lukas/uis-cloud-computing
1
0
Fork 0
mirror of https://github.com/dat515-2025/Group-8.git synced 2026-03-22 15:12:08 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: lukas:20-create-a-controller-layer-on-backend-side
Branches Tags
lukas:main lukas:merge/core_simplificcation lukas:test_arm_build lukas:51-refactor-project-structure lukas:merge/update_workers lukas:merge/email_sender lukas:merge/prometheus_custom_metrics lukas:add_more_tests lukas:merge/prometheus_metrics lukas:merge/csas_scraping lukas:30-create-tests-and-set-up-a-github-pipeline lukas:merge/fix_react_oauth lukas:merge/frontend_basics lukas:merge/deployment_envs lukas:20-create-a-controller-layer-on-backend-side lukas:merge/database_backups lukas:merge/oauth lukas:merge/basic_database_structure lukas:11-update-deployment lukas:merge/cloudflare-deploy lukas:merge/pr_deploy_test lukas:merge/background-worker lukas:merge/refactor_migrations
..
compare: lukas:3173f7749f0ef4dc29e06565d73dddf52bc18bb5
Branches Tags
lukas:main lukas:merge/core_simplificcation lukas:test_arm_build lukas:51-refactor-project-structure lukas:merge/update_workers lukas:merge/email_sender lukas:merge/prometheus_custom_metrics lukas:add_more_tests lukas:merge/prometheus_metrics lukas:merge/csas_scraping lukas:30-create-tests-and-set-up-a-github-pipeline lukas:merge/fix_react_oauth lukas:merge/frontend_basics lukas:merge/deployment_envs lukas:20-create-a-controller-layer-on-backend-side lukas:merge/database_backups lukas:merge/oauth lukas:merge/basic_database_structure lukas:11-update-deployment lukas:merge/cloudflare-deploy lukas:merge/pr_deploy_test lukas:merge/background-worker lukas:merge/refactor_migrations

1 Commits
20-create- ... 3173f7749f

Author SHA1 Message Date
Lukáš Trkan
3173f7749f Merge 615803de2d into b880670929 2025-09-24 20:15:32 +02:00
152 changed files with 677 additions and 3286 deletions
Expand all files Collapse all files

105
.github/workflows/build-image.yaml vendored
View File

@@ -1,105 +0,0 @@
name: Build and Push Image
on:
workflow_call:
inputs:
mode:
description: "Build mode: 'prod' or 'pr'"
required: true
type: string
image_repo:
description: "Docker image repository (e.g., user/app)"
required: false
default: "lukastrkan/cc-app-demo"
type: string
context:
description: "Docker build context path"
required: false
default: "7project/backend"
type: string
pr_number:
description: "PR number (required when mode=pr)"
required: false
type: string
secrets:
DOCKER_USER:
required: true
DOCKER_PASSWORD:
required: true
outputs:
digest:
description: "Built image digest"
value: ${{ jobs.build.outputs.digest }}
image_repo:
description: "Image repository used"
value: ${{ jobs.build.outputs.image_repo }}
jobs:
build:
runs-on: ubuntu-latest
outputs:
digest: ${{ steps.set.outputs.digest }}
image_repo: ${{ steps.set.outputs.image_repo }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Compute image repo and tags
id: meta
env:
MODE: ${{ inputs.mode }}
IMAGE_REPO: ${{ inputs.image_repo }}
PR: ${{ inputs.pr_number }}
run: |
set -euo pipefail
if [ -z "${IMAGE_REPO:-}" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi
echo "IMAGE_REPO=$IMAGE_REPO" >> $GITHUB_ENV
SHA_SHORT="${GITHUB_SHA::12}"
case "$MODE" in
prod)
TAG1="prod-$SHA_SHORT"
TAG2="latest"
;;
pr)
if [ -z "${PR:-}" ]; then echo "pr_number input is required for mode=pr"; exit 1; fi
TAG1="pr-$PR"
TAG2="pr-$PR-$SHA_SHORT"
;;
*)
echo "Unknown mode '$MODE' (expected 'prod' or 'pr')"; exit 1;
;;
esac
echo "TAG1=$TAG1" >> $GITHUB_ENV
echo "TAG2=$TAG2" >> $GITHUB_ENV
- name: Build and push image
id: build
uses: docker/build-push-action@v5
with:
context: ${{ inputs.context }}
push: true
tags: |
${{ env.IMAGE_REPO }}:${{ env.TAG1 }}
${{ env.IMAGE_REPO }}:${{ env.TAG2 }}
platforms: linux/amd64
- name: Set outputs
id: set
env:
IMAGE_REPO: ${{ env.IMAGE_REPO }}
run: |
echo "digest=${{ steps.build.outputs.digest }}" >> $GITHUB_OUTPUT
echo "image_repo=$IMAGE_REPO" >> $GITHUB_OUTPUT

142
.github/workflows/deploy-pr.yaml vendored
View File

@@ -1,142 +0,0 @@
name: Deploy Preview (PR)
on:
pull_request:
types: [opened, reopened, synchronize, closed]
permissions:
contents: read
pull-requests: write
jobs:
build:
if: github.event.action != 'closed'
name: Build and push image (reusable)
uses: ./.github/workflows/build-image.yaml
with:
mode: pr
image_repo: lukastrkan/cc-app-demo
context: 7project/backend
pr_number: ${{ github.event.pull_request.number }}
secrets: inherit
frontend:
if: github.event.action != 'closed'
name: Frontend - Build and Deploy to Cloudflare Pages (PR)
uses: ./.github/workflows/frontend-pages.yml
with:
mode: pr
pr_number: ${{ github.event.pull_request.number }}
secrets: inherit
deploy:
if: github.event.action != 'closed'
name: Helm upgrade/install (PR preview)
runs-on: vhs
concurrency:
group: pr-${{ github.event.pull_request.number }}
cancel-in-progress: false
needs: [build, frontend]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Helm
uses: azure/setup-helm@v4
- name: Setup kubectl
uses: azure/setup-kubectl@v4
- name: Configure kubeconfig
env:
KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
run: |
mkdir -p ~/.kube
if [ -z "$KUBE_CONFIG" ]; then
echo "Secret KUBE_CONFIG is required (kubeconfig content)"; exit 1; fi
echo "$KUBE_CONFIG" > ~/.kube/config
chmod 600 ~/.kube/config
- name: Helm upgrade/install PR preview
env:
DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }}
RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }}
DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }}
IMAGE_REPO: ${{ needs.build.outputs.image_repo }}
DIGEST: ${{ needs.build.outputs.digest }}
run: |
PR=${{ github.event.pull_request.number }}
if [ -z "$PR" ]; then echo "PR number missing"; exit 1; fi
if [ -z "$DEV_BASE_DOMAIN" ]; then echo "Secret DEV_BASE_DOMAIN is required (e.g., dev.example.com)"; exit 1; fi
if [ -z "$RABBITMQ_PASSWORD" ]; then echo "Secret DEV_RABBITMQ_PASSWORD is required"; exit 1; fi
if [ -z "$DB_PASSWORD" ]; then echo "Secret DEV_DB_PASSWORD is required"; exit 1; fi
RELEASE=myapp-pr-$PR
NAMESPACE=pr-$PR
DOMAIN=pr-$PR.$DEV_BASE_DOMAIN
if [ -z "$IMAGE_REPO" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi
helm upgrade --install "$RELEASE" ./7project/charts/myapp-chart \
-n "$NAMESPACE" --create-namespace \
-f 7project/charts/myapp-chart/values-dev.yaml \
--set prNumber="$PR" \
--set deployment="pr-$PR" \
--set domain="$DOMAIN" \
--set image.repository="$IMAGE_REPO" \
--set image.digest="$DIGEST" \
--set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
--set-string database.password="$DB_PASSWORD"
- name: Post preview URLs as PR comment
uses: actions/github-script@v7
env:
DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }}
FRONTEND_URL: ${{ needs.frontend.outputs.deployed_url }}
with:
script: |
const pr = context.payload.pull_request;
if (!pr) { core.setFailed('No pull_request context'); return; }
const prNumber = pr.number;
const domainBase = process.env.DEV_BASE_DOMAIN;
if (!domainBase) { core.setFailed('DEV_BASE_DOMAIN is required'); return; }
const backendDomain = `pr-${prNumber}.${domainBase}`;
const backendUrl = `https://${backendDomain}`;
const frontendUrl = process.env.FRONTEND_URL || '(not available)';
const marker = '<!-- preview-link -->';
const body = `${marker}\nPreview environment is running\n- Frontend: ${frontendUrl}\n- Backend: ${backendUrl}\n`;
const { owner, repo } = context.repo;
const { data: comments } = await github.rest.issues.listComments({ owner, repo, issue_number: prNumber, per_page: 100 });
const existing = comments.find(c => c.body && c.body.includes(marker));
if (existing) {
await github.rest.issues.updateComment({ owner, repo, comment_id: existing.id, body });
} else {
await github.rest.issues.createComment({ owner, repo, issue_number: prNumber, body });
}
uninstall:
if: github.event.action == 'closed'
name: Helm uninstall (PR preview)
runs-on: vhs
steps:
- name: Setup Helm
uses: azure/setup-helm@v4
- name: Setup kubectl
uses: azure/setup-kubectl@v4
- name: Configure kubeconfig
env:
KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
run: |
mkdir -p ~/.kube
if [ -z "$KUBE_CONFIG" ]; then
echo "Secret KUBE_CONFIG is required (kubeconfig content)"; exit 1; fi
echo "$KUBE_CONFIG" > ~/.kube/config
chmod 600 ~/.kube/config
- name: Helm uninstall release and cleanup namespace
run: |
PR=${{ github.event.pull_request.number }}
RELEASE=myapp-pr-$PR
NAMESPACE=pr-$PR
helm uninstall "$RELEASE" -n "$NAMESPACE" || true
# Optionally delete the namespace if empty
kubectl delete namespace "$NAMESPACE" --ignore-not-found=true || true

