feat(backend): implemented self delete for users

20 create a controller layer on backend side

6design/design.md

@@ -45,11 +45,11 @@ flowchart LR
     proc_cron[Task planner] --> proc_queue
     proc_queue_worker --> ext_bank[(Bank API)]
     proc_queue_worker --> db
-    client[Client/UI] --> api[API Gateway / Web Server]
-    api --> svc[Web API]
+    client[Client/UI] <--> api[API Gateway / Web Server]
+    api <--> svc[Web API]
     svc --> proc_queue
-    svc --> db[(Database)]
-    svc --> cache[(Cache)]
+    svc <--> db[(Database)]
+    svc <--> cache[(Cache)]
 ```
 
 - Components and responsibilities: What does each box do?

7project/backend/Dockerfile

@@ -5,4 +5,4 @@ COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
 COPY . .
 EXPOSE 8000
-CMD alembic upgrade head && uvicorn app.app:app --host 0.0.0.0 --port 8000
+CMD alembic upgrade head && uvicorn app.app:fastApi --host 0.0.0.0 --port 8000

7project/backend/alembic.ini

@@ -11,7 +11,7 @@ script_location = %(here)s/alembic
 # Uncomment the line below if you want the files to be prepended with date and time
 # see https://alembic.sqlalchemy.org/en/latest/tutorial.html#editing-the-ini-file
 # for all available tokens
-# file_template = %%(year)d_%%(month).2d_%%(day).2d_%%(hour).2d%%(minute).2d-%%(rev)s_%%(slug)s
+file_template = %%(year)d_%%(month).2d_%%(day).2d_%%(hour).2d%%(minute).2d-%%(rev)s_%%(slug)s
 
 # sys.path path, will be prepended to sys.path if present.
 # defaults to the current working directory.  for multiple paths, the path separator

7project/backend/alembic/versions/2025_10_09_1456-63e072f09836_add_categories.py

@@ -1,8 +1,8 @@
-"""Init migration
+"""add categories
 
-Revision ID: 81f275275556
+Revision ID: 63e072f09836
 Revises: 
-Create Date: 2025-09-24 17:39:25.346690
+Create Date: 2025-10-09 14:56:14.653249
 
 """
 from typing import Sequence, Union
@@ -13,7 +13,7 @@ import sqlalchemy as sa
 
 
 # revision identifiers, used by Alembic.
-revision: str = '81f275275556'
+revision: str = '63e072f09836'
 down_revision: Union[str, Sequence[str], None] = None
 branch_labels: Union[str, Sequence[str], None] = None
 depends_on: Union[str, Sequence[str], None] = None
@@ -22,12 +22,6 @@ depends_on: Union[str, Sequence[str], None] = None
 def upgrade() -> None:
     """Upgrade schema."""
     # ### commands auto generated by Alembic - please adjust! ###
-    op.create_table('transaction',
-    sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
-    sa.Column('amount', sa.Float(), nullable=False),
-    sa.Column('description', sa.String(length=255), nullable=True),
-    sa.PrimaryKeyConstraint('id')
-    )
     op.create_table('user',
     sa.Column('first_name', sa.String(length=100), nullable=True),
     sa.Column('last_name', sa.String(length=100), nullable=True),
@@ -40,13 +34,38 @@ def upgrade() -> None:
     sa.PrimaryKeyConstraint('id')
     )
     op.create_index(op.f('ix_user_email'), 'user', ['email'], unique=True)
+    op.create_table('categories',
+    sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
+    sa.Column('name', sa.String(length=100), nullable=False),
+    sa.Column('description', sa.String(length=255), nullable=True),
+    sa.Column('user_id', fastapi_users_db_sqlalchemy.generics.GUID(), nullable=False),
+    sa.ForeignKeyConstraint(['user_id'], ['user.id'], ),
+    sa.PrimaryKeyConstraint('id'),
+    sa.UniqueConstraint('name')
+    )
+    op.create_table('transaction',
+    sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
+    sa.Column('amount', sa.Float(), nullable=False),
+    sa.Column('description', sa.String(length=255), nullable=True),
+    sa.Column('user_id', fastapi_users_db_sqlalchemy.generics.GUID(), nullable=False),
+    sa.ForeignKeyConstraint(['user_id'], ['user.id'], ),
+    sa.PrimaryKeyConstraint('id')
+    )
+    op.create_table('category_transaction',
+    sa.Column('id_category', sa.Integer(), nullable=True),
+    sa.Column('id_transaction', sa.Integer(), nullable=True),
+    sa.ForeignKeyConstraint(['id_category'], ['categories.id'], ),
+    sa.ForeignKeyConstraint(['id_transaction'], ['transaction.id'], )
+    )
     # ### end Alembic commands ###
 
 
 def downgrade() -> None:
     """Downgrade schema."""
     # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_table('category_transaction')
+    op.drop_table('transaction')
+    op.drop_table('categories')
     op.drop_index(op.f('ix_user_email'), table_name='user')
     op.drop_table('user')
-    op.drop_table('transaction')
     # ### end Alembic commands ###

7project/backend/alembic/versions/2025_10_09_1514-390041bd839e_update_categories_unique.py

@@ -0,0 +1,34 @@
+"""update categories unique
+
+Revision ID: 390041bd839e
+Revises: 63e072f09836
+Create Date: 2025-10-09 15:14:31.557686
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision: str = '390041bd839e'
+down_revision: Union[str, Sequence[str], None] = '63e072f09836'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_index(op.f('name'), table_name='categories')
+    op.create_unique_constraint('uix_name_user_id', 'categories', ['name', 'user_id'])
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_constraint('uix_name_user_id', 'categories', type_='unique')
+    op.create_index(op.f('name'), 'categories', ['name'], unique=True)
+    # ### end Alembic commands ###

7project/backend/alembic/versions/2025_10_10_1405-7af8f296d089_add_user_oauth.py

@@ -0,0 +1,48 @@
+"""add user oauth
+
+Revision ID: 7af8f296d089
+Revises: 390041bd839e
+Create Date: 2025-10-10 14:05:00.153376
+
+"""
+from typing import Sequence, Union
+
+import fastapi_users_db_sqlalchemy
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision: str = '7af8f296d089'
+down_revision: Union[str, Sequence[str], None] = '390041bd839e'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('oauth_account',
+    sa.Column('id', fastapi_users_db_sqlalchemy.generics.GUID(), nullable=False),
+    sa.Column('user_id', fastapi_users_db_sqlalchemy.generics.GUID(), nullable=False),
+    sa.Column('oauth_name', sa.String(length=100), nullable=False),
+    sa.Column('access_token', sa.String(length=1024), nullable=False),
+    sa.Column('expires_at', sa.Integer(), nullable=True),
+    sa.Column('refresh_token', sa.String(length=1024), nullable=True),
+    sa.Column('account_id', sa.String(length=320), nullable=False),
+    sa.Column('account_email', sa.String(length=320), nullable=False),
+    sa.ForeignKeyConstraint(['user_id'], ['user.id'], ondelete='cascade'),
+    sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_oauth_account_account_id'), 'oauth_account', ['account_id'], unique=False)
+    op.create_index(op.f('ix_oauth_account_oauth_name'), 'oauth_account', ['oauth_name'], unique=False)
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_index(op.f('ix_oauth_account_oauth_name'), table_name='oauth_account')
+    op.drop_index(op.f('ix_oauth_account_account_id'), table_name='oauth_account')
+    op.drop_table('oauth_account')
+    # ### end Alembic commands ###

7project/backend/alembic/versions/2025_10_11_2107-5ab2e654c96e_change_token_lenght.py

@@ -0,0 +1,38 @@
+"""change token length
+
+Revision ID: 5ab2e654c96e
+Revises: 7af8f296d089
+Create Date: 2025-10-11 21:07:41.930470
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import mysql
+
+# revision identifiers, used by Alembic.
+revision: str = '5ab2e654c96e'
+down_revision: Union[str, Sequence[str], None] = '7af8f296d089'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column('oauth_account', 'access_token',
+               existing_type=mysql.VARCHAR(length=1024),
+               type_=sa.String(length=4096),
+               existing_nullable=False)
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column('oauth_account', 'access_token',
+               existing_type=sa.String(length=4096),
+               type_=mysql.VARCHAR(length=1024),
+               existing_nullable=False)
+    # ### end Alembic commands ###

7project/backend/app/api/auth.py

@@ -0,0 +1,49 @@
+from fastapi import APIRouter, Depends, status
+from fastapi_users import models
+from fastapi_users.manager import BaseUserManager
+
+from app.schemas.user import UserCreate, UserRead, UserUpdate
+from app.services.user_service import auth_backend, fastapi_users
+
+router = APIRouter()
+
+@router.delete(
+    "/users/me",
+    status_code=status.HTTP_204_NO_CONTENT,
+    tags=["users"],
+    summary="Delete current user",
+    response_description="The user has been successfully deleted.",
+)
+async def delete_me(
+    user: models.UserProtocol = Depends(fastapi_users.current_user(active=True)),
+    user_manager: BaseUserManager = Depends(fastapi_users.get_user_manager),
+):
+    """
+    Delete the currently authenticated user.
