Update .github/workflows/deploy-prod.yaml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

.github/workflows/deploy-prod.yaml

@@ -92,6 +92,13 @@ jobs:
           CSAS_CLIENT_ID: ${{ secrets.CSAS_CLIENT_ID }}
           CSAS_CLIENT_SECRET: ${{ secrets.CSAS_CLIENT_SECRET }}
           SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+          SMTP_HOST: ${{ secrets.SMTP_HOST }}
+          SMTP_PORT: ${{ secrets.SMTP_PORT }}
+          SMTP_USERNAME: ${{ secrets.SMTP_USERNAME }}
+          SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
+          SMTP_USE_TLS: ${{ secrets.SMTP_USE_TLS }}
+          SMTP_USE_SSL: ${{ secrets.SMTP_USE_SSL }}
+          SMTP_FROM: ${{ secrets.SMTP_FROM }}
         run: |
           helm upgrade --install myapp ./7project/charts/myapp-chart \
             -n prod --create-namespace \
@@ -111,4 +118,11 @@ jobs:
             --set-string oauth.csas.clientId="$CSAS_CLIENT_ID" \
             --set-string oauth.csas.clientSecret="$CSAS_CLIENT_SECRET" \
             --set-string sentry_dsn="$SENTRY_DSN" \
-            --set-string database.encryptionSecret="${{ secrets.PROD_DB_ENCRYPTION_KEY }}"
+            --set-string database.encryptionSecret="${{ secrets.PROD_DB_ENCRYPTION_KEY }}" \
+            --set-string smtp.host="$SMTP_HOST" \
+            --set smtp.port="$SMTP_PORT" \
+            --set-string smtp.username="$SMTP_USERNAME" \
+            --set-string smtp.password="$SMTP_PASSWORD" \
+            --set-string smtp.tls="$SMTP_USE_TLS" \
+            --set-string smtp.ssl="$SMTP_USE_SSL" \
+            --set-string smtp.from="$SMTP_FROM"

7project/backend/app/app.py

@@ -1,14 +1,17 @@
+import json
 import logging
 import os
 import sys
 from datetime import datetime
 from pythonjsonlogger import jsonlogger
 
-from fastapi import Depends, FastAPI
+from fastapi import Depends, FastAPI, HTTPException
 from fastapi.middleware.cors import CORSMiddleware
 from prometheus_fastapi_instrumentator import Instrumentator, metrics
 from starlette.requests import Request
 
+from app.services.prometheus import number_of_users, number_of_transactions
+
 from app.services import bank_scraper
 from app.workers.celery_tasks import load_transactions, load_all_transactions
 from app.models.user import User, OAuthAccount
@@ -50,6 +53,9 @@ fastApi.add_middleware(
 
 prometheus = Instrumentator().instrument(fastApi)
 
+# Register custom metrics
+prometheus.add(number_of_users()).add(number_of_transactions())
+
 prometheus.expose(
     fastApi,
     endpoint="/metrics",
@@ -60,7 +66,6 @@ fastApi.include_router(auth_router)
 fastApi.include_router(categories_router)
 fastApi.include_router(transactions_router)
 
-
 for h in list(logging.root.handlers):
     logging.root.removeHandler(h)
 
@@ -73,7 +78,6 @@ _log_handler.setFormatter(_formatter)
 logging.root.setLevel(logging.INFO)
 logging.root.addHandler(_log_handler)
 
-
 for _name in ("uvicorn", "uvicorn.error", "uvicorn.access"):
     _logger = logging.getLogger(_name)
     _logger.handlers = [_log_handler]
@@ -156,16 +160,12 @@ async def authenticated_route(user: User = Depends(current_active_verified_user)
     return {"message": f"Hello {user.email}!"}
 
 
-@fastApi.get("/debug/scrape/csas/all", tags=["debug"])
-async def debug_scrape_csas_all():
-    logging.info("[Debug] Queueing CSAS scrape for all users via HTTP endpoint (Celery)")
+@fastApi.get("/_cron", include_in_schema=False)
+async def handle_cron(request: Request):
+    # endpoint accessed by Clodflare => return 404
+    if request.headers.get("cf-connecting-ip"):
+        raise HTTPException(status_code=404)
+
+    logging.info("[Cron] Triggering scheduled tasks via HTTP endpoint")
     task = load_all_transactions.delay()
     return {"status": "queued", "action": "csas_scrape_all", "task_id": getattr(task, 'id', None)}
-
-
-@fastApi.post("/debug/scrape/csas/{user_id}", tags=["debug"])
-async def debug_scrape_csas_user(user_id: str, user: User = Depends(current_active_verified_user)):
-    logging.info("[Debug] Queueing CSAS scrape for single user via HTTP endpoint (Celery) | user_id=%s", user_id)
-    task = load_transactions.delay(user_id)
-    return {"status": "queued", "action": "csas_scrape_single", "user_id": user_id,
-            "task_id": getattr(task, 'id', None)}

7project/backend/app/services/prometheus.py

@@ -0,0 +1,48 @@
+from typing import Callable
+from prometheus_fastapi_instrumentator.metrics import Info
+from prometheus_client import Gauge
+from sqlalchemy import select, func
+
+from app.core.db import async_session_maker
+from app.models.transaction import Transaction
+from app.models.user import User
+
+
+def number_of_users() -> Callable[[Info], None]:
+    METRIC = Gauge(
+        "number_of_users_total",
+        "Number of registered users.",
+        labelnames=("users",)
+    )
+
+    async def instrumentation(info: Info) -> None:
+        try:
+            async with async_session_maker() as session:
+                result = await session.execute(select(func.count(User.id)))
+                user_count = result.scalar_one() or 0
+        except Exception:
+            # In case of DB errors, avoid crashing metrics endpoint
+            user_count = 0
+        METRIC.labels(users="total").set(user_count)
+
+    return instrumentation
+
+
+def number_of_transactions() -> Callable[[Info], None]:
+    METRIC = Gauge(
+        "number_of_transactions_total",
+        "Number of transactions stored.",
+        labelnames=("transactions",)
+    )
+
+    async def instrumentation(info: Info) -> None:
+        try:
+            async with async_session_maker() as session:
+                result = await session.execute(select(func.count()).select_from(Transaction))
+                transaction_count = result.scalar_one() or 0
+        except Exception:
+            # In case of DB errors, avoid crashing metrics endpoint
+            transaction_count = 0
+        METRIC.labels(transactions="total").set(transaction_count)
+
+    return instrumentation