87
.github/workflows/deploy-prod.yaml vendored
View File

@@ -1,87 +0,0 @@
name: Deploy Prod
on:
push:
branches: [ "main" ]
paths:
- 7project/backend/**
- 7project/frontend/**
- 7project/charts/myapp-chart/**
- .github/workflows/deploy-prod.yaml
- .github/workflows/build-image.yaml
- .github/workflows/frontend-pages.yml
workflow_dispatch:
permissions:
contents: read
concurrency:
group: deploy-prod
cancel-in-progress: false
jobs:
build:
name: Build and push image (reusable)
uses: ./.github/workflows/build-image.yaml
with:
mode: prod
image_repo: lukastrkan/cc-app-demo
context: 7project/backend
secrets: inherit
frontend:
name: Frontend - Build and Deploy to Cloudflare Pages (prod)
uses: ./.github/workflows/frontend-pages.yml
with:
mode: prod
secrets: inherit
deploy:
name: Helm upgrade/install (prod)
runs-on: vhs
needs: [build, frontend]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Helm
uses: azure/setup-helm@v4
- name: Setup kubectl
uses: azure/setup-kubectl@v4
- name: Configure kubeconfig
env:
KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
run: |
mkdir -p ~/.kube
if [ -z "$KUBE_CONFIG" ]; then
echo "Secret KUBE_CONFIG is required (kubeconfig content)"; exit 1; fi
echo "$KUBE_CONFIG" > ~/.kube/config
chmod 600 ~/.kube/config
- name: Helm upgrade/install prod
env:
DOMAIN: ${{ secrets.PROD_DOMAIN }}
RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }}
DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }}
IMAGE_REPO: ${{ needs.build.outputs.image_repo }}
DIGEST: ${{ needs.build.outputs.digest }}
run: |
if [ -z "$DOMAIN" ]; then
echo "Secret PROD_DOMAIN is required (e.g., app.example.com)"; exit 1; fi
if [ -z "$RABBITMQ_PASSWORD" ]; then
echo "Secret PROD_RABBITMQ_PASSWORD is required"; exit 1; fi
if [ -z "$DB_PASSWORD" ]; then
echo "Secret PROD_DB_PASSWORD is required"; exit 1; fi
if [ -z "$IMAGE_REPO" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi
helm upgrade --install myapp ./7project/charts/myapp-chart \
-n prod --create-namespace \
-f 7project/charts/myapp-chart/values-prod.yaml \
--set deployment="prod" \
--set domain="$DOMAIN" \
--set image.repository="$IMAGE_REPO" \
--set image.digest="$DIGEST" \
--set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
--set-string database.password="$DB_PASSWORD"

180
.github/workflows/frontend-pages.yml vendored
View File

@@ -1,180 +0,0 @@
name: Frontend - Build and Deploy to Cloudflare Pages
on:
workflow_call:
inputs:
mode:
description: "Build mode: 'prod' or 'pr'"
required: true
type: string
pr_number:
description: 'PR number (required when mode=pr)'
required: false
type: string
project_name:
description: 'Cloudflare Pages project name (overrides default)'
required: false
type: string
secrets:
CLOUDFLARE_API_TOKEN:
required: true
CLOUDFLARE_ACCOUNT_ID:
required: true
outputs:
deployed_url:
description: 'URL of deployed frontend'
value: ${{ jobs.deploy.outputs.deployed_url }}
# Required repository secrets:
# CLOUDFLARE_API_TOKEN - API token with Pages:Edit (or Account:Workers Scripts:Edit) permissions
# CLOUDFLARE_ACCOUNT_ID - Your Cloudflare account ID
# Optional repository variables:
# CF_PAGES_PROJECT_NAME - Default Cloudflare Pages project name
# PROD_DOMAIN - App domain for prod releases (e.g., api.example.com or https://api.example.com)
# BACKEND_URL_PR_TEMPLATE - Template for PR backend URL. Use {PR} placeholder for PR number (e.g., https://api-pr-{PR}.example.com)
jobs:
build:
name: Build frontend
runs-on: ubuntu-latest
defaults:
run:
working-directory: 7project/frontend
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
cache-dependency-path: 7project/frontend/package-lock.json
- name: Install dependencies
run: npm ci
- name: Compute backend URL for Vite
id: be
env:
EVENT_NAME: ${{ github.event_name }}
PR_NUMBER: ${{ github.event.pull_request.number || inputs.pr_number }}
PR_TEMPLATE: ${{ vars.BACKEND_URL_PR_TEMPLATE }}
DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }}
PROD_DOMAIN_VAR: ${{ vars.PROD_DOMAIN }}
PROD_DOMAIN_SECRET: ${{ secrets.PROD_DOMAIN }}
BACKEND_URL_OVERRIDE: ${{ vars.BACKEND_URL || secrets.BACKEND_URL }}
MODE: ${{ inputs.mode }}
run: |
set -euo pipefail
URL=""
# 1) Explicit override wins (from repo var or secret)
if [ -n "${BACKEND_URL_OVERRIDE:-}" ]; then
if echo "$BACKEND_URL_OVERRIDE" | grep -Eiq '^https?://'; then
URL="$BACKEND_URL_OVERRIDE"
else
URL="https://${BACKEND_URL_OVERRIDE}"
fi
else
# 2) PR-specific URL when building for PR
if [ "${MODE:-}" = "pr" ] || [ "${EVENT_NAME}" = "pull_request" ]; then
if [ -n "${PR_TEMPLATE:-}" ] && [ -n "${PR_NUMBER:-}" ] ; then
URL="${PR_TEMPLATE//\{PR\}/${PR_NUMBER}}"
elif [ -n "${DEV_BASE_DOMAIN:-}" ] && [ -n "${PR_NUMBER:-}" ]; then
URL="https://pr-${PR_NUMBER}.${DEV_BASE_DOMAIN}"
fi
fi
# 3) Fallback to PROD_DOMAIN (prefer repo var, then secret)
if [ -z "$URL" ]; then
PROD_DOMAIN="${PROD_DOMAIN_VAR:-${PROD_DOMAIN_SECRET:-}}"
if [ -n "$PROD_DOMAIN" ]; then
if echo "$PROD_DOMAIN" | grep -Eiq '^https?://'; then
URL="$PROD_DOMAIN"
else
URL="https://${PROD_DOMAIN}"
fi
fi
fi
fi
echo "Using backend URL: ${URL:-<empty>}"
echo "VITE_BACKEND_URL=${URL}" >> $GITHUB_ENV
- name: Build
run: npm run build
- name: Upload build artifact
uses: actions/upload-artifact@v4
with:
name: frontend-dist
path: 7project/frontend/dist
deploy:
name: Deploy to Cloudflare Pages
needs: build
runs-on: ubuntu-latest
outputs:
deployed_url: ${{ steps.out.outputs.deployed_url }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download build artifact
uses: actions/download-artifact@v4
with:
name: frontend-dist
path: dist
- name: Determine project name and branch
id: pname
env:
INPUT_MODE: ${{ inputs.mode }}
INPUT_PR: ${{ inputs.pr_number }}
run: |
set -euo pipefail
# Prefer manual input, then repo variable, fallback to repo-name
INPUT_NAME='${{ inputs.project_name }}'
VAR_NAME='${{ vars.CF_PAGES_PROJECT_NAME }}'
if [ -n "$INPUT_NAME" ]; then PNAME_RAW="$INPUT_NAME";
elif [ -n "$VAR_NAME" ]; then PNAME_RAW="$VAR_NAME";
else PNAME_RAW="${GITHUB_REPOSITORY##*/}-frontend"; fi
# Normalize project name to lowercase to satisfy Cloudflare Pages naming
PNAME="${PNAME_RAW,,}"
# Determine branch for Pages
if [ "${INPUT_MODE}" = "pr" ]; then
if [ -z "${INPUT_PR}" ]; then echo "pr_number is required when mode=pr"; exit 1; fi
PBRANCH="pr-${INPUT_PR}"
else
PBRANCH="main"
fi
echo "project_name=$PNAME" >> $GITHUB_OUTPUT
echo "branch=$PBRANCH" >> $GITHUB_OUTPUT
- name: Ensure Cloudflare Pages project exists
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
PNAME: ${{ steps.pname.outputs.project_name }}
run: |
set -euo pipefail
npx wrangler pages project create "$PNAME" --production-branch=main || true
- name: Deploy using Cloudflare Wrangler
uses: cloudflare/wrangler-action@v3
with:
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
command: pages deploy dist --project-name=${{ steps.pname.outputs.project_name }} --branch=${{ steps.pname.outputs.branch }}
- name: Compute deployed URL
id: out
env:
PNAME: ${{ steps.pname.outputs.project_name }}
PBRANCH: ${{ steps.pname.outputs.branch }}
run: |
set -euo pipefail
if [ "$PBRANCH" = "main" ]; then
URL="https://${PNAME}.pages.dev"
else
URL="https://${PBRANCH}.${PNAME}.pages.dev"
fi
echo "deployed_url=$URL" >> $GITHUB_OUTPUT