+    """
+    await user_manager.delete(user)
+
+# Keep existing paths as-is under /auth/* and /users/*
+router.include_router(
+    fastapi_users.get_auth_router(auth_backend), prefix="/auth/jwt", tags=["auth"]
+)
+router.include_router(
+    fastapi_users.get_register_router(UserRead, UserCreate),
+    prefix="/auth",
+    tags=["auth"],
+)
+router.include_router(
+    fastapi_users.get_reset_password_router(),
+    prefix="/auth",
+    tags=["auth"],
+)
+router.include_router(
+    fastapi_users.get_verify_router(UserRead),
+    prefix="/auth",
+    tags=["auth"],
+)
+router.include_router(
+    fastapi_users.get_users_router(UserRead, UserUpdate),
+    prefix="/users",
+    tags=["users"],
+)

7project/backend/app/api/categories.py

@@ -0,0 +1,77 @@
+from typing import List
+
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlalchemy import select, delete
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.models.categories import Category
+from app.schemas.category import CategoryCreate, CategoryRead
+from app.services.db import get_async_session
+from app.services.user_service import current_active_user
+from app.models.user import User
+
+router = APIRouter(prefix="/categories", tags=["categories"])
+
+
+@router.post("/create", response_model=CategoryRead, status_code=status.HTTP_201_CREATED)
+async def create_category(
+    payload: CategoryCreate,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    # Enforce per-user unique name via query to provide 409 feedback
+    res = await session.execute(
+        select(Category).where(Category.user_id == user.id, Category.name == payload.name)
+    )
+    existing = res.scalar_one_or_none()
+    if existing:
+        raise HTTPException(status_code=409, detail="Category with this name already exists")
+
+    category = Category(name=payload.name, description=payload.description, user_id=user.id)
+    session.add(category)
+    await session.commit()
+    await session.refresh(category)
+    return category
+
+
+@router.get("/", response_model=List[CategoryRead])
+async def list_categories(
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    res = await session.execute(select(Category).where(Category.user_id == user.id))
+    return list(res.scalars())
+
+
+@router.get("/{category_id}", response_model=CategoryRead)
+async def get_category(
+    category_id: int,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    res = await session.execute(
+        select(Category).where(Category.id == category_id, Category.user_id == user.id)
+    )
+    category = res.scalar_one_or_none()
+    if not category:
+        raise HTTPException(status_code=404, detail="Category not found")
+    return category
+
+
+@router.delete("/{category_id}", status_code=status.HTTP_204_NO_CONTENT)
+async def delete_category(
+    category_id: int,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    res = await session.execute(
+        select(Category.id).where(Category.id == category_id, Category.user_id == user.id)
+    )
+    if res.scalar_one_or_none() is None:
+        raise HTTPException(status_code=404, detail="Category not found")
+
+    await session.execute(
+        delete(Category).where(Category.id == category_id, Category.user_id == user.id)
+    )
+    await session.commit()
+    return None

7project/backend/app/api/transactions.py

@@ -0,0 +1,219 @@
+from typing import List, Optional
+
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlalchemy import select
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.models.transaction import Transaction
+from app.models.categories import Category
+from app.schemas.transaction import (
+    TransactionCreate,
+    TransactionRead,
+    TransactionUpdate,
+)
+from app.services.db import get_async_session
+from app.services.user_service import current_active_user
+from app.models.user import User
+
+router = APIRouter(prefix="/transactions", tags=["transactions"])
+
+
+def _to_read_model(tx: Transaction) -> TransactionRead:
+    return TransactionRead(
+        id=tx.id,
+        amount=tx.amount,
+        description=tx.description,
+        category_ids=[c.id for c in (tx.categories or [])],
+    )
+
+
+@router.post("/create", response_model=TransactionRead, status_code=status.HTTP_201_CREATED)
+async def create_transaction(
+    payload: TransactionCreate,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    tx = Transaction(amount=payload.amount, description=payload.description, user_id=user.id)
+
+    # Attach categories if provided (and owned by user)
+    if payload.category_ids:
+        res = await session.execute(
+            select(Category).where(
+                Category.user_id == user.id, Category.id.in_(payload.category_ids)
+            )
+        )
+        categories = list(res.scalars())
+        if len(categories) != len(set(payload.category_ids)):
+            raise HTTPException(
+                status_code=400,
+                detail="Duplicate category IDs provided or one or more categories not found"
+            )
+        tx.categories = categories
+
+    session.add(tx)
+    await session.commit()
+    await session.refresh(tx)
+    # Ensure categories are loaded
+    await session.refresh(tx, attribute_names=["categories"])
+    return _to_read_model(tx)
+
+
+@router.get("/", response_model=List[TransactionRead])
+async def list_transactions(
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    res = await session.execute(
+        select(Transaction).where(Transaction.user_id == user.id).order_by(Transaction.id)
+    )
+    txs = list(res.scalars())
+    # Eagerly load categories for each transaction
+    for tx in txs:
+        await session.refresh(tx, attribute_names=["categories"])
+    return [_to_read_model(tx) for tx in txs]
+
+
+@router.get("/{transaction_id}", response_model=TransactionRead)
+async def get_transaction(
+    transaction_id: int,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    res = await session.execute(
+        select(Transaction).where(
+            Transaction.id == transaction_id, Transaction.user_id == user.id
+        )
+    )
+    tx: Optional[Transaction] = res.scalar_one_or_none()
+    if not tx:
+        raise HTTPException(status_code=404, detail="Transaction not found")
+    await session.refresh(tx, attribute_names=["categories"])
+    return _to_read_model(tx)
+
+
+@router.patch("/{transaction_id}/edit", response_model=TransactionRead)
+async def update_transaction(
+    transaction_id: int,
+    payload: TransactionUpdate,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    res = await session.execute(
+        select(Transaction).where(
+            Transaction.id == transaction_id, Transaction.user_id == user.id
+        )
+    )
+    tx: Optional[Transaction] = res.scalar_one_or_none()
+    if not tx:
+        raise HTTPException(status_code=404, detail="Transaction not found")
+
+    if payload.amount is not None:
+        tx.amount = payload.amount
+    if payload.description is not None:
+        tx.description = payload.description
+
+    if payload.category_ids is not None:
+        # Preload categories to avoid async lazy-load during assignment
+        await session.refresh(tx, attribute_names=["categories"])
+        if payload.category_ids:
+            # Check for duplicate category IDs in the payload
+            if len(payload.category_ids) != len(set(payload.category_ids)):
+                raise HTTPException(status_code=400, detail="Duplicate category IDs in payload")
+            res = await session.execute(
+                select(Category).where(
+                    Category.user_id == user.id, Category.id.in_(payload.category_ids)
+                )
+            )
+            categories = list(res.scalars())
+            if len(categories) != len(payload.category_ids):
+                raise HTTPException(status_code=400, detail="One or more categories not found")
+            tx.categories = categories
+        else:
+            tx.categories = []
+
+    await session.commit()
+    await session.refresh(tx, attribute_names=["categories"])
+    return _to_read_model(tx)
+
+
+@router.delete("/{transaction_id}/delete", status_code=status.HTTP_204_NO_CONTENT)
+async def delete_transaction(
+    transaction_id: int,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    res = await session.execute(
+        select(Transaction).where(
+            Transaction.id == transaction_id, Transaction.user_id == user.id
+        )
+    )
+    tx = res.scalar_one_or_none()
+    if not tx:
+        raise HTTPException(status_code=404, detail="Transaction not found")
+
+    await session.delete(tx)
+    await session.commit()
+    return None
+
+
+@router.post("/{transaction_id}/categories/{category_id}", response_model=TransactionRead)
+async def assign_category(
+    transaction_id: int,
+    category_id: int,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    # Load transaction and category ensuring ownership
+    res_tx = await session.execute(
+        select(Transaction).where(
+            Transaction.id == transaction_id, Transaction.user_id == user.id
+        )
+    )
+    tx: Optional[Transaction] = res_tx.scalar_one_or_none()
+    if not tx:
+        raise HTTPException(status_code=404, detail="Transaction not found")
+
+    res_cat = await session.execute(
+        select(Category).where(Category.id == category_id, Category.user_id == user.id)
+    )
+    cat: Optional[Category] = res_cat.scalar_one_or_none()
+    if not cat:
+        raise HTTPException(status_code=404, detail="Category not found")
+
+    await session.refresh(tx, attribute_names=["categories"])
+    if cat not in tx.categories:
+        tx.categories.append(cat)
+        await session.commit()
+        await session.refresh(tx, attribute_names=["categories"])
+    return _to_read_model(tx)
+
+
+@router.delete("/{transaction_id}/categories/{category_id}", response_model=TransactionRead)
+async def unassign_category(
+    transaction_id: int,
+    category_id: int,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    res_tx = await session.execute(
+        select(Transaction).where(
+            Transaction.id == transaction_id, Transaction.user_id == user.id
+        )
+    )
+    tx: Optional[Transaction] = res_tx.scalar_one_or_none()
+    if not tx:
+        raise HTTPException(status_code=404, detail="Transaction not found")
+
+    res_cat = await session.execute(
+        select(Category).where(Category.id == category_id, Category.user_id == user.id)
+    )
+    cat: Optional[Category] = res_cat.scalar_one_or_none()
+    if not cat:
+        raise HTTPException(status_code=404, detail="Category not found")
+
+    await session.refresh(tx, attribute_names=["categories"])
+    if cat in tx.categories:
+        tx.categories.remove(cat)
+        await session.commit()
+        await session.refresh(tx, attribute_names=["categories"])
+    return _to_read_model(tx)

7project/backend/app/app.py

@@ -3,13 +3,16 @@ from fastapi.middleware.cors import CORSMiddleware
 
 from app.models.user import User
 
-from app.schemas.user import UserCreate, UserRead, UserUpdate
-from app.services.user_service import auth_backend, current_active_verified_user, fastapi_users
+from app.services.user_service import current_active_verified_user
+from app.api.auth import router as auth_router
+from app.api.categories import router as categories_router
+from app.api.transactions import router as transactions_router
+from app.services.user_service import auth_backend, current_active_verified_user, fastapi_users, get_oauth_provider
 
-app = FastAPI()
+fastApi = FastAPI()
 
 # CORS for frontend dev server
-app.add_middleware(
+fastApi.add_middleware(
     CORSMiddleware,
     allow_origins=[
         "http://localhost:5173",
@@ -20,37 +23,39 @@ app.add_middleware(
     allow_headers=["*"],
 )
 
-app.include_router(
-    fastapi_users.get_auth_router(auth_backend), prefix="/auth/jwt", tags=["auth"]
-)
-app.include_router(
-    fastapi_users.get_register_router(UserRead, UserCreate),
-    prefix="/auth",
