first build commit

2026-04-19 00:44:43 -04:00
parent bc271b7ce1
commit 55debd082b
82 changed files with 6217 additions and 97 deletions
--- a/src/app/api/transactions/[id]/route.ts
+++ b/src/app/api/transactions/[id]/route.ts
@@ -0,0 +1,41 @@
+import { NextResponse } from 'next/server'
+import { auth } from '@/lib/auth'
+import { prisma } from '@/lib/prisma'
+import { updateTransactionSchema } from '@/lib/validations/transaction'
+
+type Params = { params: Promise<{ id: string }> }
+
+export async function PATCH(req: Request, { params }: Params) {
+  const session = await auth()
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const { id } = await params
+  const body = await req.json()
+  const parsed = updateTransactionSchema.safeParse(body)
+  if (!parsed.success) {
+    return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 })
+  }
+
+  // Scope check via the account's userId
+  const existing = await prisma.transaction.findFirst({
+    where: { id, account: { userId: session.user.id } },
+  })
+  if (!existing) return NextResponse.json({ error: 'Not found' }, { status: 404 })
+
+  // Validate budgetId belongs to this user if provided
+  if (parsed.data.budgetId) {
+    const budget = await prisma.budget.findFirst({
+      where: { id: parsed.data.budgetId, userId: session.user.id },
+    })
+    if (!budget) return NextResponse.json({ error: 'Budget not found' }, { status: 404 })
+  }
+
+  const transaction = await prisma.transaction.update({
+    where: { id },
+    data: parsed.data,
+  })
+
+  return NextResponse.json(transaction)
+}