54
.github/workflows/workflow.yml vendored Normal file
View File

@@ -0,0 +1,54 @@
name: Build, Push and Update Image in Manifest
on:
push:
branches: [ "main" ]
paths:
- 'backend/**'
workflow_dispatch:
jobs:
build-and-update:
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push Docker image
id: build
uses: docker/build-push-action@v5
with:
context: ./backend
push: true
tags: ${{ secrets.DOCKER_USER }}/cc-app-demo:latest
- name: Get image digest
run: echo "IMAGE_DIGEST=${{ steps.build.outputs.digest }}" >> $GITHUB_ENV
- name: Update manifests with new image digest
uses: OpsVerseIO/image-updater-action@0.1.0
with:
branch: main
targetBranch: main
createPR: 'false'
message: "${{ github.event.head_commit.message }}"
token: ${{ secrets.GITHUB_TOKEN }}
changes: |
{
"deployment/app-demo-deployment.yaml": {
"spec.template.spec.containers[0].image": "${{ secrets.DOCKER_USER }}/cc-app-demo@${{ env.IMAGE_DIGEST }}"
},
"deployment/app-demo-worker-deployment.yaml": {
"spec.template.spec.containers[0].image": "${{ secrets.DOCKER_USER }}/cc-app-demo@${{ env.IMAGE_DIGEST }}"
}
}

0
7project/.gitignore → .gitignore vendored
View File

34
7project/backend/alembic/versions/2025_10_09_1514-390041bd839e_update_categories_unique.py
View File

@@ -1,34 +0,0 @@
"""update categories unique
Revision ID: 390041bd839e
Revises: 63e072f09836
Create Date: 2025-10-09 15:14:31.557686
"""
from typing import Sequence, Union
from alembic import op
import sqlalchemy as sa
# revision identifiers, used by Alembic.
revision: str = '390041bd839e'
down_revision: Union[str, Sequence[str], None] = '63e072f09836'
branch_labels: Union[str, Sequence[str], None] = None
depends_on: Union[str, Sequence[str], None] = None
def upgrade() -> None:
"""Upgrade schema."""
# ### commands auto generated by Alembic - please adjust! ###
op.drop_index(op.f('name'), table_name='categories')
op.create_unique_constraint('uix_name_user_id', 'categories', ['name', 'user_id'])
# ### end Alembic commands ###
def downgrade() -> None:
"""Downgrade schema."""
# ### commands auto generated by Alembic - please adjust! ###
op.drop_constraint('uix_name_user_id', 'categories', type_='unique')
op.create_index(op.f('name'), 'categories', ['name'], unique=True)
# ### end Alembic commands ###

48
7project/backend/alembic/versions/2025_10_10_1405-7af8f296d089_add_user_oauth.py
View File

@@ -1,48 +0,0 @@
"""add user oauth
Revision ID: 7af8f296d089
Revises: 390041bd839e
Create Date: 2025-10-10 14:05:00.153376
"""
from typing import Sequence, Union
import fastapi_users_db_sqlalchemy
from alembic import op
import sqlalchemy as sa
# revision identifiers, used by Alembic.
revision: str = '7af8f296d089'
down_revision: Union[str, Sequence[str], None] = '390041bd839e'
branch_labels: Union[str, Sequence[str], None] = None
depends_on: Union[str, Sequence[str], None] = None
def upgrade() -> None:
"""Upgrade schema."""
# ### commands auto generated by Alembic - please adjust! ###
op.create_table('oauth_account',
sa.Column('id', fastapi_users_db_sqlalchemy.generics.GUID(), nullable=False),
sa.Column('user_id', fastapi_users_db_sqlalchemy.generics.GUID(), nullable=False),
sa.Column('oauth_name', sa.String(length=100), nullable=False),
sa.Column('access_token', sa.String(length=1024), nullable=False),
sa.Column('expires_at', sa.Integer(), nullable=True),
sa.Column('refresh_token', sa.String(length=1024), nullable=True),
sa.Column('account_id', sa.String(length=320), nullable=False),
sa.Column('account_email', sa.String(length=320), nullable=False),
sa.ForeignKeyConstraint(['user_id'], ['user.id'], ondelete='cascade'),
sa.PrimaryKeyConstraint('id')
)
op.create_index(op.f('ix_oauth_account_account_id'), 'oauth_account', ['account_id'], unique=False)
op.create_index(op.f('ix_oauth_account_oauth_name'), 'oauth_account', ['oauth_name'], unique=False)
# ### end Alembic commands ###
def downgrade() -> None:
"""Downgrade schema."""
# ### commands auto generated by Alembic - please adjust! ###
op.drop_index(op.f('ix_oauth_account_oauth_name'), table_name='oauth_account')
op.drop_index(op.f('ix_oauth_account_account_id'), table_name='oauth_account')
op.drop_table('oauth_account')
# ### end Alembic commands ###

38
7project/backend/alembic/versions/2025_10_11_2107-5ab2e654c96e_change_token_lenght.py
View File

@@ -1,38 +0,0 @@
"""change token length
Revision ID: 5ab2e654c96e
Revises: 7af8f296d089
Create Date: 2025-10-11 21:07:41.930470
"""
from typing import Sequence, Union
from alembic import op
import sqlalchemy as sa
from sqlalchemy.dialects import mysql
# revision identifiers, used by Alembic.
revision: str = '5ab2e654c96e'
down_revision: Union[str, Sequence[str], None] = '7af8f296d089'
branch_labels: Union[str, Sequence[str], None] = None
depends_on: Union[str, Sequence[str], None] = None
def upgrade() -> None:
"""Upgrade schema."""
# ### commands auto generated by Alembic - please adjust! ###
op.alter_column('oauth_account', 'access_token',
existing_type=mysql.VARCHAR(length=1024),
type_=sa.String(length=4096),
existing_nullable=False)
# ### end Alembic commands ###
def downgrade() -> None:
"""Downgrade schema."""
# ### commands auto generated by Alembic - please adjust! ###
op.alter_column('oauth_account', 'access_token',
existing_type=sa.String(length=4096),
type_=mysql.VARCHAR(length=1024),
existing_nullable=False)
# ### end Alembic commands ###

31
7project/backend/app/api/auth.py
View File

@@ -1,31 +0,0 @@
from fastapi import APIRouter
from app.schemas.user import UserCreate, UserRead, UserUpdate
from app.services.user_service import auth_backend, fastapi_users
router = APIRouter()
# Keep existing paths as-is under /auth/* and /users/*
router.include_router(
fastapi_users.get_auth_router(auth_backend), prefix="/auth/jwt", tags=["auth"]
)
router.include_router(
fastapi_users.get_register_router(UserRead, UserCreate),
prefix="/auth",
tags=["auth"],
)
router.include_router(
fastapi_users.get_reset_password_router(),
prefix="/auth",
tags=["auth"],
)
router.include_router(
fastapi_users.get_verify_router(UserRead),
prefix="/auth",
tags=["auth"],
)
router.include_router(
fastapi_users.get_users_router(UserRead, UserUpdate),
prefix="/users",
tags=["users"],
)

77
7project/backend/app/api/categories.py
View File

@@ -1,77 +0,0 @@
from typing import List
from fastapi import APIRouter, Depends, HTTPException, status
from sqlalchemy import select, delete
from sqlalchemy.ext.asyncio import AsyncSession
from app.models.categories import Category
from app.schemas.category import CategoryCreate, CategoryRead
from app.services.db import get_async_session
from app.services.user_service import current_active_user
from app.models.user import User
router = APIRouter(prefix="/categories", tags=["categories"])
@router.post("/create", response_model=CategoryRead, status_code=status.HTTP_201_CREATED)
async def create_category(
payload: CategoryCreate,
session: AsyncSession = Depends(get_async_session),
user: User = Depends(current_active_user),
):
# Enforce per-user unique name via query to provide 409 feedback
res = await session.execute(
select(Category).where(Category.user_id == user.id, Category.name == payload.name)
)
existing = res.scalar_one_or_none()
if existing:
raise HTTPException(status_code=409, detail="Category with this name already exists")
category = Category(name=payload.name, description=payload.description, user_id=user.id)
session.add(category)
await session.commit()
await session.refresh(category)
return category
@router.get("/", response_model=List[CategoryRead])
async def list_categories(
session: AsyncSession = Depends(get_async_session),
user: User = Depends(current_active_user),
):
res = await session.execute(select(Category).where(Category.user_id == user.id))
return list(res.scalars())
@router.get("/{category_id}", response_model=CategoryRead)
async def get_category(
category_id: int,
session: AsyncSession = Depends(get_async_session),
user: User = Depends(current_active_user),
):
res = await session.execute(
select(Category).where(Category.id == category_id, Category.user_id == user.id)
)
category = res.scalar_one_or_none()
if not category:
raise HTTPException(status_code=404, detail="Category not found")
return category
@router.delete("/{category_id}", status_code=status.HTTP_204_NO_CONTENT)
async def delete_category(
category_id: int,
session: AsyncSession = Depends(get_async_session),
user: User = Depends(current_active_user),
):
res = await session.execute(
select(Category.id).where(Category.id == category_id, Category.user_id == user.id)
)
if res.scalar_one_or_none() is None:
raise HTTPException(status_code=404, detail="Category not found")
await session.execute(
delete(Category).where(Category.id == category_id, Category.user_id == user.id)
)
await session.commit()
return None