+fastApi.include_router(auth_router)
+fastApi.include_router(categories_router)
+fastApi.include_router(transactions_router)
+
+fastApi.include_router(
+    fastapi_users.get_oauth_router(
+        get_oauth_provider("MojeID"),
+        auth_backend,
+        "SECRET",
+        associate_by_email=True,
+    ),
+    prefix="/auth/mojeid",
     tags=["auth"],
 )
-app.include_router(
-    fastapi_users.get_reset_password_router(),
-    prefix="/auth",
+
+fastApi.include_router(
+    fastapi_users.get_oauth_router(
+        get_oauth_provider("BankID"),
+        auth_backend,
+        "SECRET",
+        associate_by_email=True,
+    ),
+    prefix="/auth/bankid",
     tags=["auth"],
 )
-app.include_router(
-    fastapi_users.get_verify_router(UserRead),
-    prefix="/auth",
-    tags=["auth"],
-)
-app.include_router(
-    fastapi_users.get_users_router(UserRead, UserUpdate),
-    prefix="/users",
-    tags=["users"],
-)
 
 
 # Liveness/root endpoint
-@app.get("/", include_in_schema=False)
+@fastApi.get("/", include_in_schema=False)
 async def root():
     return {"status": "ok"}
 
 
-@app.get("/authenticated-route")
+@fastApi.get("/authenticated-route")
 async def authenticated_route(user: User = Depends(current_active_verified_user)):
     return {"message": f"Hello {user.email}!"}

7project/backend/app/core/db.py

@@ -17,6 +17,7 @@ if not DATABASE_URL:
 # Load all models to register them
 from app.models.user import User
 from app.models.transaction import Transaction
+from app.models.categories import Category
 
 ssl_enabled = os.getenv("MARIADB_HOST", "localhost") != "localhost"
 connect_args = {"ssl": {"ssl": True}} if ssl_enabled else {}

7project/backend/app/models/categories.py

@@ -0,0 +1,25 @@
+from fastapi_users_db_sqlalchemy import GUID
+from sqlalchemy import Column, Integer, String, ForeignKey, Table, UniqueConstraint
+from sqlalchemy.orm import relationship
+
+from app.core.base import Base
+
+association_table = Table(
+    "category_transaction",
+    Base.metadata,
+    Column("id_category", Integer, ForeignKey("categories.id")),
+    Column("id_transaction", Integer, ForeignKey("transaction.id"))
+)
+
+
+class Category(Base):
+    __tablename__ = "categories"
+    __table_args__ = (
+        UniqueConstraint("name", "user_id", name="uix_name_user_id"),
+    )
+    id = Column(Integer, primary_key=True, autoincrement=True)
+    name = Column(String(length=100), nullable=False)
+    description = Column(String(length=255), nullable=True)
+    user_id = Column(GUID, ForeignKey("user.id"), nullable=False)
+    user = relationship("User", back_populates="categories")
+    transactions = relationship("Transaction", secondary=association_table, back_populates="categories")

7project/backend/app/models/transaction.py

@@ -1,9 +1,17 @@
-from sqlalchemy import Column, Integer, String, Float
+from fastapi_users_db_sqlalchemy import GUID
+from sqlalchemy import Column, Integer, String, Float, ForeignKey
+from sqlalchemy.orm import relationship
 from app.core.base import Base
+from app.models.categories import association_table
+
 
 class Transaction(Base):
     __tablename__ = "transaction"
     id = Column(Integer, primary_key=True, autoincrement=True)
     amount = Column(Float, nullable=False)
     description = Column(String(length=255), nullable=True)
+    user_id = Column(GUID, ForeignKey("user.id"), nullable=False)
 
+    # Relationship
+    user = relationship("User", back_populates="transactions")
+    categories = relationship("Category", secondary=association_table, back_populates="transactions")

7project/backend/app/models/user.py

@@ -1,7 +1,19 @@
 from sqlalchemy import Column, String
-from fastapi_users.db import SQLAlchemyBaseUserTableUUID
+from sqlalchemy.orm import relationship, mapped_column, Mapped
+from fastapi_users.db import SQLAlchemyBaseUserTableUUID, SQLAlchemyBaseOAuthAccountTableUUID
 from app.core.base import Base
 
+
+class OAuthAccount(SQLAlchemyBaseOAuthAccountTableUUID, Base):
+    # BankID token is longer than default
+    access_token: Mapped[str] = mapped_column(String(length=4096), nullable=False)
+
+
 class User(SQLAlchemyBaseUserTableUUID, Base):
     first_name = Column(String(length=100), nullable=True)
     last_name = Column(String(length=100), nullable=True)
+    oauth_accounts = relationship("OAuthAccount", lazy="joined")
+
+    # Relationship
+    transactions = relationship("Transaction", back_populates="user")
+    categories = relationship("Category", back_populates="user")

7project/backend/app/oauth/bank_id.py

@@ -0,0 +1,50 @@
+import secrets
+from typing import Optional, Literal
+
+from httpx_oauth.oauth2 import T
+
+from app.oauth.custom_openid import CustomOpenID
+
+
+class BankID(CustomOpenID):
+    def __init__(self, client_id: str, client_secret: str):
+        super().__init__(
+            client_id,
+            client_secret,
+            "https://oidc.sandbox.bankid.cz/.well-known/openid-configuration",
+            "BankID",
+            base_scopes=["openid", "profile.email", "profile.name"],
+        )
+
+    async def get_user_info(self, token: str) -> dict:
+        info = await self.get_profile(token)
+
+        return {
+            "first_name": info.get("given_name"),
+            "last_name": info.get("family_name"),
+        }
+
+    async def get_authorization_url(
+            self,
+            redirect_uri: str,
+            state: Optional[str] = None,
+            scope: Optional[list[str]] = None,
+            code_challenge: Optional[str] = None,
+            code_challenge_method: Optional[Literal["plain", "S256"]] = None,
+            extras_params: Optional[T] = None,
+    ) -> str:
+        if extras_params is None:
+            extras_params = {}
+
+        # BankID requires random nonce parameter for security
+        # https://developer.bankid.cz/docs/security_sep
+        extras_params["nonce"] = secrets.token_urlsafe()
+
+        return await super().get_authorization_url(
+            redirect_uri,
+            state,
+            scope,
+            code_challenge,
+            code_challenge_method,
+            extras_params,
+        )

7project/backend/app/oauth/custom_openid.py

@@ -0,0 +1,6 @@
+from httpx_oauth.clients.openid import OpenID
+
+
+class CustomOpenID(OpenID):
+    async def get_user_info(self, token: str) -> dict:
+        raise NotImplementedError()

7project/backend/app/oauth/moje_id.py

@@ -0,0 +1,56 @@
+import json
+from typing import Optional, Literal, Any
+
+from httpx_oauth.oauth2 import T
+
+from app.oauth.custom_openid import CustomOpenID
+
+
+class MojeIDOAuth(CustomOpenID):
+    def __init__(self, client_id: str, client_secret: str):
+        super().__init__(
+            client_id,
+            client_secret,
+            "https://mojeid.regtest.nic.cz/.well-known/openid-configuration/",
+            "MojeID",
+            base_scopes=["openid", "email", "profile"],
+        )
+
+    async def get_user_info(self, token: str) -> Optional[Any]:
+        info = await self.get_profile(token)
+
+        return {
+            "first_name": info.get("given_name"),
+            "last_name": info.get("family_name"),
+        }
+
+    async def get_authorization_url(
+            self,
+            redirect_uri: str,
+            state: Optional[str] = None,
+            scope: Optional[list[str]] = None,
+            code_challenge: Optional[str] = None,
+            code_challenge_method: Optional[Literal["plain", "S256"]] = None,
+            extras_params: Optional[T] = None,
+    ) -> str:
+        required_fields = {
+            'id_token': {
+                'name': {'essential': True},
+                'given_name': {'essential': True},
+                'family_name': {'essential': True},
+                'email': {'essential': True},
+                'mojeid_valid': {'essential': True},
+            }}
+
+        if extras_params is None:
+            extras_params = {}
+        extras_params["claims"] = json.dumps(required_fields)
+
+        return await super().get_authorization_url(
+            redirect_uri,
+            state,
+            scope,
+            code_challenge,
+            code_challenge_method,
+            extras_params,
+        )

7project/backend/app/schemas/category.py

@@ -0,0 +1,16 @@
+from typing import Optional
+from pydantic import BaseModel, ConfigDict
+
+
+class CategoryBase(BaseModel):
+    name: str
+    description: Optional[str] = None
+
+
+class CategoryCreate(CategoryBase):
+    pass
+
+
+class CategoryRead(CategoryBase):
+    id: int
+    model_config = ConfigDict(from_attributes=True)

7project/backend/app/schemas/transaction.py

@@ -0,0 +1,21 @@
+from typing import List, Optional
+from pydantic import BaseModel, Field, ConfigDict
+
+
+class TransactionBase(BaseModel):
+    amount: float = Field(..., gt=-1e18, lt=1e18)
+    description: Optional[str] = None
+
+class TransactionCreate(TransactionBase):
+    category_ids: Optional[List[int]] = None
+
+class TransactionUpdate(BaseModel):
+    amount: Optional[float] = Field(None, gt=-1e18, lt=1e18)
+    description: Optional[str] = None
+    category_ids: Optional[List[int]] = None
+
+class TransactionRead(TransactionBase):
+    id: int
+    category_ids: List[int] = []
+
+    model_config = ConfigDict(from_attributes=True)

7project/backend/app/schemas/user.py

@@ -4,13 +4,13 @@ from fastapi_users import schemas
 
 class UserRead(schemas.BaseUser[uuid.UUID]):
     first_name: Optional[str] = None
-    surname: Optional[str] = None
+    last_name: Optional[str] = None
 
 class UserCreate(schemas.BaseUserCreate):
     first_name: Optional[str] = None
-    surname: Optional[str] = None
+    last_name: Optional[str] = None
 
 class UserUpdate(schemas.BaseUserUpdate):
     first_name: Optional[str] = None
-    surname: Optional[str] = None
+    last_name: Optional[str] = None
 

7project/backend/app/services/db.py

@@ -4,11 +4,13 @@ from sqlalchemy.ext.asyncio import AsyncSession
 from fastapi_users.db import SQLAlchemyUserDatabase
 
 from ..core.db import async_session_maker
-from ..models.user import User
+from ..models.user import User, OAuthAccount
+
 
 async def get_async_session() -> AsyncGenerator[AsyncSession, None]:
     async with async_session_maker() as session:
         yield session
 
+
 async def get_user_db(session: AsyncSession = Depends(get_async_session)):
-    yield SQLAlchemyUserDatabase(session, User)
+    yield SQLAlchemyUserDatabase(session, User, OAuthAccount)

7project/backend/app/services/user_service.py

@@ -3,26 +3,66 @@ import uuid
 from typing import Optional
 
 from fastapi import Depends, Request
-from fastapi_users import BaseUserManager, FastAPIUsers, UUIDIDMixin
+from fastapi_users import BaseUserManager, FastAPIUsers, UUIDIDMixin, models
 from fastapi_users.authentication import (
     AuthenticationBackend,
     BearerTransport,
 )
 from fastapi_users.authentication.strategy.jwt import JWTStrategy
 from fastapi_users.db import SQLAlchemyUserDatabase
+from httpx_oauth.oauth2 import BaseOAuth2
 
 from app.models.user import User
+from app.oauth.bank_id import BankID
+from app.oauth.custom_openid import CustomOpenID
+from app.oauth.moje_id import MojeIDOAuth
 from app.services.db import get_user_db
 from app.core.queue import enqueue_email
 
 SECRET = os.getenv("SECRET", "CHANGE_ME_SECRET")
+
 FRONTEND_URL = os.getenv("FRONTEND_URL", "http://localhost:5173")
 BACKEND_URL = os.getenv("BACKEND_URL", "http://localhost:8000")
 
+providers = {
+    "MojeID": MojeIDOAuth(
+        os.getenv("MOJEID_CLIENT_ID", "CHANGE_ME_CLIENT_ID"),
+        os.getenv("MOJEID_CLIENT_SECRET", "CHANGE_ME_CLIENT_SECRET"),
+    ),
+    "BankID": BankID(
+        os.getenv("BANKID_CLIENT_ID", "CHANGE_ME_CLIENT_ID"),
+        os.getenv("BANKID_CLIENT_SECRET", "CHANGE_ME_CLIENT_SECRET"),
+    )
+}
+
+
+def get_oauth_provider(name: str) -> Optional[BaseOAuth2]:
+    if name not in providers:
+        return None
+    return providers[name]
+
+
 class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
     reset_password_token_secret = SECRET
     verification_token_secret = SECRET
 