7project/backend/app/workers/celery_tasks.py

@@ -1,5 +1,8 @@
 import logging
 import asyncio
+import os
+import smtplib
+from email.message import EmailMessage
 
 from celery import shared_task
 
@@ -84,8 +87,45 @@ def send_email(to: str, subject: str, body: str) -> None:
         logger.error("Email task missing fields. to=%r subject=%r body_len=%r", to, subject, len(body) if body else 0)
         return
 
-    # Placeholder for real email sending logic
+    host = os.getenv("SMTP_HOST")
+    if not host:
+        logger.error("SMTP_HOST is not configured; cannot send email")
+        return
+
+    # Configuration
+    port = int(os.getenv("SMTP_PORT", "25"))
+    username = os.getenv("SMTP_USERNAME")
+    password = os.getenv("SMTP_PASSWORD")
+    use_tls = os.getenv("SMTP_USE_TLS", "0").lower() in {"1", "true", "yes"}
+    use_ssl = os.getenv("SMTP_USE_SSL", "0").lower() in {"1", "true", "yes"}
+    timeout = int(os.getenv("SMTP_TIMEOUT", "10"))
+    mail_from = os.getenv("SMTP_FROM") or username or "noreply@localhost"
+
+    # Build message
+    msg = EmailMessage()
+    msg["To"] = to
+    msg["From"] = mail_from
+    msg["Subject"] = subject
+    msg.set_content(body)
+
+    try:
+        if use_ssl:
+            with smtplib.SMTP_SSL(host=host, port=port, timeout=timeout) as smtp:
+                if username and password:
+                    smtp.login(username, password)
+                smtp.send_message(msg)
+        else:
+            with smtplib.SMTP(host=host, port=port, timeout=timeout) as smtp:
+                # STARTTLS if requested
+                if use_tls:
+                    smtp.starttls()
+                if username and password:
+                    smtp.login(username, password)
+                smtp.send_message(msg)
         logger.info("[Celery] Email sent | to=%s | subject=%s | body_len=%d", to, subject, len(body))
+    except Exception:
+        logger.exception("Failed to send email via SMTP to=%s subject=%s host=%s port=%s tls=%s ssl=%s", to, subject,
+                         host, port, use_tls, use_ssl)
 
 
 @shared_task(name="workers.load_transactions")