219
7project/backend/app/api/transactions.py
View File

@@ -1,219 +0,0 @@
from typing import List, Optional
from fastapi import APIRouter, Depends, HTTPException, status
from sqlalchemy import select
from sqlalchemy.ext.asyncio import AsyncSession
from app.models.transaction import Transaction
from app.models.categories import Category
from app.schemas.transaction import (
TransactionCreate,
TransactionRead,
TransactionUpdate,
)
from app.services.db import get_async_session
from app.services.user_service import current_active_user
from app.models.user import User
router = APIRouter(prefix="/transactions", tags=["transactions"])
def _to_read_model(tx: Transaction) -> TransactionRead:
return TransactionRead(
id=tx.id,
amount=tx.amount,
description=tx.description,
category_ids=[c.id for c in (tx.categories or [])],
)
@router.post("/create", response_model=TransactionRead, status_code=status.HTTP_201_CREATED)
async def create_transaction(
payload: TransactionCreate,
session: AsyncSession = Depends(get_async_session),
user: User = Depends(current_active_user),
):
tx = Transaction(amount=payload.amount, description=payload.description, user_id=user.id)
# Attach categories if provided (and owned by user)
if payload.category_ids:
res = await session.execute(
select(Category).where(
Category.user_id == user.id, Category.id.in_(payload.category_ids)
)
)
categories = list(res.scalars())
if len(categories) != len(set(payload.category_ids)):
raise HTTPException(
status_code=400,
detail="Duplicate category IDs provided or one or more categories not found"
)
tx.categories = categories
session.add(tx)
await session.commit()
await session.refresh(tx)
# Ensure categories are loaded
await session.refresh(tx, attribute_names=["categories"])
return _to_read_model(tx)
@router.get("/", response_model=List[TransactionRead])
async def list_transactions(
session: AsyncSession = Depends(get_async_session),
user: User = Depends(current_active_user),
):
res = await session.execute(
select(Transaction).where(Transaction.user_id == user.id).order_by(Transaction.id)
)
txs = list(res.scalars())
# Eagerly load categories for each transaction
for tx in txs:
await session.refresh(tx, attribute_names=["categories"])
return [_to_read_model(tx) for tx in txs]
@router.get("/{transaction_id}", response_model=TransactionRead)
async def get_transaction(
transaction_id: int,
session: AsyncSession = Depends(get_async_session),
user: User = Depends(current_active_user),
):
res = await session.execute(
select(Transaction).where(
Transaction.id == transaction_id, Transaction.user_id == user.id
)
)
tx: Optional[Transaction] = res.scalar_one_or_none()
if not tx:
raise HTTPException(status_code=404, detail="Transaction not found")
await session.refresh(tx, attribute_names=["categories"])
return _to_read_model(tx)
@router.patch("/{transaction_id}/edit", response_model=TransactionRead)
async def update_transaction(
transaction_id: int,
payload: TransactionUpdate,
session: AsyncSession = Depends(get_async_session),
user: User = Depends(current_active_user),
):
res = await session.execute(
select(Transaction).where(
Transaction.id == transaction_id, Transaction.user_id == user.id
)
)
tx: Optional[Transaction] = res.scalar_one_or_none()
if not tx:
raise HTTPException(status_code=404, detail="Transaction not found")
if payload.amount is not None:
tx.amount = payload.amount
if payload.description is not None:
tx.description = payload.description
if payload.category_ids is not None:
# Preload categories to avoid async lazy-load during assignment
await session.refresh(tx, attribute_names=["categories"])
if payload.category_ids:
# Check for duplicate category IDs in the payload
if len(payload.category_ids) != len(set(payload.category_ids)):
raise HTTPException(status_code=400, detail="Duplicate category IDs in payload")
res = await session.execute(
select(Category).where(
Category.user_id == user.id, Category.id.in_(payload.category_ids)
)
)
categories = list(res.scalars())
if len(categories) != len(payload.category_ids):
raise HTTPException(status_code=400, detail="One or more categories not found")
tx.categories = categories
else:
tx.categories = []
await session.commit()
await session.refresh(tx, attribute_names=["categories"])
return _to_read_model(tx)
@router.delete("/{transaction_id}/delete", status_code=status.HTTP_204_NO_CONTENT)
async def delete_transaction(
transaction_id: int,
session: AsyncSession = Depends(get_async_session),
user: User = Depends(current_active_user),
):
res = await session.execute(
select(Transaction).where(
Transaction.id == transaction_id, Transaction.user_id == user.id
)
)
tx = res.scalar_one_or_none()
if not tx:
raise HTTPException(status_code=404, detail="Transaction not found")
await session.delete(tx)
await session.commit()
return None
@router.post("/{transaction_id}/categories/{category_id}", response_model=TransactionRead)
async def assign_category(
transaction_id: int,
category_id: int,
session: AsyncSession = Depends(get_async_session),
user: User = Depends(current_active_user),
):
# Load transaction and category ensuring ownership
res_tx = await session.execute(
select(Transaction).where(
Transaction.id == transaction_id, Transaction.user_id == user.id
)
)
tx: Optional[Transaction] = res_tx.scalar_one_or_none()
if not tx:
raise HTTPException(status_code=404, detail="Transaction not found")
res_cat = await session.execute(
select(Category).where(Category.id == category_id, Category.user_id == user.id)
)
cat: Optional[Category] = res_cat.scalar_one_or_none()
if not cat:
raise HTTPException(status_code=404, detail="Category not found")
await session.refresh(tx, attribute_names=["categories"])
if cat not in tx.categories:
tx.categories.append(cat)
await session.commit()
await session.refresh(tx, attribute_names=["categories"])
return _to_read_model(tx)
@router.delete("/{transaction_id}/categories/{category_id}", response_model=TransactionRead)
async def unassign_category(
transaction_id: int,
category_id: int,
session: AsyncSession = Depends(get_async_session),
user: User = Depends(current_active_user),
):
res_tx = await session.execute(
select(Transaction).where(
Transaction.id == transaction_id, Transaction.user_id == user.id
)
)
tx: Optional[Transaction] = res_tx.scalar_one_or_none()
if not tx:
raise HTTPException(status_code=404, detail="Transaction not found")
res_cat = await session.execute(
select(Category).where(Category.id == category_id, Category.user_id == user.id)
)
cat: Optional[Category] = res_cat.scalar_one_or_none()
if not cat:
raise HTTPException(status_code=404, detail="Category not found")
await session.refresh(tx, attribute_names=["categories"])
if cat in tx.categories:
tx.categories.remove(cat)
await session.commit()
await session.refresh(tx, attribute_names=["categories"])
return _to_read_model(tx)

61
7project/backend/app/app.py
View File

@@ -1,61 +0,0 @@
from fastapi import Depends, FastAPI
from fastapi.middleware.cors import CORSMiddleware
from app.models.user import User
from app.services.user_service import current_active_verified_user
from app.api.auth import router as auth_router
from app.api.categories import router as categories_router
from app.api.transactions import router as transactions_router
from app.services.user_service import auth_backend, current_active_verified_user, fastapi_users, get_oauth_provider
fastApi = FastAPI()
# CORS for frontend dev server
fastApi.add_middleware(
CORSMiddleware,
allow_origins=[
"http://localhost:5173",
"http://127.0.0.1:5173",
],
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
fastApi.include_router(auth_router)
fastApi.include_router(categories_router)
fastApi.include_router(transactions_router)
fastApi.include_router(
fastapi_users.get_oauth_router(
get_oauth_provider("MojeID"),
auth_backend,
"SECRET",
associate_by_email=True,
),
prefix="/auth/mojeid",
tags=["auth"],
)
fastApi.include_router(
fastapi_users.get_oauth_router(
get_oauth_provider("BankID"),
auth_backend,
"SECRET",
associate_by_email=True,
),
prefix="/auth/bankid",
tags=["auth"],
)
# Liveness/root endpoint
@fastApi.get("/", include_in_schema=False)
async def root():
return {"status": "ok"}
@fastApi.get("/authenticated-route")
async def authenticated_route(user: User = Depends(current_active_verified_user)):
return {"message": f"Hello {user.email}!"}

50
7project/backend/app/celery_app.py
View File

@@ -1,50 +0,0 @@
import os
from celery import Celery
if os.getenv("RABBITMQ_URL"):
RABBITMQ_URL = os.getenv("RABBITMQ_URL") # type: ignore
else:
from urllib.parse import quote
username = os.getenv("RABBITMQ_USERNAME", "user")
password = os.getenv("RABBITMQ_PASSWORD", "bitnami123")
host = os.getenv("RABBITMQ_HOST", "localhost")
port = os.getenv("RABBITMQ_PORT", "5672")
vhost = os.getenv("RABBITMQ_VHOST", "/")
use_ssl = os.getenv("RABBITMQ_USE_SSL", "0").lower() in {"1", "true", "yes"}
scheme = "amqps" if use_ssl else "amqp"
# Kombu uses '//' to denote the default '/' vhost. For custom vhosts, URL-encode them.
if vhost in ("/", ""):
vhost_path = "/" # will become '//' after concatenation below
else:
vhost_path = f"/{quote(vhost, safe='')}"
# Ensure we end up with e.g. amqp://user:pass@host:5672// (for '/')
RABBITMQ_URL = f"{scheme}://{username}:{password}@{host}:{port}{vhost_path}"
if vhost in ("/", "") and not RABBITMQ_URL.endswith("//"):
RABBITMQ_URL += "/"
DEFAULT_QUEUE = os.getenv("MAIL_QUEUE", "mail_queue")
CELERY_BACKEND = os.getenv("CELERY_BACKEND", "rpc://")
celery_app = Celery(
"app",
broker=RABBITMQ_URL,
# backend=CELERY_BACKEND,
)
celery_app.autodiscover_tasks(["app.workers"], related_name="celery_tasks") # discover app.workers.celery_tasks
celery_app.set_default()
celery_app.conf.update(
task_default_queue=DEFAULT_QUEUE,
task_acks_late=True,
worker_prefetch_multiplier=int(os.getenv("CELERY_PREFETCH", "1")),
task_serializer="json",
result_serializer="json",
accept_content=["json"],
)
__all__ = ["celery_app"]