+    async def oauth_callback(self: "BaseUserManager[models.UOAP, models.ID]", oauth_name: str, access_token: str,
+                             account_id: str, account_email: str, expires_at: Optional[int] = None,
+                             refresh_token: Optional[str] = None, request: Optional[Request] = None, *,
+                             associate_by_email: bool = False, is_verified_by_default: bool = False) -> models.UOAP:
+
+        user = await super().oauth_callback(oauth_name, access_token, account_id, account_email, expires_at,
+                                            refresh_token, request, associate_by_email=associate_by_email,
+                                            is_verified_by_default=is_verified_by_default)
+
+        # set additional user info from the OAuth provider
+        provider = get_oauth_provider(oauth_name)
+        if provider is not None and isinstance(provider, CustomOpenID):
+            update_dict = await provider.get_user_info(access_token)
+            await self.user_db.update(user, update_dict)
+
+        return user
+
     async def on_after_register(self, user: User, request: Optional[Request] = None):
         await self.request_verify(user, request)
 
@@ -52,14 +92,18 @@ class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
             print("[Email Fallback] Subject:", subject)
             print("[Email Fallback] Body:\n", body)
 
+
 async def get_user_manager(user_db: SQLAlchemyUserDatabase = Depends(get_user_db)):
     yield UserManager(user_db)
 
+
 bearer_transport = BearerTransport(tokenUrl="auth/jwt/login")
 
+
 def get_jwt_strategy() -> JWTStrategy:
     return JWTStrategy(secret=SECRET, lifetime_seconds=3600)
 
+
 auth_backend = AuthenticationBackend(
     name="jwt",
     transport=bearer_transport,
@@ -70,4 +114,3 @@ fastapi_users = FastAPIUsers[User, uuid.UUID](get_user_manager, [auth_backend])
 
 current_active_user = fastapi_users.current_user(active=True)
 current_active_verified_user = fastapi_users.current_user(active=True, verified=True)
-

7project/backend/requirements.txt

@@ -11,6 +11,7 @@ asyncmy==0.2.9
 bcrypt==4.3.0
 billiard==4.2.2
 celery==5.5.3
+certifi==2025.10.5
 cffi==2.0.0
 click==8.1.8
 click-didyoumean==0.3.1
@@ -25,7 +26,10 @@ fastapi-users==14.0.1
 fastapi-users-db-sqlalchemy==7.0.0
 greenlet==3.2.4
 h11==0.16.0
+httpcore==1.0.9
 httptools==0.6.4
+httpx==0.28.1
+httpx-oauth==0.16.1
 idna==3.10
 kombu==5.5.4
 makefun==1.16.0

7project/charts/myapp-chart/templates/app-deployment.yaml

@@ -25,7 +25,7 @@ spec:
             - containerPort: {{ .Values.app.port }}
           env:
             - name: MARIADB_HOST
-              value: {{ printf "%s.%s.svc.cluster.local" .Values.mariadb.mariaDbRef.name .Values.mariadb.mariaDbRef.namespace | quote }}
+              value: "mariadb-repl-maxscale-internal.mariadb-operator.svc.cluster.local"
             - name: MARIADB_PORT
               value: '3306'
             - name: MARIADB_DB

7project/checklist.md

@@ -0,0 +1,81 @@
+# Project Evaluation Checklist
+
+The group earn points by completing items from the categories below.
+You are not expected to complete all items.
+Focus on areas that align with your project goals and interests.
+
+The core deliverables are required.
+This means that you must get at least 2 points for each item in this category.
+
+| **Category**                     | **Item**                                | **Max Points** | **Points**       |
+| -------------------------------- | --------------------------------------- | -------------- | ---------------- |
+| **Core Deliverables (Required)** |                                         |                |                  |
+| Codebase & Organization          | Well-organized project structure        | 5              |                  |
+|                                  | Clean, readable code                    | 5              |                  |
+|                                  | Use planning tool (e.g., GitHub issues) | 5              |                  |
+|                                  | Proper version control usage            | 5              |                  |
+|                                  | Complete source code                    | 5              |                  |
+| Documentation                    | Comprehensive reproducibility report    | 10             |                  |
+|                                  | Updated design document                 | 5              |                  |
+|                                  | Clear build/deployment instructions     | 5              |                  |
+|                                  | Troubleshooting guide                   | 5              |                  |
+|                                  | Completed self-assessment table         | 5              |                  |
+|                                  | Hour sheets for all members             | 5              |                  |
+| Presentation Video               | Project demonstration                   | 5              |                  |
+|                                  | Code walk-through                       | 5              |                  |
+|                                  | Deployment showcase                     | 5              |                  |
+| **Technical Implementation**     |                                         |                |                  |
+| Application Functionality        | Basic functionality works               | 10             |                  |
+|                                  | Advanced features implemented           | 10             |                  |
+|                                  | Error handling & robustness             | 10             |                  |
+|                                  | User-friendly interface                 | 5              |                  |
+| Backend & Architecture           | Stateless web server                    | 5              |                  |
+|                                  | Stateful application                    | 10             |                  |
+|                                  | Database integration                    | 10             |                  |
+|                                  | API design                              | 5              |                  |
+|                                  | Microservices architecture              | 10             |                  |
+| Cloud Integration                | Basic cloud deployment                  | 10             |                  |
+|                                  | Cloud APIs usage                        | 10             |                  |
+|                                  | Serverless components                   | 10             |                  |
+|                                  | Advanced cloud services                 | 5              |                  |
+| **DevOps & Deployment**          |                                         |                |                  |
+| Containerization                 | Basic Dockerfile                        | 5              |                  |
+|                                  | Optimized Dockerfile                    | 5              |                  |
+|                                  | Docker Compose                          | 5              |                  |
+|                                  | Persistent storage                      | 5              |                  |
+| Deployment & Scaling             | Manual deployment                       | 5              |                  |
+|                                  | Automated deployment                    | 5              |                  |
+|                                  | Multiple replicas                       | 5              |                  |
+|                                  | Kubernetes deployment                   | 10             |                  |
+| **Quality Assurance**            |                                         |                |                  |
+| Testing                          | Unit tests                              | 5              |                  |
+|                                  | Integration tests                       | 5              |                  |
+|                                  | End-to-end tests                        | 5              |                  |
+|                                  | Performance testing                     | 5              |                  |
+| Monitoring & Operations          | Health checks                           | 5              |                  |
+|                                  | Logging                                 | 5              |                  |
+|                                  | Metrics/Monitoring                      | 5              |                  |
+| Security                         | HTTPS/TLS                               | 5              |                  |
+|                                  | Authentication                          | 5              |                  |
+|                                  | Authorization                           | 5              |                  |
+| **Innovation & Excellence**      |                                         |                |                  |
+| Advanced Features and            | AI/ML Integration                       | 10             |                  |
+| Technical Excellence             | Real-time features                      | 10             |                  |
+|                                  | Creative problem solving                | 10             |                  |
+|                                  | Performance optimization                | 5              |                  |
+|                                  | Exceptional user experience             | 5              |                  |
+| **Total**                        |                                         | **255**        | **[Your Total]** |
+
+## Grading Scale
+
+- **Minimum Required: 100 points**
+- **Maximum: 200+ points**
+
+| Grade | Points   |
+| ----- | -------- |
+| A     | 180-200+ |
+| B     | 160-179  |
+| C     | 140-159  |
+| D     | 120-139  |
+| E     | 100-119  |
+| F     | 0-99     |

7project/create_migration.sh

@@ -8,4 +8,8 @@ fi
 cd backend || { echo "Directory 'backend' does not exist"; exit 1; }
 alembic revision --autogenerate -m "$1"
 git add alembic/versions/*
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+echo -e "${YELLOW}Don't forget to check imports in the new migration file!${NC}"
 cd - || exit

7project/frontend/src/App.css

@@ -1,42 +1 @@
-#root {
-  max-width: 1280px;
-  margin: 0 auto;
-  padding: 2rem;
-  text-align: center;
-}
-
-.logo {
-  height: 6em;
-  padding: 1.5em;
-  will-change: filter;
-  transition: filter 300ms;
-}
-.logo:hover {
-  filter: drop-shadow(0 0 2em #646cffaa);
-}
-.logo.react:hover {
-  filter: drop-shadow(0 0 2em #61dafbaa);
-}
-
-@keyframes logo-spin {
-  from {
-    transform: rotate(0deg);
-  }
-  to {
-    transform: rotate(360deg);
-  }
-}
-
-@media (prefers-reduced-motion: no-preference) {
-  a:nth-of-type(2) .logo {
-    animation: logo-spin infinite 20s linear;
-  }
-}
-
-.card {
-  padding: 2em;
-}
-
-.read-the-docs {
-  color: #888;
-}
+/* App-level styles moved to ui.css for a cleaner layout. */

7project/frontend/src/App.tsx

@@ -1,39 +1,39 @@
-import { useState } from 'react'
-import reactLogo from './assets/react.svg'
-import viteLogo from '/vite.svg'
-import './App.css'
-import { BACKEND_URL } from './config'
+import { useEffect, useState } from 'react';
+import './App.css';
+import LoginRegisterPage from './pages/LoginRegisterPage';
+import Dashboard from './pages/Dashboard';
+import { logout } from './api';
 
 function App() {
-  const [count, setCount] = useState(0)
+  const [hasToken, setHasToken] = useState<boolean>(!!localStorage.getItem('token'));
+
+  useEffect(() => {
+    // Handle OAuth callback: /oauth-callback?access_token=...&token_type=...