7project/backend/tests/test_e2e.py

@@ -0,0 +1,210 @@
+import pytest
+import uuid
+from httpx import AsyncClient, ASGITransport
+from fastapi import status
+
+
+def test_e2e(client):
+    # 1) Service is alive
+    alive = client.get("/")
+    assert alive.status_code == status.HTTP_200_OK
+
+    # 2) Attempt to login without payload should fail fast (validation error)
+    login = client.post("/auth/jwt/login")
+    assert login.status_code in (status.HTTP_400_BAD_REQUEST, status.HTTP_422_UNPROCESSABLE_CONTENT)
+
+    # 3) Protected endpoint should not be accessible without token
+    me = client.get("/users/me")
+    assert me.status_code in (status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN)
+
+
+@pytest.mark.asyncio
+async def test_e2e_full_user_lifecycle(fastapi_app, test_user):
+    # Use an AsyncClient with ASGITransport for async tests
+    transport = ASGITransport(app=fastapi_app, raise_app_exceptions=True)
+    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
+        login_payload = test_user
+
+        # 1. Log in with the new credentials
+        login_resp = await ac.post("/auth/jwt/login", data=login_payload)
+        assert login_resp.status_code == status.HTTP_200_OK
+        token = login_resp.json()["access_token"]
+        headers = {"Authorization": f"Bearer {token}"}
+
+        # 2. Access a protected endpoint
+        me_resp = await ac.get("/users/me", headers=headers)
+        assert me_resp.status_code == status.HTTP_200_OK
+        assert me_resp.json()["email"] == test_user["username"]
+
+        # 3. Update the user's profile
+        update_payload = {"first_name": "Test"}
+        patch_resp = await ac.patch("/users/me", json=update_payload, headers=headers)
+        assert patch_resp.status_code == status.HTTP_200_OK
+        assert patch_resp.json()["first_name"] == "Test"
+
+        # 4. Log out
+        logout_resp = await ac.post("/auth/jwt/logout", headers=headers)
+        assert logout_resp.status_code in (status.HTTP_200_OK, status.HTTP_204_NO_CONTENT)
+
+        # 5. Verify token is invalid
+        me_again_resp = await ac.get("/users/me", headers=headers)
+        assert me_again_resp.status_code == status.HTTP_401_UNAUTHORIZED
+
+
+@pytest.mark.asyncio
+async def test_e2e_transaction_workflow(fastapi_app, test_user):
+    transport = ASGITransport(app=fastapi_app, raise_app_exceptions=True)
+    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
+        # 1. Log in to get the token
+        login_resp = await ac.post("/auth/jwt/login", data=test_user)
+        token = login_resp.json()["access_token"]
+        headers = {"Authorization": f"Bearer {token}"}
+
+        # NEW STEP: Create a category first to get a valid ID
+        category_payload = {"name": "Test Category for E2E"}
+        create_category_resp = await ac.post("/categories/create", json=category_payload, headers=headers)
+        assert create_category_resp.status_code == status.HTTP_201_CREATED
+        category_id = create_category_resp.json()["id"]
+
+        # 2. Create a new transaction
+        tx_payload = {"amount": -55.40, "description": "Milk and eggs"}
+        tx_resp = await ac.post("/transactions/create", json=tx_payload, headers=headers)
+        assert tx_resp.status_code == status.HTTP_201_CREATED
+        tx_id = tx_resp.json()["id"]
+
+        # 3. Assign the category
+        assign_resp = await ac.post(f"/transactions/{tx_id}/categories/{category_id}", headers=headers)
+        assert assign_resp.status_code == status.HTTP_200_OK
+
+        # 4. Verify assignment
+        get_tx_resp = await ac.get(f"/transactions/{tx_id}", headers=headers)
+        assert category_id in get_tx_resp.json()["category_ids"]
+
+        # 5. Unassign the category
+        unassign_resp = await ac.delete(f"/transactions/{tx_id}/categories/{category_id}", headers=headers)
+        assert unassign_resp.status_code == status.HTTP_200_OK
+
+        # 6. Get the transaction again and verify the category is gone
+        get_tx_again_resp = await ac.get(f"/transactions/{tx_id}", headers=headers)
+        final_tx_data = get_tx_again_resp.json()
+        assert category_id not in final_tx_data["category_ids"]
+
+        # 7. Delete the transaction for cleanup
+        delete_resp = await ac.delete(f"/transactions/{tx_id}/delete", headers=headers)
+        assert delete_resp.status_code in (status.HTTP_200_OK, status.HTTP_204_NO_CONTENT)
+
+        # NEW STEP: Clean up the created category
+        delete_category_resp = await ac.delete(f"/categories/{category_id}", headers=headers)
+        assert delete_category_resp.status_code in (status.HTTP_200_OK, status.HTTP_204_NO_CONTENT)
+
+@pytest.mark.asyncio
+async def test_register_then_login_and_fetch_me(fastapi_app):
+    transport = ASGITransport(app=fastapi_app, raise_app_exceptions=True)
+    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
+        # Use unique email to avoid duplicates across runs
+        suffix = uuid.uuid4().hex[:8]
+        email = f"newuser_{suffix}@example.com"
+        password = "StrongPassw0rd!"
+
+        reg = await ac.post("/auth/register", json={"email": email, "password": password})
+        assert reg.status_code in (status.HTTP_201_CREATED, status.HTTP_200_OK)
+
+        login = await ac.post("/auth/jwt/login", data={"username": email, "password": password})
+        assert login.status_code == status.HTTP_200_OK
+        token = login.json()["access_token"]
+        headers = {"Authorization": f"Bearer {token}"}
+        try:
+            me = await ac.get("/users/me", headers=headers)
+            assert me.status_code == status.HTTP_200_OK
+            assert me.json()["email"] == email
+        finally:
+            # Cleanup: delete the created user so future runs won’t conflict
+            d = await ac.delete("/users/me", headers=headers)
+            assert d.status_code == status.HTTP_204_NO_CONTENT
+
+
+@pytest.mark.asyncio
+async def test_delete_current_user_revokes_access(fastapi_app):
+    transport = ASGITransport(app=fastapi_app, raise_app_exceptions=True)
+    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
+        email = "todelete@example.com"
+        password = "Passw0rd!"
+        reg = await ac.post("/auth/register", json={"email": email, "password": password})
+        assert reg.status_code in (status.HTTP_200_OK, status.HTTP_201_CREATED)
+
+        login = await ac.post("/auth/jwt/login", data={"username": email, "password": password})
+        token = login.json()["access_token"]
+        headers = {"Authorization": f"Bearer {token}"}
+
+        # Delete self
+        d = await ac.delete("/users/me", headers=headers)
+        assert d.status_code == status.HTTP_204_NO_CONTENT
+
+        # Access should now fail
+        me = await ac.get("/users/me", headers=headers)
+        assert me.status_code in (status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN)
+
+
+@pytest.mark.asyncio
+async def test_update_category_conflict_and_404(fastapi_app, test_user):
+    transport = ASGITransport(app=fastapi_app)
+    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
+        token = (await ac.post("/auth/jwt/login", data=test_user)).json()["access_token"]
+        h = {"Authorization": f"Bearer {token}"}
+
+        a = (await ac.post("/categories/create", json={"name": "A"}, headers=h)).json()
+        b = (await ac.post("/categories/create", json={"name": "B"}, headers=h)).json()
+
+        # Attempt to rename A -> B should conflict
+        conflict = await ac.patch(f"/categories/{a['id']}", json={"name": "B"}, headers=h)
+        assert conflict.status_code == status.HTTP_409_CONFLICT
+
+        # Update non-existent
+        missing = await ac.patch("/categories/999999", json={"name": "Z"}, headers=h)
+        assert missing.status_code == status.HTTP_404_NOT_FOUND
+
+@pytest.mark.asyncio
+async def test_category_cross_user_isolation(fastapi_app):
+    transport = ASGITransport(app=fastapi_app)
+    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
+        # Generate unique emails for both users
+        sfx = uuid.uuid4().hex[:8]
+        u1 = {"email": f"u1_{sfx}@example.com", "password": "Aaaaaa1!"}
+        u2 = {"email": f"u2_{sfx}@example.com", "password": "Aaaaaa1!"}
+
+        # user1
+        assert (await ac.post("/auth/register", json=u1)).status_code in (200, 201)
+        t1 = (await ac.post("/auth/jwt/login", data={"username": u1["email"], "password": u1["password"]})).json()["access_token"]
+        h1 = {"Authorization": f"Bearer {t1}"}
+
+        # user1 creates a category
+        c = (await ac.post("/categories/create", json={"name": "Private"}, headers=h1)).json()
+        cat_id = c["id"]
+
+        # user2
+        assert (await ac.post("/auth/register", json=u2)).status_code in (200, 201)
+        t2 = (await ac.post("/auth/jwt/login", data={"username": u2["email"], "password": u2["password"]})).json()["access_token"]
+        h2 = {"Authorization": f"Bearer {t2}"}
+
+        try:
+            # user2 cannot read/delete user1's category
+            g = await ac.get(f"/categories/{cat_id}", headers=h2)
+            assert g.status_code == status.HTTP_404_NOT_FOUND
+            d = await ac.delete(f"/categories/{cat_id}", headers=h2)
+            assert d.status_code == status.HTTP_404_NOT_FOUND
+        finally:
+            # Cleanup: remove the created category as its owner
+            try:
+                _ = await ac.delete(f"/categories/{cat_id}", headers=h1)
+            except Exception:
+                pass
+            # Cleanup: delete both users to avoid email conflicts later
+            try:
+                _ = await ac.delete("/users/me", headers=h1)
+            except Exception:
+                pass
+            try:
+                _ = await ac.delete("/users/me", headers=h2)
+            except Exception:
+                pass
+