6
7project/backend/app/core/queue.py
View File

@@ -1,6 +0,0 @@
import app.celery_app # noqa: F401
from app.workers.celery_tasks import send_email
def enqueue_email(to: str, subject: str, body: str) -> None:
send_email.delay(to, subject, body)

25
7project/backend/app/models/categories.py
View File

@@ -1,25 +0,0 @@
from fastapi_users_db_sqlalchemy import GUID
from sqlalchemy import Column, Integer, String, ForeignKey, Table, UniqueConstraint
from sqlalchemy.orm import relationship
from app.core.base import Base
association_table = Table(
"category_transaction",
Base.metadata,
Column("id_category", Integer, ForeignKey("categories.id")),
Column("id_transaction", Integer, ForeignKey("transaction.id"))
)
class Category(Base):
__tablename__ = "categories"
__table_args__ = (
UniqueConstraint("name", "user_id", name="uix_name_user_id"),
)
id = Column(Integer, primary_key=True, autoincrement=True)
name = Column(String(length=100), nullable=False)
description = Column(String(length=255), nullable=True)
user_id = Column(GUID, ForeignKey("user.id"), nullable=False)
user = relationship("User", back_populates="categories")
transactions = relationship("Transaction", secondary=association_table, back_populates="categories")

17
7project/backend/app/models/transaction.py
View File

@@ -1,17 +0,0 @@
from fastapi_users_db_sqlalchemy import GUID
from sqlalchemy import Column, Integer, String, Float, ForeignKey
from sqlalchemy.orm import relationship
from app.core.base import Base
from app.models.categories import association_table
class Transaction(Base):
__tablename__ = "transaction"
id = Column(Integer, primary_key=True, autoincrement=True)
amount = Column(Float, nullable=False)
description = Column(String(length=255), nullable=True)
user_id = Column(GUID, ForeignKey("user.id"), nullable=False)
# Relationship
user = relationship("User", back_populates="transactions")
categories = relationship("Category", secondary=association_table, back_populates="transactions")

19
7project/backend/app/models/user.py
View File

@@ -1,19 +0,0 @@
from sqlalchemy import Column, String
from sqlalchemy.orm import relationship, mapped_column, Mapped
from fastapi_users.db import SQLAlchemyBaseUserTableUUID, SQLAlchemyBaseOAuthAccountTableUUID
from app.core.base import Base
class OAuthAccount(SQLAlchemyBaseOAuthAccountTableUUID, Base):
# BankID token is longer than default
access_token: Mapped[str] = mapped_column(String(length=4096), nullable=False)
class User(SQLAlchemyBaseUserTableUUID, Base):
first_name = Column(String(length=100), nullable=True)
last_name = Column(String(length=100), nullable=True)
oauth_accounts = relationship("OAuthAccount", lazy="joined")
# Relationship
transactions = relationship("Transaction", back_populates="user")
categories = relationship("Category", back_populates="user")

50
7project/backend/app/oauth/bank_id.py
View File

@@ -1,50 +0,0 @@
import secrets
from typing import Optional, Literal
from httpx_oauth.oauth2 import T
from app.oauth.custom_openid import CustomOpenID
class BankID(CustomOpenID):
def __init__(self, client_id: str, client_secret: str):
super().__init__(
client_id,
client_secret,
"https://oidc.sandbox.bankid.cz/.well-known/openid-configuration",
"BankID",
base_scopes=["openid", "profile.email", "profile.name"],
)
async def get_user_info(self, token: str) -> dict:
info = await self.get_profile(token)
return {
"first_name": info.get("given_name"),
"last_name": info.get("family_name"),
}
async def get_authorization_url(
self,
redirect_uri: str,
state: Optional[str] = None,
scope: Optional[list[str]] = None,
code_challenge: Optional[str] = None,
code_challenge_method: Optional[Literal["plain", "S256"]] = None,
extras_params: Optional[T] = None,
) -> str:
if extras_params is None:
extras_params = {}
# BankID requires random nonce parameter for security
# https://developer.bankid.cz/docs/security_sep
extras_params["nonce"] = secrets.token_urlsafe()
return await super().get_authorization_url(
redirect_uri,
state,
scope,
code_challenge,
code_challenge_method,
extras_params,
)

6
7project/backend/app/oauth/custom_openid.py
View File

@@ -1,6 +0,0 @@
from httpx_oauth.clients.openid import OpenID
class CustomOpenID(OpenID):
async def get_user_info(self, token: str) -> dict:
raise NotImplementedError()

56
7project/backend/app/oauth/moje_id.py
View File

@@ -1,56 +0,0 @@
import json
from typing import Optional, Literal, Any
from httpx_oauth.oauth2 import T
from app.oauth.custom_openid import CustomOpenID
class MojeIDOAuth(CustomOpenID):
def __init__(self, client_id: str, client_secret: str):
super().__init__(
client_id,
client_secret,
"https://mojeid.regtest.nic.cz/.well-known/openid-configuration/",
"MojeID",
base_scopes=["openid", "email", "profile"],
)
async def get_user_info(self, token: str) -> Optional[Any]:
info = await self.get_profile(token)
return {
"first_name": info.get("given_name"),
"last_name": info.get("family_name"),
}
async def get_authorization_url(
self,
redirect_uri: str,
state: Optional[str] = None,
scope: Optional[list[str]] = None,
code_challenge: Optional[str] = None,
code_challenge_method: Optional[Literal["plain", "S256"]] = None,
extras_params: Optional[T] = None,
) -> str:
required_fields = {
'id_token': {
'name': {'essential': True},
'given_name': {'essential': True},
'family_name': {'essential': True},
'email': {'essential': True},
'mojeid_valid': {'essential': True},
}}
if extras_params is None:
extras_params = {}
extras_params["claims"] = json.dumps(required_fields)
return await super().get_authorization_url(
redirect_uri,
state,
scope,
code_challenge,
code_challenge_method,
extras_params,
)

16
7project/backend/app/schemas/category.py
View File

@@ -1,16 +0,0 @@
from typing import Optional
from pydantic import BaseModel, ConfigDict
class CategoryBase(BaseModel):
name: str
description: Optional[str] = None
class CategoryCreate(CategoryBase):
pass
class CategoryRead(CategoryBase):
id: int
model_config = ConfigDict(from_attributes=True)

21
7project/backend/app/schemas/transaction.py
View File

@@ -1,21 +0,0 @@
from typing import List, Optional
from pydantic import BaseModel, Field, ConfigDict
class TransactionBase(BaseModel):
amount: float = Field(..., gt=-1e18, lt=1e18)
description: Optional[str] = None
class TransactionCreate(TransactionBase):
category_ids: Optional[List[int]] = None
class TransactionUpdate(BaseModel):
amount: Optional[float] = Field(None, gt=-1e18, lt=1e18)
description: Optional[str] = None
category_ids: Optional[List[int]] = None
class TransactionRead(TransactionBase):
id: int
category_ids: List[int] = []
model_config = ConfigDict(from_attributes=True)

19
7project/backend/app/workers/celery_tasks.py
View File

@@ -1,19 +0,0 @@
import logging
from celery import shared_task
logger = logging.getLogger("celery_tasks")
if not logger.handlers:
_h = logging.StreamHandler()
logger.addHandler(_h)
logger.setLevel(logging.INFO)
@shared_task(name="workers.send_email")
def send_email(to: str, subject: str, body: str) -> None:
if not (to and subject and body):
logger.error("Email task missing fields. to=%r subject=%r body_len=%r", to, subject, len(body) if body else 0)
return
# Placeholder for real email sending logic
logger.info("[Celery] Email sent | to=%s | subject=%s | body_len=%d", to, subject, len(body))

6
7project/charts/myapp-chart/Chart.yaml
View File

@@ -1,6 +0,0 @@
apiVersion: v2
name: myapp-chart
version: 0.1.0
description: Helm chart for my app with MariaDB Database CR
appVersion: "1.0.0"
type: application

54
7project/charts/myapp-chart/templates/NOTES.txt
View File

@@ -1,54 +0,0 @@
Thank you for installing myapp-chart.
This chart packages all Kubernetes manifests from the original deployment directory and parameterizes environment, database name (with optional PR suffix), image, and domain for external access.
Namespaces per developer (important):
- Install each developer's environment into their own namespace using Helm's -n/--namespace flag.
- No hardcoded namespace is used in templates; resources are created in .Release.Namespace.
- Example namespaces: dev-alice, dev-bob, pr-123, etc.
Key values:
- deployment -> used as Database CR name and DB username (MARIADB_DB and MARIADB_USER)
- image.repository/tag or image.digest -> container image
- domain -> public FQDN used by TunnelBinding (required to expose app)
- app/worker names, replicas, ports
Examples:
- Dev install (Alice):
helm upgrade --install myapp ./7project/charts/myapp-chart \
-n dev-alice --create-namespace \
-f values-dev.yaml \
--set domain=alice.demo.example.com \
--set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
--set-string database.password="$DB_PASSWORD"
- Dev install (Bob):
helm upgrade --install myapp ./7project/charts/myapp-chart \
-n dev-bob --create-namespace \
-f values-dev.yaml \
--set domain=bob.demo.example.com
- Prod install (different cleanupPolicy):
helm upgrade --install myapp ./7project/charts/myapp-chart \
-n prod --create-namespace \
-f values-prod.yaml \
--set domain=app.example.com
- PR (preview) install with DB name containing PR number (also its own namespace):
PR=123
helm upgrade --install myapp-pr-$PR ./7project/charts/myapp-chart \
-n pr-$PR --create-namespace \
-f values-dev.yaml \
--set prNumber=$PR \
--set deployment=preview-$PR \
--set domain=pr-$PR.example.com
- Use a custom deployment identifier to suffix DB name, DB username and Secret name:
helm upgrade --install myapp ./7project/charts/myapp-chart \
-n dev-alice --create-namespace \
-f values-dev.yaml \
--set deployment=alice \
--set domain=alice.demo.example.com
Render locally (dry run):
helm template ./7project/charts/myapp-chart -f values-dev.yaml --set prNumber=456 --set deployment=test --set domain=demo.example.com --namespace dev-test | sed -n '/kind: Database/,$p' | head -n 30