+    if (window.location.pathname === '/oauth-callback') {
+      const params = new URLSearchParams(window.location.search);
+      const token = params.get('access_token');
+      if (token) {
+        localStorage.setItem('token', token);
+        setHasToken(true);
+      }
+      // Clean URL and redirect to home
+      window.history.replaceState({}, '', '/');
+    }
+
+    const onStorage = (e: StorageEvent) => {
+      if (e.key === 'token') setHasToken(!!e.newValue);
+    };
+    window.addEventListener('storage', onStorage);
+    return () => window.removeEventListener('storage', onStorage);
+  }, []);
+
+  if (!hasToken) {
+    return <LoginRegisterPage onLoggedIn={() => setHasToken(true)} />;
+  }
 
   return (
-    <>
-      <div>
-        <a href="https://vite.dev" target="_blank">
-          <img src={viteLogo} className="logo" alt="Vite logo" />
-        </a>
-        <a href="https://react.dev" target="_blank">
-          <img src={reactLogo} className="logo react" alt="React logo" />
-        </a>
-      </div>
-      <h1>Vite + React</h1>
-      <div className="card">
-        <button onClick={() => setCount((count) => count + 1)}>
-          count is {count}
-        </button>
-        <p>
-          Edit <code>src/App.tsx</code> and save to test HMR
-        </p>
-        <p style={{ fontSize: 12, color: '#888' }}>
-          Backend URL: <code>{BACKEND_URL || '(not configured)'}</code>
-        </p>
-      </div>
-      <p className="read-the-docs">
-        Click on the Vite and React logos to learn more
-      </p>
-    </>
-  )
+    <Dashboard onLogout={() => { logout(); setHasToken(false); }} />
+  );
 }
 
-export default App
+export default App;

7project/frontend/src/api.ts

@@ -0,0 +1,143 @@
+import { BACKEND_URL } from './config';
+
+export type LoginResponse = {
+  access_token: string;
+  token_type: string;
+};
+
+export type Category = {
+  id: number;
+  name: string;
+  description?: string | null;
+};
+
+export type Transaction = {
+  id: number;
+  amount: number;
+  description?: string | null;
+  category_ids: number[];
+};
+
+function getBaseUrl() {
+  const base = BACKEND_URL?.replace(/\/$/, '') || '';
+  return base || '';
+}
+
+function authHeaders() {
+  const token = localStorage.getItem('token');
+  return token ? { Authorization: `Bearer ${token}` } : {};
+}
+
+export async function login(email: string, password: string): Promise<void> {
+  const body = new URLSearchParams();
+  body.set('username', email);
+  body.set('password', password);
+
+  const res = await fetch(`${getBaseUrl()}/auth/jwt/login`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/x-www-form-urlencoded',
+    },
+    body: body.toString(),
+  });
+  if (!res.ok) {
+    const text = await res.text();
+    throw new Error(text || 'Login failed');
+  }
+  const data: LoginResponse = await res.json();
+  localStorage.setItem('token', data.access_token);
+}
+
+export async function register(email: string, password: string, first_name?: string, last_name?: string): Promise<void> {
+  const res = await fetch(`${getBaseUrl()}/auth/register`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ email, password, first_name, last_name }),
+  });
+  if (!res.ok) {
+    const text = await res.text();
+    throw new Error(text || 'Registration failed');
+  }
+}
+
+export async function getCategories(): Promise<Category[]> {
+  const res = await fetch(`${getBaseUrl()}/categories/`, {
+    headers: { 'Content-Type': 'application/json', ...authHeaders() },
+  });
+  if (!res.ok) throw new Error('Failed to load categories');
+  return res.json();
+}
+
+export type CreateTransactionInput = {
+  amount: number;
+  description?: string;
+  category_ids?: number[];
+};
+
+export async function createTransaction(input: CreateTransactionInput): Promise<Transaction> {
+  const res = await fetch(`${getBaseUrl()}/transactions/create`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', ...authHeaders() },
+    body: JSON.stringify(input),
+  });
+  if (!res.ok) {
+    const text = await res.text();
+    throw new Error(text || 'Failed to create transaction');
+  }
+  return res.json();
+}
+
+export async function getTransactions(): Promise<Transaction[]> {
+    const res = await fetch(`${getBaseUrl()}/transactions/`, {
+    headers: { 'Content-Type': 'application/json', ...authHeaders() },
+  });
+  if (!res.ok) throw new Error('Failed to load transactions');
+  return res.json();
+}
+
+export type User = {
+  id: string;
+  email: string;
+  first_name?: string | null;
+  last_name?: string | null;
+  is_active: boolean;
+  is_superuser: boolean;
+  is_verified: boolean;
+};
+
+export async function getMe(): Promise<User> {
+  const res = await fetch(`${getBaseUrl()}/users/me`, {
+    headers: { 'Content-Type': 'application/json', ...authHeaders() },
+  });
+  if (!res.ok) throw new Error('Failed to load user');
+  return res.json();
+}
+
+export type UpdateMeInput = Partial<Pick<User, 'first_name' | 'last_name'>> & { password?: string };
+export async function updateMe(input: UpdateMeInput): Promise<User> {
+  const res = await fetch(`${getBaseUrl()}/users/me`, {
+    method: 'PATCH',
+    headers: { 'Content-Type': 'application/json', ...authHeaders() },
+    body: JSON.stringify(input),
+  });
+  if (!res.ok) {
+    const text = await res.text();
+    throw new Error(text || 'Failed to update user');
+  }
+  return res.json();
+}
+
+export async function deleteMe(): Promise<void> {
+  const res = await fetch(`${getBaseUrl()}/users/me`, {
+    method: 'DELETE',
+    headers: { ...authHeaders() },
+  });
+  if (!res.ok) {
+    const text = await res.text();
+    throw new Error(text || 'Failed to delete account');
+  }
+}
+
+export function logout() {
+  localStorage.removeItem('token');
+}

7project/frontend/src/main.tsx

@@ -1,7 +1,11 @@
 import { StrictMode } from 'react'
 import { createRoot } from 'react-dom/client'
 import './index.css'
+import './ui.css'
 import App from './App.tsx'
+import { applyAppearanceFromStorage } from './appearance'
+
+applyAppearanceFromStorage()
 
 createRoot(document.getElementById('root')!).render(
   <StrictMode>

7project/frontend/src/pages/Dashboard.tsx

@@ -0,0 +1,172 @@
+import { useEffect, useMemo, useState } from 'react';
+import { type Category, type Transaction, createTransaction, getCategories, getTransactions } from '../api';
+import AccountPage from './AccountPage';
+import AppearancePage from './AppearancePage';
+
+function formatAmount(n: number) {
+  return new Intl.NumberFormat(undefined, { minimumFractionDigits: 2, maximumFractionDigits: 2 }).format(n);
+}
+
+export default function Dashboard({ onLogout }: { onLogout: () => void }) {
+  const [current, setCurrent] = useState<'home' | 'account' | 'appearance'>('home');
+  const [transactions, setTransactions] = useState<Transaction[]>([]);
+  const [categories, setCategories] = useState<Category[]>([]);
+  const [loading, setLoading] = useState(true);
+  const [error, setError] = useState<string | null>(null);
+
+  // New transaction form state
+  const [amount, setAmount] = useState<string>('');
+  const [description, setDescription] = useState('');
+  const [selectedCategoryId, setSelectedCategoryId] = useState<number | ''>('');
+
+  // Filters
+  const [minAmount, setMinAmount] = useState<string>('');
+  const [maxAmount, setMaxAmount] = useState<string>('');
+  const [filterCategoryId, setFilterCategoryId] = useState<number | ''>('');
+  const [searchText, setSearchText] = useState('');
+
+  async function loadAll() {
+    setLoading(true);
+    setError(null);
+    try {
+      const [txs, cats] = await Promise.all([getTransactions(), getCategories()]);
+      setTransactions(txs);
+      setCategories(cats);
+    } catch (err: any) {
+      setError(err?.message || 'Failed to load data');
+    } finally {
+      setLoading(false);
+    }
+  }
+
+  useEffect(() => { loadAll(); }, []);
+
+  const last10 = useMemo(() => {
+    const sorted = [...transactions].sort((a, b) => b.id - a.id);
+    return sorted.slice(0, 10);
+  }, [transactions]);
+
+  const filtered = useMemo(() => {
+    let arr = last10;
+    const min = minAmount !== '' ? Number(minAmount) : undefined;
+    const max = maxAmount !== '' ? Number(maxAmount) : undefined;
+    if (min !== undefined) arr = arr.filter(t => t.amount >= min);
+    if (max !== undefined) arr = arr.filter(t => t.amount <= max);
+    if (filterCategoryId !== '') arr = arr.filter(t => t.category_ids.includes(filterCategoryId as number));
+    if (searchText.trim()) arr = arr.filter(t => (t.description || '').toLowerCase().includes(searchText.toLowerCase()));
+    return arr;
+  }, [last10, minAmount, maxAmount, filterCategoryId, searchText]);
+
+  function categoryNameById(id: number) { return categories.find(c => c.id === id)?.name || `#${id}`; }
+
+  async function handleCreate(e: React.FormEvent) {
+    e.preventDefault();
+    if (!amount) return;
+    const payload = {
+      amount: Number(amount),
+      description: description || undefined,
+      category_ids: selectedCategoryId !== '' ? [Number(selectedCategoryId)] : undefined,
+    };
+    try {
+      const created = await createTransaction(payload);
+      setTransactions(prev => [created, ...prev]);
+      setAmount(''); setDescription(''); setSelectedCategoryId('');
+    } catch (err: any) {
+      alert(err?.message || 'Failed to create transaction');
+    }
+  }
+
+  return (
+    <div className="app-layout">
+      <aside className="sidebar">
+        <div className="logo">7Project</div>
+        <nav className="nav">
+          <button className={current === 'home' ? 'active' : ''} onClick={() => setCurrent('home')}>Home</button>
+          <button className={current === 'account' ? 'active' : ''} onClick={() => setCurrent('account')}>Account</button>
+          <button className={current === 'appearance' ? 'active' : ''} onClick={() => setCurrent('appearance')}>Appearance</button>
+        </nav>
+      </aside>
+      <div className="content">
+        <div className="topbar">
+          <h2 style={{ margin: 0 }}>{current === 'home' ? 'Dashboard' : current === 'account' ? 'Account' : 'Appearance'}</h2>
+          <div className="actions">
+            <span className="user muted">Signed in</span>
+            <button className="btn" onClick={onLogout}>Logout</button>
+          </div>
+        </div>
+        <main className="page space-y">
+          {current === 'home' && (
+            <>
+              <section className="card">
+                <h3>Add Transaction</h3>