7project/backend/tests/test_e2e_auth_flow.py

@@ -1,98 +0,0 @@
-import pytest
-import uuid
-from httpx import AsyncClient, ASGITransport
-from fastapi import status
-
-
-def test_e2e_minimal_auth_flow(client):
-    # 1) Service is alive
-    alive = client.get("/")
-    assert alive.status_code == status.HTTP_200_OK
-
-    # 2) Attempt to login without payload should fail fast (validation error)
-    login = client.post("/auth/jwt/login")
-    assert login.status_code in (status.HTTP_400_BAD_REQUEST, status.HTTP_422_UNPROCESSABLE_CONTENT)
-
-    # 3) Protected endpoint should not be accessible without token
-    me = client.get("/users/me")
-    assert me.status_code in (status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN)
-
-
-@pytest.mark.asyncio
-async def test_e2e_full_user_lifecycle(fastapi_app, test_user):
-    # Use an AsyncClient with ASGITransport for async tests
-    transport = ASGITransport(app=fastapi_app, raise_app_exceptions=True)
-    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
-        login_payload = test_user
-
-        # 1. Log in with the new credentials
-        login_resp = await ac.post("/auth/jwt/login", data=login_payload)
-        assert login_resp.status_code == status.HTTP_200_OK
-        token = login_resp.json()["access_token"]
-        headers = {"Authorization": f"Bearer {token}"}
-
-        # 2. Access a protected endpoint
-        me_resp = await ac.get("/users/me", headers=headers)
-        assert me_resp.status_code == status.HTTP_200_OK
-        assert me_resp.json()["email"] == test_user["username"]
-
-        # 3. Update the user's profile
-        update_payload = {"first_name": "Test"}
-        patch_resp = await ac.patch("/users/me", json=update_payload, headers=headers)
-        assert patch_resp.status_code == status.HTTP_200_OK
-        assert patch_resp.json()["first_name"] == "Test"
-
-        # 4. Log out
-        logout_resp = await ac.post("/auth/jwt/logout", headers=headers)
-        assert logout_resp.status_code in (status.HTTP_200_OK, status.HTTP_204_NO_CONTENT)
-
-        # 5. Verify token is invalid
-        me_again_resp = await ac.get("/users/me", headers=headers)
-        assert me_again_resp.status_code == status.HTTP_401_UNAUTHORIZED
-
-
-@pytest.mark.asyncio
-async def test_e2e_transaction_workflow(fastapi_app, test_user):
-    transport = ASGITransport(app=fastapi_app, raise_app_exceptions=True)
-    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
-        # 1. Log in to get the token
-        login_resp = await ac.post("/auth/jwt/login", data=test_user)
-        token = login_resp.json()["access_token"]
-        headers = {"Authorization": f"Bearer {token}"}
-
-        # NEW STEP: Create a category first to get a valid ID
-        category_payload = {"name": "Test Category for E2E"}
-        create_category_resp = await ac.post("/categories/create", json=category_payload, headers=headers)
-        assert create_category_resp.status_code == status.HTTP_201_CREATED
-        category_id = create_category_resp.json()["id"]
-
-        # 2. Create a new transaction
-        tx_payload = {"amount": -55.40, "description": "Milk and eggs"}
-        tx_resp = await ac.post("/transactions/create", json=tx_payload, headers=headers)
-        assert tx_resp.status_code == status.HTTP_201_CREATED
-        tx_id = tx_resp.json()["id"]
-
-        # 3. Assign the category
-        assign_resp = await ac.post(f"/transactions/{tx_id}/categories/{category_id}", headers=headers)
-        assert assign_resp.status_code == status.HTTP_200_OK
-
-        # 4. Verify assignment
-        get_tx_resp = await ac.get(f"/transactions/{tx_id}", headers=headers)
-        assert category_id in get_tx_resp.json()["category_ids"]
-
-        # 5. Unassign the category
-        unassign_resp = await ac.delete(f"/transactions/{tx_id}/categories/{category_id}", headers=headers)
-        assert unassign_resp.status_code == status.HTTP_200_OK
-
-        # 6. Get the transaction again and verify the category is gone
-        get_tx_again_resp = await ac.get(f"/transactions/{tx_id}", headers=headers)
-        final_tx_data = get_tx_again_resp.json()
-        assert category_id not in final_tx_data["category_ids"]
-
-        # 7. Delete the transaction for cleanup
-        delete_resp = await ac.delete(f"/transactions/{tx_id}/delete", headers=headers)
-        assert delete_resp.status_code in (status.HTTP_200_OK, status.HTTP_204_NO_CONTENT)
-
-        # NEW STEP: Clean up the created category
-        delete_category_resp = await ac.delete(f"/categories/{category_id}", headers=headers)
-        assert delete_category_resp.status_code in (status.HTTP_200_OK, status.HTTP_204_NO_CONTENT)