68
7project/charts/myapp-chart/templates/app-deployment.yaml
View File

@@ -1,68 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.app.name }}
spec:
replicas: {{ .Values.app.replicas }}
revisionHistoryLimit: 3
selector:
matchLabels:
app: {{ .Values.app.name }}
template:
metadata:
labels:
app: {{ .Values.app.name }}
spec:
containers:
- name: {{ .Values.app.name }}
image: "{{- if .Values.image.digest -}}{{ .Values.image.repository }}@{{ .Values.image.digest }}{{- else -}}{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}{{- end -}}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
ports:
- containerPort: {{ .Values.app.port }}
env:
- name: MARIADB_HOST
value: "mariadb-repl-maxscale-internal.mariadb-operator.svc.cluster.local"
- name: MARIADB_PORT
value: '3306'
- name: MARIADB_DB
value: {{ required "Set .Values.deployment" .Values.deployment | quote }}
- name: MARIADB_USER
value: {{ required "Set .Values.deployment" .Values.deployment | quote }}
- name: MARIADB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ required "Set .Values.database.secretName" .Values.database.secretName }}
key: password
- name: RABBITMQ_USERNAME
value: {{ .Values.rabbitmq.username | quote }}
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
key: password
- name: RABBITMQ_HOST
value: {{ printf "%s.%s.svc.cluster.local" "rabbitmq-cluster" .Release.Namespace | quote }}
- name: RABBITMQ_PORT
value: {{ .Values.rabbitmq.port | quote }}
- name: RABBITMQ_VHOST
value: {{ .Values.rabbitmq.vhost | default "/" | quote }}
- name: MAIL_QUEUE
value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }}
livenessProbe:
httpGet:
path: /
port: {{ .Values.app.port }}
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /
port: {{ .Values.app.port }}
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 3

18
7project/charts/myapp-chart/templates/database-grant.yaml
View File

@@ -1,18 +0,0 @@
apiVersion: k8s.mariadb.com/v1alpha1
kind: Grant
metadata:
name: grant
spec:
mariaDbRef:
name: {{ .Values.mariadb.mariaDbRef.name }}
namespace: {{ .Values.mariadb.mariaDbRef.namespace }}
privileges:
- "ALL PRIVILEGES"
database: {{ required "Set .Values.deployment" .Values.deployment | quote }}
table: "*"
username: {{ required "Set .Values.deployment" .Values.deployment | quote }}
grantOption: true
host: "%"
cleanupPolicy: {{ .Values.mariadb.cleanupPolicy }}
requeueInterval: {{ .Values.mariadb.requeueInterval | quote }}
retryInterval: {{ .Values.mariadb.retryInterval | quote }}

7
7project/charts/myapp-chart/templates/database-secret.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ required "Set .Values.database.secretName" .Values.database.secretName }}
type: kubernetes.io/basic-auth
stringData:
password: {{ required "Set .Values.database.password" .Values.database.password | quote }}

16
7project/charts/myapp-chart/templates/database-user.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: k8s.mariadb.com/v1alpha1
kind: User
metadata:
name: {{ required "Set .Values.deployment" .Values.deployment }}
spec:
mariaDbRef:
name: {{ .Values.mariadb.mariaDbRef.name }}
namespace: {{ .Values.mariadb.mariaDbRef.namespace }}
passwordSecretKeyRef:
name: {{ required "Set .Values.database.secretName" .Values.database.secretName }}
key: password
maxUserConnections: 20
host: "%"
cleanupPolicy: {{ .Values.mariadb.cleanupPolicy }}
requeueInterval: {{ .Values.mariadb.requeueInterval | quote }}
retryInterval: {{ .Values.mariadb.retryInterval | quote }}

14
7project/charts/myapp-chart/templates/database.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: k8s.mariadb.com/v1alpha1
kind: Database
metadata:
name: {{ required "Set .Values.deployment" .Values.deployment }}
spec:
mariaDbRef:
name: {{ .Values.mariadb.mariaDbRef.name | required "Values mariadb.mariaDbRef.name is required" }}
namespace: {{ .Values.mariadb.mariaDbRef.namespace | default .Release.Namespace }}
characterSet: utf8
collate: utf8_general_ci
cleanupPolicy: {{ .Values.mariadb.cleanupPolicy }}
requeueInterval: {{ .Values.mariadb.requeueInterval | quote }}
retryInterval: {{ .Values.mariadb.retryInterval | quote }}

10
7project/charts/myapp-chart/templates/rabbitmq-cluster.yaml
View File

@@ -1,10 +0,0 @@
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: "rabbitmq-cluster"
namespace: {{ .Release.Namespace }}
spec:
replicas: {{ .Values.rabbitmq.replicas | default 1 }}
persistence:
storage: {{ .Values.rabbitmq.storage | default "1Gi" }}
resources: {}

15
7project/charts/myapp-chart/templates/rabbitmq-permission.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: rabbitmq.com/v1beta1
kind: Permission
metadata:
name: {{ printf "%s-permission" (.Values.rabbitmq.username | default "demo-app") }}
namespace: {{ .Release.Namespace }}
spec:
rabbitmqClusterReference:
name: rabbitmq-cluster
namespace: {{ .Release.Namespace }}
vhost: {{ .Values.rabbitmq.vhost | default "/" | quote }}
user: {{ .Values.rabbitmq.username | default "demo-app" }}
permissions:
configure: ".*"
read: ".*"
write: ".*"

12
7project/charts/myapp-chart/templates/rabbitmq-queue.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: rabbitmq.com/v1beta1
kind: Queue
metadata:
name: {{ .Values.worker.mailQueueName | replace "_" "-" | lower }}
namespace: {{ .Release.Namespace }}
spec:
rabbitmqClusterReference:
name: rabbitmq-cluster
namespace: {{ .Release.Namespace }}
name: {{ .Values.worker.mailQueueName }}
vhost: {{ .Values.rabbitmq.vhost | default "/" | quote }}
durable: true

10
7project/charts/myapp-chart/templates/rabbitmq-user-secret.yaml
View File

@@ -1,10 +0,0 @@
{{- if .Values.rabbitmq.password }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
namespace: {{ .Release.Namespace }}
stringData:
password: {{ .Values.rabbitmq.password | quote }}
username: {{ .Values.rabbitmq.username | quote }}
{{- end }}

13
7project/charts/myapp-chart/templates/rabbitmq-user.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: rabbitmq.com/v1beta1
kind: User
metadata:
name: {{ .Values.rabbitmq.username | default "demo-app" }}
namespace: {{ .Release.Namespace }}
spec:
rabbitmqClusterReference:
name: rabbitmq-cluster
namespace: {{ .Release.Namespace }}
tags:
- management
importCredentialsSecret:
name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}

10
7project/charts/myapp-chart/templates/service.yaml
View File

@@ -1,10 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.app.name }}
spec:
ports:
- port: {{ .Values.service.port }}
targetPort: {{ .Values.app.port }}
selector:
app: {{ .Values.app.name }}

14
7project/charts/myapp-chart/templates/tunnel.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: networking.cfargotunnel.com/v1alpha1
kind: TunnelBinding
metadata:
name: guestbook-tunnel-binding
namespace: {{ .Release.Namespace }}
subjects:
- name: app-server
spec:
target: {{ printf "http://%s.%s.svc.cluster.local" .Values.app.name .Release.Namespace | quote }}
fqdn: {{ required "Set .Values.domain via --set domain=example.com" .Values.domain | quote }}
noTlsVerify: true
tunnelRef:
kind: ClusterTunnel
name: cluster-tunnel

48
7project/charts/myapp-chart/templates/worker-deployment.yaml
View File

@@ -1,48 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ printf "%s-worker" .Values.app.name }}
spec:
replicas: {{ .Values.worker.replicas }}
revisionHistoryLimit: 3
selector:
matchLabels:
app: {{ printf "%s-worker" .Values.app.name }}
template:
metadata:
labels:
app: {{ printf "%s-worker" .Values.app.name }}
spec:
containers:
- name: {{ printf "%s-worker" .Values.app.name }}
image: "{{- if .Values.image.digest -}}{{ .Values.image.repository }}@{{ .Values.image.digest }}{{- else -}}{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}{{- end -}}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
command:
- celery
- -A
- app.celery_app
- worker
- -Q
- $(MAIL_QUEUE)
- --loglevel
- INFO
env:
- name: RABBITMQ_USERNAME
value: {{ .Values.rabbitmq.username | quote }}
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
key: password
- name: RABBITMQ_HOST
value: {{ printf "%s.%s.svc.cluster.local" "rabbitmq-cluster" .Release.Namespace | quote }}
- name: RABBITMQ_PORT
value: {{ .Values.rabbitmq.port | quote }}
- name: RABBITMQ_VHOST
value: {{ .Values.rabbitmq.vhost | default "/" | quote }}
- name: MAIL_QUEUE
value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }}