+                <form onSubmit={handleCreate} className="form-row">
+                  <input className="input" type="number" step="0.01" placeholder="Amount" value={amount} onChange={(e) => setAmount(e.target.value)} required />
+                  <input className="input" type="text" placeholder="Description (optional)" value={description} onChange={(e) => setDescription(e.target.value)} />
+                  <select className="input" value={selectedCategoryId} onChange={(e) => setSelectedCategoryId(e.target.value ? Number(e.target.value) : '')}>
+                    <option value="">No category</option>
+                    {categories.map(c => (<option key={c.id} value={c.id}>{c.name}</option>))}
+                  </select>
+                  <button className="btn primary" type="submit">Add</button>
+                </form>
+              </section>
+
+              <section className="card">
+                <h3>Filters</h3>
+                <div className="form-row">
+                  <input className="input" type="number" step="0.01" placeholder="Min amount" value={minAmount} onChange={(e) => setMinAmount(e.target.value)} />
+                  <input className="input" type="number" step="0.01" placeholder="Max amount" value={maxAmount} onChange={(e) => setMaxAmount(e.target.value)} />
+                  <select className="input" value={filterCategoryId} onChange={(e) => setFilterCategoryId(e.target.value ? Number(e.target.value) : '')}>
+                    <option value="">All categories</option>
+                    {categories.map(c => (<option key={c.id} value={c.id}>{c.name}</option>))}
+                  </select>
+                  <input className="input" type="text" placeholder="Search in description" value={searchText} onChange={(e) => setSearchText(e.target.value)} />
+                </div>
+              </section>
+
+              <section className="card">
+                <h3>Latest Transactions (last 10)</h3>
+                {loading ? (
+                  <div>Loading…</div>
+                ) : error ? (
+                  <div style={{ color: 'crimson' }}>{error}</div>
+                ) : filtered.length === 0 ? (
+                  <div>No transactions</div>
+                ) : (
+                  <table className="table">
+                    <thead>
+                      <tr>
+                        <th>ID</th>
+                        <th style={{ textAlign: 'right' }}>Amount</th>
+                        <th>Description</th>
+                        <th>Categories</th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      {filtered.map(t => (
+                        <tr key={t.id}>
+                          <td>{t.id}</td>
+                          <td className="amount">{formatAmount(t.amount)}</td>
+                          <td>{t.description || ''}</td>
+                          <td>{t.category_ids.map(id => categoryNameById(id)).join(', ')}</td>
+                        </tr>
+                      ))}
+                    </tbody>
+                  </table>
+                )}
+              </section>
+            </>
+          )}
+
+          {current === 'account' && (
+            // lazy import avoided for simplicity
+            <AccountPage onDeleted={onLogout} />
+          )}
+
+          {current === 'appearance' && (
+            <AppearancePage />
+          )}
+        </main>
+      </div>
+    </div>
+  );
+}

7project/frontend/src/pages/LoginRegisterPage.tsx

@@ -0,0 +1,96 @@
+import { useState, useEffect } from 'react';
+import { login, register } from '../api';
+import { BACKEND_URL } from '../config';
+
+function oauthUrl(provider: 'mojeid' | 'bankid') {
+  const base = BACKEND_URL.replace(/\/$/, '');
+  const redirect = encodeURIComponent(window.location.origin + '/oauth-callback');
+  return `${base}/auth/${provider}/authorize?redirect_url=${redirect}`;
+}
+
+export default function LoginRegisterPage({ onLoggedIn }: { onLoggedIn: () => void }) {
+  const [mode, setMode] = useState<'login' | 'register'>('login');
+  const [email, setEmail] = useState('');
+  const [password, setPassword] = useState('');
+  const [firstName, setFirstName] = useState('');
+  const [lastName, setLastName] = useState('');
+  const [loading, setLoading] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+
+  async function handleSubmit(e: React.FormEvent) {
+    e.preventDefault();
+    setLoading(true);
+    setError(null);
+    try {
+      if (mode === 'login') {
+        await login(email, password);
+        onLoggedIn();
+      } else {
+        await register(email, password, firstName || undefined, lastName || undefined);
+        // After register, prompt login automatically
+        await login(email, password);
+        onLoggedIn();
+      }
+    } catch (err: any) {
+      setError(err?.message || 'Operation failed');
+    } finally {
+      setLoading(false);
+    }
+  }
+
+  // Add this useEffect hook
+  useEffect(() => {
+    // When the component mounts, add a class to the body
+    document.body.classList.add('auth-page');
+
+    // When the component unmounts, remove the class
+    return () => {
+      document.body.classList.remove('auth-page');
+    };
+  }, []); // The empty array ensures this runs only once
+
+  // The JSX no longer needs the wrapper div
+  return (
+    <div className="card" style={{ width: 420 }}>
+      <div style={{ display: 'flex', alignItems: 'center', justifyContent: 'space-between', marginBottom: 12 }}>
+        <h2 style={{ margin: 0 }}>{mode === 'login' ? 'Welcome back' : 'Create your account'}</h2>
+        <div className="segmented">
+          <button className={mode === 'login' ? 'active' : ''} type="button" onClick={() => setMode('login')}>Login</button>
+          <button className={mode === 'register' ? 'active' : ''} type="button" onClick={() => setMode('register')}>Register</button>
+        </div>
+      </div>
+      <form onSubmit={handleSubmit} className="space-y">
+        <div>
+            <label className="muted">Email</label>
+            <input className="input" type="email" required value={email} onChange={(e) => setEmail(e.target.value)} />
+          </div>
+          <div>
+            <label className="muted">Password</label>
+            <input className="input" type="password" required value={password} onChange={(e) => setPassword(e.target.value)} />
+          </div>
+          {mode === 'register' && (
+            <div className="form-row">
+              <div>
+                <label className="muted">First name (optional)</label>
+                <input className="input" type="text" value={firstName} onChange={(e) => setFirstName(e.target.value)} />
+              </div>
+              <div>
+                <label className="muted">Last name (optional)</label>
+                <input className="input" type="text" value={lastName} onChange={(e) => setLastName(e.target.value)} />
+              </div>
+            </div>
+          )}
+          {error && <div style={{ color: 'crimson' }}>{error}</div>}
+          <div className="actions" style={{ justifyContent: 'space-between' }}>
+            <div className="muted">Or continue with</div>
+            <div className="actions">
+              <a className="btn" href={oauthUrl('mojeid')}>MojeID</a>
+              <a className="btn" href={oauthUrl('bankid')}>BankID</a>
+              <button className="btn primary" type="submit" disabled={loading}>{loading ? 'Please wait…' : (mode === 'login' ? 'Login' : 'Register')}</button>
+            </div>
+          </div>
+      </form>
+    </div>
+  );
+}
+

7project/meetings/meeting-9-10.md

@@ -0,0 +1,54 @@
+# Weekly Meeting Notes
+
+- Group 8 - Personal finance tracker
+- Mentor: Jaychander
+
+Keep all meeting notes in the `meetings.md` file in your project folder.
+Just copy the template below for each weekly meeting and fill in the details.
+
+## Administrative Info
+
+- Date: 2025-10-08
+- Attendees: Dejan Ribarovski, Lukas Trkan
+- Notetaker: Dejan Ribarovski
+
+## Progress Update (Before Meeting)
+
+Summary of what has been accomplished since the last meeting in the following categories.
+
+### Coding
+
+Lukas has implemented the template source directories, source files and config files necessary for deployment 
+- docker compose for database, redis cache and rabbit MQ
+- tofu
+- backend template
+- frontend template
+- charts templates
+
+### Documentation
+- Created GitHub issues for the next steps 
+- Added this document + checklist and report
+
+## Questions and Topics for Discussion (Before Meeting)
+
+Prepare 3-5 questions and topics you want to discuss with your mentor.
+
+1. Anything we should add structure-wise?
+2. Anything you would like us to prioritize until next week?
+
+## Discussion Notes (During Meeting)
+
+- start working on the report
+- start coding the actual code
+- write problems solved
+- redo the system diagram - see the response as well
+- create a meetings folder wih seperate meetings files
+## Action Items for Next Week (During Meeting)
+
+Last 3 minutes of the meeting, summarize action items.
+
+- [ ] start coding the app logic
+- [ ] start writing the report so it matches the actual progress
+- [ ] redo the system diagram so it includes a response flow
+
+---

7project/meetings/meeting-template.md

@@ -0,0 +1,41 @@
+# Weekly Meeting Notes
+
+- Group X - Project Title
+- Mentor: Mentor Name
+
+Keep all meeting notes in the `meetings.md` file in your project folder.
+Just copy the template below for each weekly meeting and fill in the details.
+
+## Administrative Info
+
+- Date: 2025-09-19
+- Attendees: Name1, Name2, Name3
+- Notetaker: Name1
+
+## Progress Update (Before Meeting)
+
+Summary of what has been accomplished since the last meeting in the following categories.
+
+### Coding
+
+### Documentation
+
+## Questions and Topics for Discussion (Before Meeting)
+
+Prepare 3-5 questions and topics you want to discuss with your mentor.
+
+1. Question 1
+2. Question 2
+3. Question 3
+
+## Discussion Notes (During Meeting)
+
+## Action Items for Next Week (During Meeting)
+
+Last 3 minutes of the meeting, summarize action items.
+
+- [ ] Action Item 1
+- [ ] Action Item 2
+- [ ] Action Item 3
+
+---

7project/report.md

@@ -0,0 +1,302 @@
+# Project Report
+
+> **Instructions**:
+> This template provides the structure for your project report.
+> Replace the placeholder text with your actual content.
+> Remove instructions that are not relevant for your project, but leave the headings along with a (NA) label.