7project/backend/tests/test_integration_app.py

@@ -63,4 +63,108 @@ async def test_create_transaction_missing_amount_fails(fastapi_app, test_user):
         resp = await ac.post("/transactions/create", json=invalid_payload, headers=headers)
 
         # 4. Assert the expected validation error
-        assert resp.status_code == status.HTTP_422_UNPROCESSABLE_ENTITY
+        assert resp.status_code == status.HTTP_422_UNPROCESSABLE_CONTENT
+
+
+@pytest.mark.asyncio
+async def test_login_invalid_credentials(fastapi_app, test_user):
+    transport = ASGITransport(app=fastapi_app)
+    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
+        bad = await ac.post("/auth/jwt/login", data={"username": test_user["username"], "password": "nope"})
+        assert bad.status_code in (status.HTTP_401_UNAUTHORIZED, status.HTTP_400_BAD_REQUEST)
+        unknown = await ac.post("/auth/jwt/login", data={"username": "nouser@example.com", "password": "x"})
+        assert unknown.status_code in (status.HTTP_401_UNAUTHORIZED, status.HTTP_400_BAD_REQUEST)
+
+
+@pytest.mark.asyncio
+async def test_category_duplicate_name_conflict(fastapi_app, test_user):
+    transport = ASGITransport(app=fastapi_app)
+    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
+        token = (await ac.post("/auth/jwt/login", data=test_user)).json()["access_token"]
+        h = {"Authorization": f"Bearer {token}"}
+
+        p = {"name": "Food"}
+        r1 = await ac.post("/categories/create", json=p, headers=h)
+        assert r1.status_code == status.HTTP_201_CREATED
+        r2 = await ac.post("/categories/create", json=p, headers=h)
+        assert r2.status_code == status.HTTP_409_CONFLICT
+
+@pytest.mark.asyncio
+async def test_create_transaction_invalid_date_format(fastapi_app, test_user):
+    transport = ASGITransport(app=fastapi_app)
+    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
+        token = (await ac.post("/auth/jwt/login", data=test_user)).json()["access_token"]
+        h = {"Authorization": f"Bearer {token}"}
+        bad = await ac.post("/transactions/create", json={"amount": 10, "description": "x", "date": "31-12-2024"}, headers=h)
+        assert bad.status_code == status.HTTP_400_BAD_REQUEST
+
+@pytest.mark.asyncio
+async def test_update_transaction_rejects_duplicate_category_ids(fastapi_app, test_user):
+    transport = ASGITransport(app=fastapi_app)
+    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
+        token = (await ac.post("/auth/jwt/login", data=test_user)).json()["access_token"]
+        h = {"Authorization": f"Bearer {token}"}
+        tx = (await ac.post("/transactions/create", json={"amount": 5, "description": "x"}, headers=h)).json()
+        dup = await ac.patch(f"/transactions/{tx['id']}/edit", json={"category_ids": [1, 1]}, headers=h)
+        assert dup.status_code == status.HTTP_400_BAD_REQUEST
+
+@pytest.mark.asyncio
+async def test_assign_unassign_category_not_found_cases(fastapi_app, test_user):
+    transport = ASGITransport(app=fastapi_app)
+    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
+        token = (await ac.post("/auth/jwt/login", data=test_user)).json()["access_token"]
+        h = {"Authorization": f"Bearer {token}"}
+
+        # Create tx and category
+        tx = (await ac.post("/transactions/create", json={"amount": 1, "description": "a"}, headers=h)).json()
+        cat = (await ac.post("/categories/create", json={"name": "X"}, headers=h)).json()
+
+        # Missing transaction
+        r1 = await ac.post(f"/transactions/999999/categories/{cat['id']}", headers=h)
+        assert r1.status_code == status.HTTP_404_NOT_FOUND
+
+        # Missing category
+        r2 = await ac.post(f"/transactions/{tx['id']}/categories/999999", headers=h)
+        assert r2.status_code == status.HTTP_404_NOT_FOUND
+
+@pytest.mark.asyncio
+async def test_transactions_date_filter_and_balance_series(fastapi_app, test_user):
+    transport = ASGITransport(app=fastapi_app)
+    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
+        token = (await ac.post("/auth/jwt/login", data=test_user)).json()["access_token"]
+        h = {"Authorization": f"Bearer {token}"}
+
+        # Seed transactions spanning days
+        data = [
+            {"amount": 100, "description": "day1", "date": "2024-01-01"},
+            {"amount": -25, "description": "day2", "date": "2024-01-02"},
+            {"amount": 50, "description": "day3", "date": "2024-01-03"},
+        ]
+        for p in data:
+            r = await ac.post("/transactions/create", json=p, headers=h)
+            assert r.status_code == status.HTTP_201_CREATED
+
+        # Filtered list (2nd and 3rd only)
+        lst = await ac.get("/transactions/", params={"start_date": "2024-01-02", "end_date": "2024-01-03"}, headers=h)
+        assert lst.status_code == status.HTTP_200_OK
+        assert len(lst.json()) == 2
+
+        # Balance series should be cumulative per date
+        series = await ac.get("/transactions/balance_series", headers=h)
+        assert series.status_code == status.HTTP_200_OK
+        s = series.json()
+        assert s == [
+            {"date": "2024-01-01", "balance": 100.0},
+            {"date": "2024-01-02", "balance": 75.0},
+            {"date": "2024-01-03", "balance": 125.0},
+        ]
+
+@pytest.mark.asyncio
+async def test_delete_transaction_not_found(fastapi_app, test_user):
+    transport = ASGITransport(app=fastapi_app)
+    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
+        token = (await ac.post("/auth/jwt/login", data=test_user)).json()["access_token"]
+        h = {"Authorization": f"Bearer {token}"}
+        r = await ac.delete("/transactions/999999/delete", headers=h)
+        assert r.status_code == status.HTTP_404_NOT_FOUND
+

