
+    }),
+  ])
+
+  const bankAccounts = accounts.filter((a) => a.type === 'BANK')
+  const netWorthCents = bankAccounts.reduce((s, a) => s + a.currentBalanceCents, 0)
+
+  const cfMap = Object.fromEntries(cashFlowRows.map((r) => [r.type, Number(r.total)]))
+  const creditsCents = cfMap['CREDIT'] ?? 0
+  const debitsCents = cfMap['DEBIT'] ?? 0
+
+  const spendMap = new Map(spendRows.map((r) => [r.budgetId, Number(r.total)]))
+
+  return NextResponse.json({
+    monthLabel: monthLabel(),
+    netWorthCents,
+    bankAccounts,
+    cashFlow: { creditsCents, debitsCents, netCents: creditsCents - debitsCents },
+    budgets: budgets.map((b) => ({ ...b, spendCents: spendMap.get(b.id) ?? 0 })),
+    recentTransactions: recentTx.map((t) => ({
+      id: t.id,
+      date: t.date.toISOString(),
+      description: t.description,
+      amountCents: t.amountCents,
+      type: t.type,
+      accountName: t.account.name,
+    })),
+  })
+}

src/app/api/health/route.ts

@@ -0,0 +1,11 @@
+import { NextResponse } from 'next/server'
+import { prisma } from '@/lib/prisma'
+
+export async function GET() {
+  try {
+    await prisma.$queryRaw`SELECT 1`
+    return NextResponse.json({ status: 'ok' })
+  } catch {
+    return NextResponse.json({ status: 'error', detail: 'database unreachable' }, { status: 503 })
+  }
+}

src/app/api/transactions/[id]/route.ts

@@ -0,0 +1,41 @@
+import { NextResponse } from 'next/server'
+import { auth } from '@/lib/auth'
+import { prisma } from '@/lib/prisma'
+import { updateTransactionSchema } from '@/lib/validations/transaction'
+
+type Params = { params: Promise<{ id: string }> }
+
+export async function PATCH(req: Request, { params }: Params) {
+  const session = await auth()
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const { id } = await params
+  const body = await req.json()
+  const parsed = updateTransactionSchema.safeParse(body)
+  if (!parsed.success) {
+    return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 })
+  }
+
+  // Scope check via the account's userId
+  const existing = await prisma.transaction.findFirst({
+    where: { id, account: { userId: session.user.id } },
+  })
+  if (!existing) return NextResponse.json({ error: 'Not found' }, { status: 404 })
+
+  // Validate budgetId belongs to this user if provided
+  if (parsed.data.budgetId) {
+    const budget = await prisma.budget.findFirst({
+      where: { id: parsed.data.budgetId, userId: session.user.id },
+    })
+    if (!budget) return NextResponse.json({ error: 'Budget not found' }, { status: 404 })
+  }
+
+  const transaction = await prisma.transaction.update({
+    where: { id },
+    data: parsed.data,
+  })
+
+  return NextResponse.json(transaction)
+}

src/app/api/transactions/route.ts

@@ -0,0 +1,50 @@
+import { NextResponse } from 'next/server'
+import { auth } from '@/lib/auth'
+import { prisma } from '@/lib/prisma'
+import { transactionQuerySchema } from '@/lib/validations/transaction'
+import { Prisma } from '@/generated/prisma/client'
+
+export async function GET(req: Request) {
+  const session = await auth()
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const { searchParams } = new URL(req.url)
+  const parsed = transactionQuerySchema.safeParse(Object.fromEntries(searchParams))
+  if (!parsed.success) {
+    return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 })
+  }
+
+  const { accountId, dateFrom, dateTo, type, search, budgetId, page, limit } = parsed.data
+
+  const where: Prisma.TransactionWhereInput = {
+    account: { userId: session.user.id },
+    ...(accountId && { accountId }),
+    ...(type && { type }),
+    ...(budgetId !== undefined && { budgetId: budgetId || null }),
+    ...(search && { description: { contains: search, mode: 'insensitive' } }),
+    ...((dateFrom || dateTo) && {
+      date: {
+        ...(dateFrom && { gte: new Date(dateFrom) }),
+        ...(dateTo && { lte: new Date(dateTo + 'T23:59:59.999Z') }),
+      },
+    }),
+  }
+
+  const [transactions, total] = await prisma.$transaction([
+    prisma.transaction.findMany({
+      where,
+      include: {
+        account: { select: { name: true, type: true } },
+        budget: { select: { id: true, name: true, color: true } },
+      },
+      orderBy: { date: 'desc' },
+      skip: (page - 1) * limit,
+      take: limit,
+    }),
+    prisma.transaction.count({ where }),
+  ])
+
+  return NextResponse.json({ transactions, total, page, limit, totalPages: Math.ceil(total / limit) })
+}