+
+## Project Overview
+
+**Project Name**: [Your project name]
+
+**Group Members**:
+
+- Student number, Name, GitHub username
+- Student number, Name, GitHub username
+- Student number, Name, GitHub username
+
+**Brief Description**:
+[2-3 sentences describing what your application does and its main purpose]
+
+## Architecture Overview
+
+### High-Level Architecture
+
+[Describe the overall system architecture. Consider including a diagram using mermaid or linking to an image]
+
+```mermaid
+graph TD
+    A[Component A] --> B[Component B]
+    B --> C[Component C]
+```
+
+### Components
+
+- **Component 1**: [Description of what this component does]
+- **Component 2**: [Description of what this component does]
+- **Component 3**: [Description of what this component does]
+
+### Technologies Used
+
+- **Backend**: [e.g., Go, Node.js, Python]
+- **Database**: [e.g., PostgreSQL, MongoDB, Redis]
+- **Cloud Services**: [e.g., AWS EC2, Google Cloud Run, Azure Functions]
+- **Container Orchestration**: [e.g., Docker, Kubernetes]
+- **Other**: [List other significant technologies]
+
+## Prerequisites
+
+### System Requirements
+
+- Operating System: [e.g., Linux, macOS, Windows]
+- Minimum RAM: [e.g., 8GB]
+- Storage: [e.g., 10GB free space]
+
+### Required Software
+
+- [Software 1] (version X.X or higher)
+- [Software 2] (version X.X or higher)
+- [etc.]
+
+### Dependencies
+
+```bash
+# List key dependencies that need to be installed
+# For example:
+# Docker Engine 20.10+
+# Node.js 18+
+# Go 1.25+
+```
+
+## Build Instructions
+
+### 1. Clone the Repository
+
+```bash
+git clone [your-repository-url]
+cd [repository-name]
+```
+
+### 2. Install Dependencies
+
+```bash
+# Provide step-by-step commands
+# For example:
+# npm install
+# go mod download
+```
+
+### 3. Build the Application
+
+```bash
+# Provide exact build commands
+# For example:
+# make build
+# docker build -t myapp .
+```
+
+### 4. Configuration
+
+```bash
+# Any configuration steps needed
+# Environment variables to set
+# Configuration files to create
+```
+
+## Deployment Instructions
+
+### Local Deployment
+
+```bash
+# Step-by-step commands for local deployment
+# For example:
+# docker-compose up -d
+# kubectl apply -f manifests/
+```
+
+### Cloud Deployment
+
+```bash
+# Commands for cloud deployment
+# Include any cloud-specific setup
+```
+
+### Verification
+
+```bash
+# Commands to verify deployment worked
+# How to check if services are running
+# Example health check endpoints
+```
+
+## Testing Instructions
+
+### Unit Tests
+
+```bash
+# Commands to run unit tests
+# For example:
+# go test ./...
+# npm test
+```
+
+### Integration Tests
+
+```bash
+# Commands to run integration tests
+# Any setup required for integration tests
+```
+
+### End-to-End Tests
+
+```bash
+# Commands to run e2e tests
+# How to set up test environment
+```
+
+## Usage Examples
+
+### Basic Usage
+
+```bash
+# Examples of how to use the application
+# Common commands or API calls
+# Sample data or test scenarios
+```
+
+### Advanced Features
+
+```bash
+# Examples showcasing advanced functionality
+```
+
+---
+
+## Presentation Video
+
+**YouTube Link**: [Insert your YouTube link here]
+
+**Duration**: [X minutes Y seconds]
+
+**Video Includes**:
+
+- [ ] Project overview and architecture
+- [ ] Live demonstration of key features
+- [ ] Code walkthrough
+- [ ] Build and deployment showcase
+
+## Troubleshooting
+
+### Common Issues
+
+#### Issue 1: [Common problem]
+
+**Symptoms**: [What the user sees]
+**Solution**: [Step-by-step fix]
+
+#### Issue 2: [Another common problem]
+
+**Symptoms**: [What the user sees]
+**Solution**: [Step-by-step fix]
+
+### Debug Commands
+
+```bash
+# Useful commands for debugging
+# Log viewing commands
+# Service status checks
+```
+
+---
+
+## Self-Assessment Table
+
+> Be honest and detailed in your assessments.
+> This information is used for individual grading.
+> Link to the specific commit on GitHub for each contribution.
+
+| Task/Component                                                      | Assigned To | Status        | Time Spent | Difficulty | Notes       |
+| ------------------------------------------------------------------- | ----------- | ------------- | ---------- | ---------- | ----------- |
+| Project Setup & Repository                                          | [Name]      | ✅ Complete    | [X hours]  | Medium     | [Any notes] |
+| [Design Document](https://github.com/dat515-2025/group-name)         | [Name]      | ✅ Complete    | [X hours]  | Easy       | [Any notes] |
+| [Backend API Development](https://github.com/dat515-2025/group-name) | [Name]      | ✅ Complete    | [X hours]  | Hard       | [Any notes] |
+| [Database Setup & Models](https://github.com/dat515-2025/group-name) | [Name]      | ✅ Complete    | [X hours]  | Medium     | [Any notes] |
+| [Frontend Development](https://github.com/dat515-2025/group-name)    | [Name]      | 🔄 In Progress | [X hours]  | Medium     | [Any notes] |
+| [Docker Configuration](https://github.com/dat515-2025/group-name)    | [Name]      | ✅ Complete    | [X hours]  | Easy       | [Any notes] |
+| [Cloud Deployment](https://github.com/dat515-2025/group-name)        | [Name]      | ✅ Complete    | [X hours]  | Hard       | [Any notes] |
+| [Testing Implementation](https://github.com/dat515-2025/group-name)  | [Name]      | ⏳ Pending     | [X hours]  | Medium     | [Any notes] |
+| [Documentation](https://github.com/dat515-2025/group-name)           | [Name]      | ✅ Complete    | [X hours]  | Easy       | [Any notes] |
+| [Presentation Video](https://github.com/dat515-2025/group-name)      | [Name]      | ✅ Complete    | [X hours]  | Medium     | [Any notes] |
+
+**Legend**: ✅ Complete | 🔄 In Progress | ⏳ Pending | ❌ Not Started
+
+## Hour Sheet
+
+> Link to the specific commit on GitHub for each contribution.
+
+### [Team Member 1 Name]
+
+| Date      | Activity            | Hours      | Description                         |
+| --------- | ------------------- | ---------- | ----------------------------------- |
+| [Date]    | Initial Setup       | [X.X]      | Repository setup, project structure |
+| [Date]    | Backend Development | [X.X]      | Implemented user authentication     |
+| [Date]    | Testing             | [X.X]      | Unit tests for API endpoints        |
+| [Date]    | Documentation       | [X.X]      | Updated README and design doc       |
+| **Total** |                     | **[XX.X]** |                                     |
+
+### [Team Member 2 Name]
+
+| Date      | Activity             | Hours      | Description                               |
+| --------- | -------------------- | ---------- | ----------------------------------------- |
+| [Date]    | Frontend Development | [X.X]      | Created user interface mockups            |
+| [Date]    | Integration          | [X.X]      | Connected frontend to backend API         |
+| [Date]    | Deployment           | [X.X]      | Docker configuration and cloud deployment |
+| [Date]    | Testing              | [X.X]      | End-to-end testing                        |
+| **Total** |                      | **[XX.X]** |                                           |
+
+### [Team Member 3 Name] (if applicable)
+
+| Date      | Activity                 | Hours      | Description                      |
+| --------- | ------------------------ | ---------- | -------------------------------- |
+| [Date]    | Database Design          | [X.X]      | Schema design and implementation |
+| [Date]    | Cloud Configuration      | [X.X]      | AWS/GCP setup and configuration  |
+| [Date]    | Performance Optimization | [X.X]      | Caching and query optimization   |
+| [Date]    | Monitoring               | [X.X]      | Logging and monitoring setup     |
+| **Total** |                          | **[XX.X]** |                                  |
+
+### Group Total: [XXX.X] hours
+
+---
+
+## Final Reflection
+
+### What We Learned
+
+[Reflect on the key technical and collaboration skills learned during this project]
+
+### Challenges Faced
+
+[Describe the main challenges and how you overcame them]
+
+### If We Did This Again
+
+[What would you do differently? What worked well that you'd keep?]
+
+### Individual Growth
+
+#### [Team Member 1 Name]
+
+[Personal reflection on growth, challenges, and learning]
+
+#### [Team Member 2 Name]
+
+[Personal reflection on growth, challenges, and learning]
+
+#### [Team Member 3 Name] (if applicable)
+
+[Personal reflection on growth, challenges, and learning]
+
+---
+
+**Report Completion Date**: [Date]
+**Last Updated**: [Date]

7project/tofu/main.tf

@@ -96,6 +96,13 @@ module "database" {
 
   phpmyadmin_enabled = var.phpmyadmin_enabled
   cloudflare_domain  = var.cloudflare_domain
+
+  s3_enabled = var.s3_enabled
+  s3_bucket = var.s3_bucket
+  s3_region = var.s3_region
+  s3_endpoint = var.s3_endpoint
+  s3_key_id = var.s3_key_id
+  s3_key_secret = var.s3_key_secret
 }
 
 #module "argocd" {

7project/tofu/modules/maxscale/charts/maxscale-helm/Chart.yaml

@@ -1,4 +1,4 @@
 apiVersion: v2
 name: maxscale-helm
-version: 1.0.7
+version: 1.0.14
 description: Helm chart for MaxScale related Kubernetes manifests

7project/tofu/modules/maxscale/charts/maxscale-helm/templates/backup.yaml

@@ -0,0 +1,42 @@
+{{- if .Values.s3.enabled }}
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Backup
+metadata:
+  name: backup
+  namespace: mariadb-operator
+spec:
+  mariaDbRef:
+    name: mariadb-repl
+    namespace: mariadb-operator
+  schedule:
+    cron: "0 */3 * * *"
+    suspend: false
+  timeZone: "Europe/Prague"
+  maxRetention: 720h # 30 days
+  compression: bzip2
+  storage:
+    s3:
+      bucket: {{ .Values.s3.bucket | quote }}
+      endpoint: {{ .Values.s3.endpoint | quote }}
+      accessKeyIdSecretKeyRef:
+        name: s3-credentials
+        key: key_id
+      secretAccessKeySecretKeyRef:
+        name: s3-credentials
+        key: secret_key
+      region: {{ .Values.s3.region | quote }}
+      tls:
+        enabled: true
+  # Define a PVC to use as staging area for keeping the backups while they are being processed.