7project/charts/myapp-chart/templates/cron.yaml

@@ -0,0 +1,25 @@
+{{- if .Values.cron.enabled }}
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: cronjob
+spec:
+  schedule: {{ .Values.cron.schedule | quote }}
+  concurrencyPolicy: {{ .Values.cron.concurrencyPolicy | quote }}
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - name: cronjob
+              image: curlimages/curl:latest
+              imagePullPolicy: IfNotPresent
+              args:
+                - -sS
+                - -o
+                - /dev/null
+                - -w
+                - "%{http_code}"
+                - {{ printf "%s://%s.%s.svc.cluster.local%s" .Values.cron.scheme .Values.app.name .Release.Namespace .Values.cron.endpoint | quote }}
+          restartPolicy: OnFailure
+{{- end }}

7project/charts/myapp-chart/templates/prod.yaml

@@ -19,3 +19,10 @@ stringData:
   RABBITMQ_USERNAME: {{ .Values.rabbitmq.username | quote }}
   SENTRY_DSN: {{ .Values.sentry_dsn | quote }}
   DB_ENCRYPTION_KEY: {{ required "Set .Values.database.encryptionSecret" .Values.database.encryptionSecret | quote }}
+  SMTP_HOST: {{ .Values.smtp.host | default "" | quote }}
+  SMTP_PORT: {{ .Values.smtp.port | default 587 | quote }}
+  SMTP_USERNAME: {{ .Values.smtp.username | default "" | quote }}
+  SMTP_PASSWORD: {{ .Values.smtp.password | default "" | quote }}
+  SMTP_USE_TLS: {{ .Values.smtp.tls | default false | quote }}
+  SMTP_USE_SSL: {{ .Values.smtp.ssl | default false | quote }}
+  SMTP_FROM: {{ .Values.smtp.from | default "" | quote }}

7project/charts/myapp-chart/templates/worker-deployment.yaml

@@ -85,3 +85,38 @@ spec:
                 secretKeyRef:
                   name: prod
                   key: DB_ENCRYPTION_KEY
+            - name: SMTP_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: prod
+                  key: SMTP_HOST
+            - name: SMTP_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: prod
+                  key: SMTP_PORT
+            - name: SMTP_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: prod
+                  key: SMTP_USERNAME
+            - name: SMTP_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: prod
+                  key: SMTP_PASSWORD
+            - name: SMTP_USE_TLS
+              valueFrom:
+                secretKeyRef:
+                  name: prod
+                  key: SMTP_USE_TLS
+            - name: SMTP_USE_SSL
+              valueFrom:
+                secretKeyRef:
+                  name: prod
+                  key: SMTP_USE_SSL
+            - name: SMTP_FROM
+              valueFrom:
+                secretKeyRef:
+                  name: prod
+                  key: SMTP_FROM

7project/charts/myapp-chart/values-prod.yaml

@@ -5,3 +5,6 @@ app:
 
 worker:
   replicas: 3
+
+cron:
+  enabled: true

7project/charts/myapp-chart/values.yaml

@@ -35,6 +35,23 @@ worker:
   # Queue name for Celery worker and for CRD Queue
   mailQueueName: "mail_queue"
 
+cron:
+  enabled: false
+  schedule: "*/5 * * * *" # every 5 minutes
+  scheme: "http"
+  endpoint: "/_cron"
+  concurrencyPolicy: "Forbid"
+
+smtp:
+  host:
+  port: 587
+  username: ""
+  password: ""
+  tls: false
+  ssl: false
+  from: ""
+
+
 
 service:
   port: 80

7project/frontend/src/config.ts

@@ -1,2 +1,5 @@
 export const BACKEND_URL: string =
   import.meta.env.VITE_BACKEND_URL ?? '';
+
+export const VITE_UNIRATE_API_KEY: string =
+  import.meta.env.VITE_UNIRATE_API_KEY ?? 'wYXMiA0bz8AVRHtiS9hbKIr4VP3k5Qff8XnQdKQM45YM3IwFWP6y73r3KMkv1590';

7project/frontend/src/pages/Dashboard.tsx

@@ -6,7 +6,7 @@ import BalanceChart from './BalanceChart';
 import ManualManagement from './ManualManagement';
 import CategoryPieChart from './CategoryPieChart';
 import MockBankModal, { type MockGenerationOptions } from './MockBankModal';
-import { BACKEND_URL } from '../config';
+import { BACKEND_URL, VITE_UNIRATE_API_KEY } from '../config';
 
 function formatAmount(n: number) {
   return new Intl.NumberFormat(undefined, { minimumFractionDigits: 2, maximumFractionDigits: 2 }).format(n);
@@ -45,7 +45,7 @@ function CurrencyRates() {
       setLoading(true);
       setError(null);
 
-      const API_KEY = import.meta.env.VITE_UNIRATE_API_KEY;
+      const API_KEY = VITE_UNIRATE_API_KEY;
 
       // We need to get the CZK rate as well, to use it for conversion
       const allSymbols = [...TARGET_CURRENCIES, 'CZK'].join(',');
@@ -355,7 +355,7 @@ export default function Dashboard({ onLogout }: { onLogout: () => void }) {
     <div className={`app-layout ${sidebarOpen ? 'sidebar-open' : ''}`}>
       <aside className="sidebar" style={{ display: 'flex', flexDirection: 'column' }}>
         <div>
-          <div className="logo">7Project</div>
+          <div className="logo">Finance Tracker</div>
           <nav className="nav" onClick={() => setSidebarOpen(false)}>
             <button className={current === 'home' ? 'active' : ''} onClick={() => setCurrent('home')}>Home</button>
             <button className={current === 'manual' ? 'active' : ''} onClick={() => setCurrent('manual')}>Manual management</button>

7project/meetings/2025-10-30-meeting.md

@@ -43,8 +43,8 @@ The tracker should not store the transactions in the database - security vulnera
 
 Last 3 minutes of the meeting, summarize action items.
 