5
7project/charts/myapp-chart/values-dev.yaml
View File

@@ -1,5 +0,0 @@
env: dev
mariadb:
cleanupPolicy: Delete

7
7project/charts/myapp-chart/values-prod.yaml
View File

@@ -1,7 +0,0 @@
env: prod
app:
replicas: 3
worker:
replicas: 3

60
7project/charts/myapp-chart/values.yaml
View File

@@ -1,60 +0,0 @@
# Base values shared across environments
env: dev
# Optional PR number used to suffix DB name, set via --set prNumber=123 in CI
prNumber: ""
# Optional deployment identifier used to suffix resource names (db, user, secret)
# Example: --set deployment=alice or --set deployment=feature123
deployment: ""
# Public domain to expose the app under (used by TunnelBinding fqdn)
# Set at install time: --set domain=example.com
domain: ""
image:
repository: lukastrkan/cc-app-demo
# You can use a tag or digest. If digest is provided, it takes precedence.
digest: ""
pullPolicy: IfNotPresent
app:
name: "finance-tracker"
replicas: 1
port: 8000
worker:
name: app-demo-worker
replicas: 1
# Queue name for Celery worker and for CRD Queue
mailQueueName: "mail_queue"
service:
port: 80
rabbitmq:
create: true
replicas: 1
storage: 5Gi
# Optional: override the generated cluster name; default is "<app.name>-rabbit[-<deployment>]"
clusterName: ""
port: "5672"
username: demo-app
password: ""
vhost: "/"
mariadb:
name: app-demo-database
cleanupPolicy: Skip
requeueInterval: 10h
retryInterval: 30s
mariaDbRef:
name: mariadb-repl
namespace: mariadb-operator
# Database access resources
database:
userName: app-demo-user
secretName: app-demo-database-secret
password: ""

81
7project/checklist.md
View File

@@ -1,81 +0,0 @@
# Project Evaluation Checklist
The group earn points by completing items from the categories below.
You are not expected to complete all items.
Focus on areas that align with your project goals and interests.
The core deliverables are required.
This means that you must get at least 2 points for each item in this category.
| **Category** | **Item** | **Max Points** | **Points** |
| -------------------------------- | --------------------------------------- | -------------- | ---------------- |
| **Core Deliverables (Required)** | | | |
| Codebase & Organization | Well-organized project structure | 5 | |
| | Clean, readable code | 5 | |
| | Use planning tool (e.g., GitHub issues) | 5 | |
| | Proper version control usage | 5 | |
| | Complete source code | 5 | |
| Documentation | Comprehensive reproducibility report | 10 | |
| | Updated design document | 5 | |
| | Clear build/deployment instructions | 5 | |
| | Troubleshooting guide | 5 | |
| | Completed self-assessment table | 5 | |
| | Hour sheets for all members | 5 | |
| Presentation Video | Project demonstration | 5 | |
| | Code walk-through | 5 | |
| | Deployment showcase | 5 | |
| **Technical Implementation** | | | |
| Application Functionality | Basic functionality works | 10 | |
| | Advanced features implemented | 10 | |
| | Error handling & robustness | 10 | |
| | User-friendly interface | 5 | |
| Backend & Architecture | Stateless web server | 5 | |
| | Stateful application | 10 | |
| | Database integration | 10 | |
| | API design | 5 | |
| | Microservices architecture | 10 | |
| Cloud Integration | Basic cloud deployment | 10 | |
| | Cloud APIs usage | 10 | |
| | Serverless components | 10 | |
| | Advanced cloud services | 5 | |
| **DevOps & Deployment** | | | |
| Containerization | Basic Dockerfile | 5 | |
| | Optimized Dockerfile | 5 | |
| | Docker Compose | 5 | |
| | Persistent storage | 5 | |
| Deployment & Scaling | Manual deployment | 5 | |
| | Automated deployment | 5 | |
| | Multiple replicas | 5 | |
| | Kubernetes deployment | 10 | |
| **Quality Assurance** | | | |
| Testing | Unit tests | 5 | |
| | Integration tests | 5 | |
| | End-to-end tests | 5 | |
| | Performance testing | 5 | |
| Monitoring & Operations | Health checks | 5 | |
| | Logging | 5 | |
| | Metrics/Monitoring | 5 | |
| Security | HTTPS/TLS | 5 | |
| | Authentication | 5 | |
| | Authorization | 5 | |
| **Innovation & Excellence** | | | |
| Advanced Features and | AI/ML Integration | 10 | |
| Technical Excellence | Real-time features | 10 | |
| | Creative problem solving | 10 | |
| | Performance optimization | 5 | |
| | Exceptional user experience | 5 | |
| **Total** | | **255** | **[Your Total]** |
## Grading Scale
- **Minimum Required: 100 points**
- **Maximum: 200+ points**
| Grade | Points |
| ----- | -------- |
| A | 180-200+ |
| B | 160-179 |
| C | 140-159 |
| D | 120-139 |
| E | 100-119 |
| F | 0-99 |

2
7project/frontend/src/config.ts
View File

@@ -1,2 +0,0 @@
export const BACKEND_URL: string =
import.meta.env.VITE_BACKEND_URL ?? '';

54
7project/meetings/meeting-9-10.md
View File

@@ -1,54 +0,0 @@
# Weekly Meeting Notes
- Group 8 - Personal finance tracker
- Mentor: Jaychander
Keep all meeting notes in the `meetings.md` file in your project folder.
Just copy the template below for each weekly meeting and fill in the details.
## Administrative Info
- Date: 2025-10-08
- Attendees: Dejan Ribarovski, Lukas Trkan
- Notetaker: Dejan Ribarovski
## Progress Update (Before Meeting)
Summary of what has been accomplished since the last meeting in the following categories.
### Coding
Lukas has implemented the template source directories, source files and config files necessary for deployment
- docker compose for database, redis cache and rabbit MQ
- tofu
- backend template
- frontend template
- charts templates
### Documentation
- Created GitHub issues for the next steps
- Added this document + checklist and report
## Questions and Topics for Discussion (Before Meeting)
Prepare 3-5 questions and topics you want to discuss with your mentor.
1. Anything we should add structure-wise?
2. Anything you would like us to prioritize until next week?
## Discussion Notes (During Meeting)
- start working on the report
- start coding the actual code
- write problems solved
- redo the system diagram - see the response as well
- create a meetings folder wih seperate meetings files
## Action Items for Next Week (During Meeting)
Last 3 minutes of the meeting, summarize action items.
- [ ] start coding the app logic
- [ ] start writing the report so it matches the actual progress
- [ ] redo the system diagram so it includes a response flow
---

41
7project/meetings/meeting-template.md
View File

@@ -1,41 +0,0 @@
# Weekly Meeting Notes
- Group X - Project Title
- Mentor: Mentor Name
Keep all meeting notes in the `meetings.md` file in your project folder.
Just copy the template below for each weekly meeting and fill in the details.
## Administrative Info
- Date: 2025-09-19
- Attendees: Name1, Name2, Name3
- Notetaker: Name1
## Progress Update (Before Meeting)
Summary of what has been accomplished since the last meeting in the following categories.
### Coding
### Documentation
## Questions and Topics for Discussion (Before Meeting)
Prepare 3-5 questions and topics you want to discuss with your mentor.
1. Question 1
2. Question 2
3. Question 3
## Discussion Notes (During Meeting)
## Action Items for Next Week (During Meeting)
Last 3 minutes of the meeting, summarize action items.
- [ ] Action Item 1
- [ ] Action Item 2
- [ ] Action Item 3
---