+  stagingStorage:
+    persistentVolumeClaim:
+      resources:
+        requests:
+          storage: 10Gi
+      accessModes:
+        - ReadWriteOnce
+  args:
+    - --single-transaction
+    - --all-databases
+  logLevel: info
+{{- end }}

7project/tofu/modules/maxscale/charts/maxscale-helm/templates/config.yaml

@@ -60,6 +60,8 @@ spec:
         scrapeTimeout: 10s
         prometheusRelease: kube-prometheus-stack
         jobLabel: mariadb-monitoring
+    auth:
+      generate: true
 
     tls:
       enabled: true

7project/tofu/modules/maxscale/charts/maxscale-helm/templates/garage.yaml

@@ -0,0 +1,11 @@
+{{- if .Values.s3.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: s3-credentials
+  namespace: mariadb-operator
+type: Opaque
+stringData:
+  key_id: "{{ .Values.s3.key_id }}"
+  secret_key: "{{ .Values.s3.key_secret }}"
+{{- end }}

7project/tofu/modules/maxscale/charts/maxscale-helm/templates/phpmyadmin-deployment.yaml

@@ -28,7 +28,7 @@ spec:
         - name: DATABASE_ENABLE_SSL
           value: "yes"
         - name: DATABASE_HOST
-          value: "mariadb-repl"
+          value: "mariadb-repl-maxscale-internal"
         - name: DATABASE_PORT_NUMBER
           value: "3306"
         - name: PHPMYADMIN_ALLOW_NO_PASSWORD

7project/tofu/modules/maxscale/charts/maxscale-helm/values.yaml

@@ -14,4 +14,12 @@ metallb:
 phpmyadmin:
   enabled: true
 
+s3:
+  enabled: false
+  endpoint: ""
+  region: ""
+  bucket: ""
+  key_id: ""
+  key_secret: ""
+
 base_domain: example.com

7project/tofu/modules/maxscale/main.tf

@@ -9,16 +9,16 @@ terraform {
       version = "3.0.2"
     }
     kubernetes = {
-      source = "hashicorp/kubernetes"
+      source  = "hashicorp/kubernetes"
       version = "2.38.0"
     }
   }
 }
 
 resource "kubernetes_namespace" "mariadb-operator" {
-    metadata {
-      name = "mariadb-operator"
-    }
+  metadata {
+    name = "mariadb-operator"
+  }
 }
 
 locals {
@@ -30,46 +30,53 @@ locals {
 }
 
 resource "kubectl_manifest" "secrets" {
-   yaml_body  = local.mariadb_secret_yaml
-   depends_on = [ kubernetes_namespace.mariadb-operator ]
+  yaml_body  = local.mariadb_secret_yaml
+  depends_on = [kubernetes_namespace.mariadb-operator]
 }
 
 
 resource "helm_release" "mariadb-operator-crds" {
-    name             = "mariadb-operator-crds"
-    repository       = "https://helm.mariadb.com/mariadb-operator"
-    chart            = "mariadb-operator-crds"
-    namespace        = "mariadb-operator"
-    version          = "25.8.4"
-    depends_on       = [ kubectl_manifest.secrets ]
-    timeout          = 3600
+  name       = "mariadb-operator-crds"
+  repository = "https://helm.mariadb.com/mariadb-operator"
+  chart      = "mariadb-operator-crds"
+  namespace  = "mariadb-operator"
+  version    = "25.8.4"
+  depends_on = [kubectl_manifest.secrets]
+  timeout    = 3600
 }
 
 
 resource "helm_release" "mariadb-operator" {
-    name             = "mariadb-operator"
-    repository       = "https://helm.mariadb.com/mariadb-operator"
-    chart            = "mariadb-operator"
-    depends_on       = [ helm_release.mariadb-operator-crds, kubectl_manifest.secrets ]
-    namespace        = "mariadb-operator"
-    timeout          = 3600
+  name       = "mariadb-operator"
+  repository = "https://helm.mariadb.com/mariadb-operator"
+  chart      = "mariadb-operator"
+  depends_on = [helm_release.mariadb-operator-crds, kubectl_manifest.secrets]
+  namespace  = "mariadb-operator"
+  version    = "25.8.3"
+  timeout    = 3600
 }
 
 resource "helm_release" "maxscale_helm" {
   name       = "maxscale-helm"
   chart      = "${path.module}/charts/maxscale-helm"
-  version    = "1.0.7"
-  depends_on = [ helm_release.mariadb-operator-crds, kubectl_manifest.secrets ]
+  version    = "1.0.14"
+  depends_on = [helm_release.mariadb-operator-crds, kubectl_manifest.secrets]
   timeout    = 3600
 
   set = [
-    { name = "user.name",             value = var.mariadb_user_name },
-    { name = "user.host",             value = var.mariadb_user_host },
-    { name = "metallb.maxscale_ip",   value = var.maxscale_ip },
-    { name = "metallb.service_ip",    value = var.service_ip },
-    { name = "metallb.primary_ip",    value = var.primary_ip },
-    { name = "metallb.secondary_ip",  value = var.secondary_ip },
-    { name = "phpmyadmin.enabled",    value = tostring(var.phpmyadmin_enabled) },
-    { name = "base_domain", value = var.cloudflare_domain }
+    { name = "user.name", value = var.mariadb_user_name },
+    { name = "user.host", value = var.mariadb_user_host },
+    { name = "metallb.maxscale_ip", value = var.maxscale_ip },
+    { name = "metallb.service_ip", value = var.service_ip },
+    { name = "metallb.primary_ip", value = var.primary_ip },
+    { name = "metallb.secondary_ip", value = var.secondary_ip },
+    { name = "phpmyadmin.enabled", value = tostring(var.phpmyadmin_enabled) },
+    { name = "base_domain", value = var.cloudflare_domain },
+    { name = "s3.key_id", value = var.s3_key_id },
+    { name = "s3.key_secret", value = var.s3_key_secret },
+    { name = "s3.enabled", value = var.s3_enabled },
+    { name = "s3.endpoint", value = var.s3_endpoint },
+    { name = "s3.region", value = var.s3_region },
+    { name = "s3.bucket", value = var.s3_bucket },
   ]
 }

7project/tofu/modules/maxscale/variables.tf

@@ -52,7 +52,39 @@ variable "mariadb_user_password" {
 }
 
 variable "cloudflare_domain" {
-  type = string
-  default = "Base cloudflare domain, e.g. example.com"
+  type     = string
+  default  = "Base cloudflare domain, e.g. example.com"
   nullable = false
-}
+}
+
+variable "s3_key_id" {
+  description = "S3 Key ID for backups"
+  type        = string
+  sensitive   = true
+}
+
+variable "s3_key_secret" {
+  description = "S3 Key Secret for backups"
+  type        = string
+  sensitive   = true
+}
+
+variable "s3_enabled" {
+  description = "Enable S3 backups"
+  type        = bool
+}
+
+variable "s3_endpoint" {
+  description = "S3 endpoint for backups"
+  type        = string
+}
+
+variable "s3_region" {
+  description = "S3 region for backups"
+  type        = string
+}
+
+variable "s3_bucket" {
+  description = "S3 bucket name for backups"
+  type        = string
+}

7project/tofu/modules/metrics-server/values.yaml

@@ -0,0 +1,15 @@
+# Values overriding defaults for metrics-server Helm chart
+# Fix TLS and address selection issues when scraping kubelets (common on Talos)
+args:
+  - --kubelet-insecure-tls
+  - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP
+  - --kubelet-use-node-status-port=true
+
+# Using hostNetwork often helps in restricted CNI/DNS environments
+#hostNetwork: true
+# Required when hostNetwork is true so DNS works as expected
+#dnsPolicy: ClusterFirstWithHostNet
+
+# Enable metrics API service monitor if Prometheus Operator is present (optional)
+# serviceMonitor:
+#   enabled: true

7project/tofu/modules/rabbitmq/main.tf

@@ -16,6 +16,12 @@ terraform {
   }
 }
 
+resource "kubernetes_namespace" "rabbitmq_namespace" {
+  metadata {
+    name = "rabbitmq-system"
+  }
+}
+
 
 resource "helm_release" "rabbitmq_operator" {
   name       = "rabbitmq-cluster-operator"
@@ -24,8 +30,7 @@ resource "helm_release" "rabbitmq_operator" {
 
   version = "4.4.34"
 
-  namespace        = "rabbitmq-system"
-  create_namespace = true
+  namespace = "rabbitmq-system"
 
   # Zde můžete přepsat výchozí hodnoty chartu, pokud by bylo potřeba
   # Například sledovat jen určité namespace, nastavit tolerations atd.
@@ -59,6 +64,7 @@ resource "helm_release" "rabbitmq_operator" {
       value = "true"
     }
   ]
+  depends_on = [kubernetes_namespace.rabbitmq_namespace]
 }
 
 

7project/tofu/modules/rabbitmq/rabbit-cluster.yaml

@@ -2,4 +2,4 @@ apiVersion: rabbitmq.com/v1beta1
 kind: RabbitmqCluster
 metadata:
   name: 'rabbitmq-cluster'
-  namespace: "rabbitmq"
+  namespace: "rabbitmq-system"

7project/tofu/modules/rabbitmq/rabbit-ui.yaml

@@ -2,7 +2,7 @@ apiVersion: networking.cfargotunnel.com/v1alpha1
 kind: TunnelBinding
 metadata:
   name: rabbit-tunnel-binding
-  namespace: rabbitmq
+  namespace: rabbitmq-system
 subjects:
   - name: rabbit-gui
     spec:

7project/tofu/variables.tf

@@ -108,3 +108,40 @@ variable "rabbitmq-password" {
   sensitive   = true
   description = "Admin password for RabbitMQ user"
 }
+
+variable "s3_key_id" {
+  description = "S3 Key ID for backups"
+  type        = string
+  sensitive   = true
+  nullable    = false
+}
+
+variable "s3_key_secret" {
+  description = "S3 Key Secret for backups"
+  type        = string
+  sensitive   = true
+  nullable    = false
+}
+
+variable "s3_enabled" {
+  description = "Enable S3 backups"
+  type        = bool
+}
+
+variable "s3_endpoint" {
+  description = "S3 endpoint for backups"
+  type        = string
+}
+
+variable "s3_region" {
+  description = "S3 region for backups"
+  type        = string
+}
+
+variable "s3_bucket" {
+  description = "S3 bucket name for backups"
+  type        = string
+}
+
+
+