-- [ ] Change the name on frontend from 7project
-- [ ] Finalize the funcionality and everyting in the code part
+- [x] Change the name on frontend from 7project
+- [x] Finalize the funcionality and everyting in the code part
 - [ ] Try to finalize report with focus on reproducibility
 - [ ] More high level explanation of the workflow in the report
 

7project/meetings/2025-11-6-meeting.md

@@ -0,0 +1,47 @@
+# Weekly Meeting Notes
+
+- Group 8 - Personal finance tracker
+- Mentor: Jaychander
+
+Keep all meeting notes in the `meetings.md` file in your project folder.
+Just copy the template below for each weekly meeting and fill in the details.
+
+## Administrative Info
+
+- Date: 2025-10-30
+- Attendees: Dejan, Lukas
+- Notetaker: Dejan
+
+## Progress Update (Before Meeting)
+
+Last 3 minutes of the meeting, summarize action items.
+
+- [x] Change the name on frontend from 7project
+- [x] Finalize the funcionality and everyting in the code part
+- [x] Try to finalize report with focus on reproducibility
+- [x] More high level explanation of the workflow in the report
+
+Summary of what has been accomplished since the last meeting in the following categories.
+
+### Coding
+
+
+### Documentation
+
+
+## Questions and Topics for Discussion (Before Meeting)
+
+
+## Discussion Notes (During Meeting)
+The tracker should not store the transactions in the database - security vulnerability.
+
+## Action Items for Next Week (During Meeting)
+
+Last 3 minutes of the meeting, summarize action items.
+
+- [ ] video
+- [ ] highlight the optional stuff in the report
+
+
+
+---

7project/report.md

@@ -14,7 +14,7 @@
 - 289229, Lukáš Trkan, lukastrkan
 - 289258, Dejan Ribarovski, derib2613, ribardej
 
-**Brief Description**: (něco spíš jako abstract, introuction, story behind)
+**Brief Description**:
 Our application is a finance tracker, so a person can easily track his cash flow
 through multiple bank accounts. Person can label transactions with custom categories
 and later filter by them.
@@ -34,9 +34,16 @@ flowchart LR
     client[Client/Frontend] <--> svc[Backend API]
     svc --> proc_queue
     svc <--> db[(Database)]
-    svc <--> cache[(Cache)]
 ```
 
+The workflow works in the following way:
+- Client connects to the frontend. After login, frontend automatically fetches the stored transactions from 
+the database via the backend API
+- When the client opts for fetching new transactions via the Bank API, the backend delegates the task 
+to a background worker service via the Message queue.
+- After successful load, these transactions are stored to the database and displayed to the client
+- There is also a Task planner, that executes periodic tasks, like fetching new transactions automatically from the Bank API
+
 ### Components
 
 - Frontend (frontend/): React + TypeScript app built with Vite. Talks to the backend via REST, handles login/registration, shows latest transactions, filtering, and allows adding transactions.
@@ -123,12 +130,13 @@ docker compose up --build
 # Set environment variables (or create .env file)
 # TODO: fix
 export SECRET=CHANGE_ME_SECRET
-export BACKEND_URL=http://127.0.0.1:8000
-export FRONTEND_URL=http://localhost:5173
-export DATABASE_URL=postgresql+asyncpg://user:password@127.0.0.1:5432/app
-export RABBITMQ_URL=amqp://guest:guest@127.0.0.1:5672/
-export REDIS_URL=redis://127.0.0.1:6379/0
-
+export FRONTEND_DOMAIN_SCHEME=http://localhost:5173
+export BANKID_CLIENT_ID=CHANGE_ME
+export BANKID_CLIENT_SECRET=CHANGE_ME
+export CSAS_CLIENT_ID=CHANGE_ME
+export CSAS_CLIENT_SECRET=CHANGE_ME
+export MOJEID_CLIENT_ID=CHANGE_ME
+export MOJEID_CLIENT_SECRET=CHANGE_ME
 # Apply DB migrations (Alembic)
 # From 7project
 bash upgrade_database.sh
@@ -164,7 +172,38 @@ npm run build
 ```
 
 ## Deployment Instructions
+### Setup Cluster
+Deployment should work on any Kubernetes cluster. However, we are using 4 TalosOS virtual machines (1 control plane, 3 workers) 
+running on top of Proxmox VE. 
 
+1) Create 4 VMs with TalosOS
+2) Install talosctl for your OS: https://docs.siderolabs.com/talos/v1.10/getting-started/talosctl
+3) Generate Talos config
+```bash
+# TODO: add commands
+```
+4) Edit the generated worker.yaml
+- add google container registry mirror
+- add modules from config generator 
+- add extramounts for persistent storage
+- add kernel modules
+
+5) Apply the config to the VMs
+```bash
+#TODO: add config apply commands
+```
+
+6) Verify the cluster is up
+```bash
+```
+
+7) Export kubeconfig
+```bash
+# TODO: add export command
+```
+
+
+### Install
 1) Install base services to cluster
 ```bash
 cd tofu
@@ -172,7 +211,7 @@ cd tofu
 cp terraform.tfvars.example terraform.tfvars
 # authenticate to your cluster/cloud as needed, then:
 tofu init
-tofu plan
+tofu apply -exclude modules.cloudflare
 tofu apply  
 ```
 