src/app/api/upload/route.ts

@@ -0,0 +1,172 @@
+import { NextResponse } from 'next/server'
+import Papa from 'papaparse'
+import { auth } from '@/lib/auth'
+import { prisma } from '@/lib/prisma'
+import { detectProfile } from '@/lib/csv/bank-profiles'
+import { normalizeRows } from '@/lib/csv/normalizer'
+import { columnMappingSchema } from '@/lib/validations/upload'
+import type { NormalizerConfig } from '@/lib/csv/bank-profiles'
+
+const MAX_FILE_SIZE = 10 * 1024 * 1024 // 10 MB
+
+export async function POST(req: Request) {
+  const session = await auth()
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const formData = await req.formData()
+  const file = formData.get('file') as File | null
+  const accountId = formData.get('accountId') as string | null
+  const columnMappingRaw = formData.get('columnMapping') as string | null
+
+  if (!file || !accountId) {
+    return NextResponse.json({ error: 'file and accountId are required' }, { status: 400 })
+  }
+  if (file.size > MAX_FILE_SIZE) {
+    return NextResponse.json({ error: 'File too large (max 10 MB)' }, { status: 400 })
+  }
+  if (!file.name.toLowerCase().endsWith('.csv')) {
+    return NextResponse.json({ error: 'File must be a .csv file' }, { status: 400 })
+  }
+  const validMimes = ['text/csv', 'text/plain', 'application/vnd.ms-excel', 'application/csv', '']
+  if (file.type && !validMimes.includes(file.type)) {
+    return NextResponse.json({ error: 'Invalid file type' }, { status: 400 })
+  }
+
+  const account = await prisma.account.findFirst({
+    where: { id: accountId, userId: session.user.id },
+  })
+  if (!account) {
+    return NextResponse.json({ error: 'Account not found' }, { status: 404 })
+  }
+
+  const content = await file.text()
+
+  // Parse all rows once — used for both detection and normalization
+  const parsed = Papa.parse<Record<string, string>>(content, {
+    header: true,
+    skipEmptyLines: true,
+    transformHeader: (h) => h.trim(),
+  })
+  const headers = (parsed.meta.fields ?? []).map((h) => h.trim())
+  const allRows = parsed.data
+
+  // Detect profile or use provided manual mapping
+  const detected = detectProfile(headers)
+
+  if (!detected && !columnMappingRaw) {
+    return NextResponse.json({
+      requiresMapping: true,
+      headers,
+      sampleRows: allRows.slice(0, 5),
+    })
+  }
+
+  let config: NormalizerConfig
+  if (detected && !columnMappingRaw) {
+    config = detected
+  } else {
+    const result = columnMappingSchema.safeParse(JSON.parse(columnMappingRaw!))
+    if (!result.success) {
+      return NextResponse.json({ error: result.error.flatten() }, { status: 400 })
+    }
+    config = result.data
+  }
+
+  const normalized = normalizeRows(allRows, accountId, config)
+
+  const upload = await prisma.csvUpload.create({
+    data: {
+      accountId,
+      fileName: file.name,
+      rowCount: allRows.length,
+      importedCount: 0,
+      skippedCount: 0,
+      status: 'PENDING',
+    },
+  })
+
+  try {
+    const { count: importedCount } = await prisma.transaction.createMany({
+      data: normalized.map((r) => ({
+        accountId,
+        uploadId: upload.id,
+        date: r.date,
+        description: r.description,
+        amountCents: r.amountCents,
+        type: r.type,
+        dedupeHash: r.dedupeHash,
+      })),
+      skipDuplicates: true,
+    })
+    const skippedCount = normalized.length - importedCount
+
+    // Recompute current balance
+    const [balRow] = await prisma.$queryRaw<[{ balance: bigint }]>`
+      SELECT COALESCE(SUM(
+        CASE WHEN type = 'CREDIT' THEN "amountCents" ELSE -"amountCents" END
+      ), 0)::bigint AS balance
+      FROM "Transaction"
+      WHERE "accountId" = ${accountId}
+    `
+    await prisma.account.update({
+      where: { id: accountId },
+      data: { currentBalanceCents: Number(balRow.balance) },
+    })
+
+    // Upsert balance snapshots for each affected month
+    const months = [
+      ...new Map(
+        normalized.map((r) => {
+          const y = r.date.getFullYear()
+          const m = r.date.getMonth() + 1
+          return [`${y}-${m}`, { year: y, month: m }]
+        }),
+      ).values(),
+    ]
+    for (const { year, month } of months) {
+      const endOfMonth = new Date(year, month, 0, 23, 59, 59, 999)
+      const [snap] = await prisma.$queryRaw<[{ balance: bigint }]>`
+        SELECT COALESCE(SUM(
+          CASE WHEN type = 'CREDIT' THEN "amountCents" ELSE -"amountCents" END
+        ), 0)::bigint AS balance
+        FROM "Transaction"
+        WHERE "accountId" = ${accountId}
+        AND date <= ${endOfMonth}
+      `
+      await prisma.balanceSnapshot.upsert({
+        where: { accountId_year_month: { accountId, year, month } },
+        update: { balanceCents: Number(snap.balance), computedAt: new Date() },
+        create: { accountId, year, month, balanceCents: Number(snap.balance) },
+      })
+    }
+
+    const status =
+      importedCount === 0 ? 'FAILED'
+      : skippedCount > 0 ? 'PARTIAL'
+      : 'SUCCESS'
+
+    await prisma.csvUpload.update({
+      where: { id: upload.id },
+      data: { importedCount, skippedCount, status },
+    })
+
+    return NextResponse.json({
+      success: true,
+      detected: detected?.name,
+      importedCount,
+      skippedCount,
+      fileName: file.name,
+    })
+  } catch (err) {
+    await prisma.csvUpload.update({
+      where: { id: upload.id },
+      data: {
+        status: 'FAILED',
+        errorMessage: err instanceof Error ? err.message : 'Unknown error',
+      },
+    })
+    return NextResponse.json({ error: 'Import failed' }, { status: 500 })
+  }
+}