@@ -217,28 +256,28 @@ open http://localhost:5173
 ```
 
 ## Testing Instructions
+The tests are located in 7project/backend/tests directory
+If you want to test locally, you have to have the DB running locally as well (start the docker compose in /backend).
+```bash
+cd backend
+```
 
 ### Unit Tests
-
+There are only 3 basic unit tests, since our services logic is very simple
 ```bash
-# Commands to run unit tests
-# For example:
-# go test ./...
-# npm test
+pytest tests/test_unit_user_service.py
 ```
 
 ### Integration Tests
-
+There are 11 basic unit tests, testing the individual backend API logic
 ```bash
-# Commands to run integration tests
-# Any setup required for integration tests
+pytest tests/test_integration_app.py 
 ```
 
 ### End-to-End Tests
-
+There are 7 e2e tests testing more complex app logic
 ```bash
-# Commands to run e2e tests
-# How to set up test environment
+pytest tests/test_e2e.py
 ```
 
 ## Usage Examples
@@ -315,22 +354,22 @@ curl -H "Authorization: Bearer $TOKEN" http://127.0.0.1:8000/authenticated-route
 
 ---
 
-## Self-Assessment Table
+## Progress Table
 
 > Be honest and detailed in your assessments.
 > This information is used for individual grading.
 > Link to the specific commit on GitHub for each contribution.
 
 | Task/Component                                                        | Assigned To | Status        | Time Spent | Difficulty | Notes       |
-|-----------------------------------------------------------------------|-------------| ------------- |----------------|------------| ----------- |
+|-----------------------------------------------------------------------|-------------| ------------- |------------|------------| ----------- |
 | [Project Setup & Repository](https://github.com/dat515-2025/Group-8#) | Lukas       | ✅ Complete    | [X hours]  | Medium     | [Any notes] |
-| [Design Document](https://github.com/dat515-2025/Group-8/blob/main/6design/design.md)          | Both        | ✅ Complete    | 2 Hours        | Easy       | [Any notes] |
-| [Backend API Development](https://github.com/dat515-2025/Group-8/tree/main/7project/backend/app/api)  | Dejan       | 🔄 In Progress    | 10 hours       | Medium     | [Any notes] |
+| [Design Document](https://github.com/dat515-2025/Group-8/blob/main/6design/design.md)          | Both        | ✅ Complete    | 4 Hours    | Easy       | [Any notes] |
+| [Backend API Development](https://github.com/dat515-2025/Group-8/tree/main/7project/backend/app/api)  | Dejan       | ✅ Complete    | 12 hours   | Medium     | [Any notes] |
 | [Database Setup & Models](https://github.com/dat515-2025/Group-8/tree/main/7project/backend/app/models)  | Lukas       | 🔄 In Progress    | [X hours]  | Medium     | [Any notes] |
-| [Frontend Development](https://github.com/dat515-2025/Group-8/tree/main/7project/frontend)     | Dejan       | 🔄 In Progress | 7 hours so far | Medium     | [Any notes] |
+| [Frontend Development](https://github.com/dat515-2025/Group-8/tree/main/7project/frontend)     | Dejan       | ✅ Complete | 17 hours   | Medium     | [Any notes] |
 | [Docker Configuration](https://github.com/dat515-2025/Group-8/blob/main/7project/compose.yml)     | Lukas       | ✅ Complete    | [X hours]  | Easy       | [Any notes] |
 | [Cloud Deployment](https://github.com/dat515-2025/Group-8/blob/main/7project/deployment/app-demo-deployment.yaml)         | Lukas       | ✅ Complete    | [X hours]  | Hard       | [Any notes] |
-| [Testing Implementation](https://github.com/dat515-2025/group-name)   | Dejan       | 🔄 In Progress     | [X hours]      | Medium     | [Any notes] |
+| [Testing Implementation](https://github.com/dat515-2025/group-name)   | Dejan       | ✅ Complete    | 16 hours   | Medium     | [Any notes] |
 | [Documentation](https://github.com/dat515-2025/group-name)            | Both        | 🔄 In Progress   | [X hours]  | Easy       | [Any notes] |
 | [Presentation Video](https://github.com/dat515-2025/group-name)       | Both        | ❌ Not Started     | [X hours]  | Medium     | [Any notes] |
 
@@ -354,14 +393,17 @@ curl -H "Authorization: Bearer $TOKEN" http://127.0.0.1:8000/authenticated-route
 ### Dejan
 
 | Date            | Activity             | Hours  | Description                                                   |
-|-----------------|----------------------|--------|----------------------------------------------------------------------------------|
+|-----------------|----------------------|--------|---------------------------------------------------------------|
 | 25.9.           | Design               | 2      | 6design                                                       |
-| 9.10 to 11.10.  | Backend APIs         | 10     | Implemented Backend APIs                                                         |
-| 13.10 to 15.10. | Frontend Development | 7      | Created user interface mockups                                                   |
-| Continually     | Documantation        | 5      | Documenting the dev process                                                      |
-| 21.10 to 23.10  | Tests, forntend      | 10     | Test basics, balance charts, and frontend improvement                            |
-| 28.10 to 30.10  | Tests, forntend      | 7      | Tests improvement with test database setup, UI fix and exchange rate integration |
-| **Total**       |                      | **41** |                                                                                  |
+| 9.10 to 11.10.  | Backend APIs         | 12     | Implemented Backend APIs                                      |
+| 13.10 to 15.10. | Frontend Development | 8      | Created user interface mockups                                |
+| Continually     | Documentation        | 6      | Documenting the dev process                                   |
+| 21.10 to 23.10  | Tests, frontend      | 10     | Test basics, balance charts, and frontend improvement         |
+| 28.10 to 30.10  | CI                   | 6      | Integrated tests with test database setup on github workflows |
+| 28.10 to 30.10  | Frontend             | 7      | UI improvements and exchange rate API integration             |
+| 4.11 to 6.11    | Tests                | 6      | Test fixes improvement, more integration and e2e              |
+| 4.11 to 6.11    | Frontend             | 6      | Fixes, Improved UI, added support for mobile devices          |
+| **Total**       |                      | **63** |                                                               |
 
 
 ### Group Total: [XXX.X] hours