302
7project/report.md
View File

@@ -1,302 +0,0 @@
# Project Report
> **Instructions**:
> This template provides the structure for your project report.
> Replace the placeholder text with your actual content.
> Remove instructions that are not relevant for your project, but leave the headings along with a (NA) label.
## Project Overview
**Project Name**: [Your project name]
**Group Members**:
- Student number, Name, GitHub username
- Student number, Name, GitHub username
- Student number, Name, GitHub username
**Brief Description**:
[2-3 sentences describing what your application does and its main purpose]
## Architecture Overview
### High-Level Architecture
[Describe the overall system architecture. Consider including a diagram using mermaid or linking to an image]
```mermaid
graph TD
A[Component A] --> B[Component B]
B --> C[Component C]
```
### Components
- **Component 1**: [Description of what this component does]
- **Component 2**: [Description of what this component does]
- **Component 3**: [Description of what this component does]
### Technologies Used
- **Backend**: [e.g., Go, Node.js, Python]
- **Database**: [e.g., PostgreSQL, MongoDB, Redis]
- **Cloud Services**: [e.g., AWS EC2, Google Cloud Run, Azure Functions]
- **Container Orchestration**: [e.g., Docker, Kubernetes]
- **Other**: [List other significant technologies]
## Prerequisites
### System Requirements
- Operating System: [e.g., Linux, macOS, Windows]
- Minimum RAM: [e.g., 8GB]
- Storage: [e.g., 10GB free space]
### Required Software
- [Software 1] (version X.X or higher)
- [Software 2] (version X.X or higher)
- [etc.]
### Dependencies
```bash
# List key dependencies that need to be installed
# For example:
# Docker Engine 20.10+
# Node.js 18+
# Go 1.25+
```
## Build Instructions
### 1. Clone the Repository
```bash
git clone [your-repository-url]
cd [repository-name]
```
### 2. Install Dependencies
```bash
# Provide step-by-step commands
# For example:
# npm install
# go mod download
```
### 3. Build the Application
```bash
# Provide exact build commands
# For example:
# make build
# docker build -t myapp .
```
### 4. Configuration
```bash
# Any configuration steps needed
# Environment variables to set
# Configuration files to create
```
## Deployment Instructions
### Local Deployment
```bash
# Step-by-step commands for local deployment
# For example:
# docker-compose up -d
# kubectl apply -f manifests/
```
### Cloud Deployment
```bash
# Commands for cloud deployment
# Include any cloud-specific setup
```
### Verification
```bash
# Commands to verify deployment worked
# How to check if services are running
# Example health check endpoints
```
## Testing Instructions
### Unit Tests
```bash
# Commands to run unit tests
# For example:
# go test ./...
# npm test
```
### Integration Tests
```bash
# Commands to run integration tests
# Any setup required for integration tests
```
### End-to-End Tests
```bash
# Commands to run e2e tests
# How to set up test environment
```
## Usage Examples
### Basic Usage
```bash
# Examples of how to use the application
# Common commands or API calls
# Sample data or test scenarios
```
### Advanced Features
```bash
# Examples showcasing advanced functionality
```
---
## Presentation Video
**YouTube Link**: [Insert your YouTube link here]
**Duration**: [X minutes Y seconds]
**Video Includes**:
- [ ] Project overview and architecture
- [ ] Live demonstration of key features
- [ ] Code walkthrough
- [ ] Build and deployment showcase
## Troubleshooting
### Common Issues
#### Issue 1: [Common problem]
**Symptoms**: [What the user sees]
**Solution**: [Step-by-step fix]
#### Issue 2: [Another common problem]
**Symptoms**: [What the user sees]
**Solution**: [Step-by-step fix]
### Debug Commands
```bash
# Useful commands for debugging
# Log viewing commands
# Service status checks
```
---
## Self-Assessment Table
> Be honest and detailed in your assessments.
> This information is used for individual grading.
> Link to the specific commit on GitHub for each contribution.
| Task/Component | Assigned To | Status | Time Spent | Difficulty | Notes |
| ------------------------------------------------------------------- | ----------- | ------------- | ---------- | ---------- | ----------- |
| Project Setup & Repository | [Name] | ✅ Complete | [X hours] | Medium | [Any notes] |
| [Design Document](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Easy | [Any notes] |
| [Backend API Development](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Hard | [Any notes] |
| [Database Setup & Models](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Medium | [Any notes] |
| [Frontend Development](https://github.com/dat515-2025/group-name) | [Name] | 🔄 In Progress | [X hours] | Medium | [Any notes] |
| [Docker Configuration](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Easy | [Any notes] |
| [Cloud Deployment](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Hard | [Any notes] |
| [Testing Implementation](https://github.com/dat515-2025/group-name) | [Name] | ⏳ Pending | [X hours] | Medium | [Any notes] |
| [Documentation](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Easy | [Any notes] |
| [Presentation Video](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Medium | [Any notes] |
**Legend**: ✅ Complete | 🔄 In Progress | ⏳ Pending | ❌ Not Started
## Hour Sheet
> Link to the specific commit on GitHub for each contribution.
### [Team Member 1 Name]
| Date | Activity | Hours | Description |
| --------- | ------------------- | ---------- | ----------------------------------- |
| [Date] | Initial Setup | [X.X] | Repository setup, project structure |
| [Date] | Backend Development | [X.X] | Implemented user authentication |
| [Date] | Testing | [X.X] | Unit tests for API endpoints |
| [Date] | Documentation | [X.X] | Updated README and design doc |
| **Total** | | **[XX.X]** | |
### [Team Member 2 Name]
| Date | Activity | Hours | Description |
| --------- | -------------------- | ---------- | ----------------------------------------- |
| [Date] | Frontend Development | [X.X] | Created user interface mockups |
| [Date] | Integration | [X.X] | Connected frontend to backend API |
| [Date] | Deployment | [X.X] | Docker configuration and cloud deployment |
| [Date] | Testing | [X.X] | End-to-end testing |
| **Total** | | **[XX.X]** | |
### [Team Member 3 Name] (if applicable)
| Date | Activity | Hours | Description |
| --------- | ------------------------ | ---------- | -------------------------------- |
| [Date] | Database Design | [X.X] | Schema design and implementation |
| [Date] | Cloud Configuration | [X.X] | AWS/GCP setup and configuration |
| [Date] | Performance Optimization | [X.X] | Caching and query optimization |
| [Date] | Monitoring | [X.X] | Logging and monitoring setup |
| **Total** | | **[XX.X]** | |
### Group Total: [XXX.X] hours
---
## Final Reflection
### What We Learned
[Reflect on the key technical and collaboration skills learned during this project]
### Challenges Faced
[Describe the main challenges and how you overcame them]
### If We Did This Again
[What would you do differently? What worked well that you'd keep?]
### Individual Growth
#### [Team Member 1 Name]
[Personal reflection on growth, challenges, and learning]
#### [Team Member 2 Name]
[Personal reflection on growth, challenges, and learning]
#### [Team Member 3 Name] (if applicable)
[Personal reflection on growth, challenges, and learning]
---
**Report Completion Date**: [Date]
**Last Updated**: [Date]

42
7project/tofu/modules/maxscale/charts/maxscale-helm/templates/backup.yaml
View File

@@ -1,42 +0,0 @@
{{- if .Values.s3.enabled }}
apiVersion: k8s.mariadb.com/v1alpha1
kind: Backup
metadata:
name: backup
namespace: mariadb-operator
spec:
mariaDbRef:
name: mariadb-repl
namespace: mariadb-operator
schedule:
cron: "0 */3 * * *"
suspend: false
timeZone: "Europe/Prague"
maxRetention: 720h # 30 days
compression: bzip2
storage:
s3:
bucket: {{ .Values.s3.bucket | quote }}
endpoint: {{ .Values.s3.endpoint | quote }}
accessKeyIdSecretKeyRef:
name: s3-credentials
key: key_id
secretAccessKeySecretKeyRef:
name: s3-credentials
key: secret_key
region: {{ .Values.s3.region | quote }}
tls:
enabled: true
# Define a PVC to use as staging area for keeping the backups while they are being processed.
stagingStorage:
persistentVolumeClaim:
resources:
requests:
storage: 10Gi
accessModes:
- ReadWriteOnce
args:
- --single-transaction
- --all-databases
logLevel: info
{{- end }}

11
7project/tofu/modules/maxscale/charts/maxscale-helm/templates/garage.yaml
View File

@@ -1,11 +0,0 @@
{{- if .Values.s3.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: s3-credentials
namespace: mariadb-operator
type: Opaque
stringData:
key_id: "{{ .Values.s3.key_id }}"
secret_key: "{{ .Values.s3.key_secret }}"
{{- end }}

82
7project/tofu/modules/maxscale/main.tf
View File

@@ -1,82 +0,0 @@
terraform {
required_providers {
kubectl = {
source = "gavinbunney/kubectl"
version = "1.19.0"
}
helm = {
source = "hashicorp/helm"
version = "3.0.2"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.38.0"
}
}
}
resource "kubernetes_namespace" "mariadb-operator" {
metadata {
name = "mariadb-operator"
}
}
locals {
mariadb_secret_yaml = templatefile("${path.module}/mariadb-secret.yaml", {
password = var.mariadb_password
user_password = var.mariadb_user_password
root_password = var.mariadb_root_password
})
}
resource "kubectl_manifest" "secrets" {
yaml_body = local.mariadb_secret_yaml
depends_on = [kubernetes_namespace.mariadb-operator]
}
resource "helm_release" "mariadb-operator-crds" {
name = "mariadb-operator-crds"
repository = "https://helm.mariadb.com/mariadb-operator"
chart = "mariadb-operator-crds"
namespace = "mariadb-operator"
version = "25.8.4"
depends_on = [kubectl_manifest.secrets]
timeout = 3600
}
resource "helm_release" "mariadb-operator" {
name = "mariadb-operator"
repository = "https://helm.mariadb.com/mariadb-operator"
chart = "mariadb-operator"
depends_on = [helm_release.mariadb-operator-crds, kubectl_manifest.secrets]
namespace = "mariadb-operator"
version = "25.8.3"
timeout = 3600
}
resource "helm_release" "maxscale_helm" {
name = "maxscale-helm"
chart = "${path.module}/charts/maxscale-helm"
version = "1.0.14"
depends_on = [helm_release.mariadb-operator-crds, kubectl_manifest.secrets]
timeout = 3600
set = [
{ name = "user.name", value = var.mariadb_user_name },
{ name = "user.host", value = var.mariadb_user_host },
{ name = "metallb.maxscale_ip", value = var.maxscale_ip },
{ name = "metallb.service_ip", value = var.service_ip },
{ name = "metallb.primary_ip", value = var.primary_ip },
{ name = "metallb.secondary_ip", value = var.secondary_ip },
{ name = "phpmyadmin.enabled", value = tostring(var.phpmyadmin_enabled) },
{ name = "base_domain", value = var.cloudflare_domain },
{ name = "s3.key_id", value = var.s3_key_id },
{ name = "s3.key_secret", value = var.s3_key_secret },
{ name = "s3.enabled", value = var.s3_enabled },
{ name = "s3.endpoint", value = var.s3_endpoint },
{ name = "s3.region", value = var.s3_region },
{ name = "s3.bucket", value = var.s3_bucket },
]
}

33
7project/tofu/modules/metrics-server/main.tf
View File

@@ -1,33 +0,0 @@
terraform {
required_providers {
kubectl = {
source = "gavinbunney/kubectl"
version = "1.19.0"
}
helm = {
source = "hashicorp/helm"
version = "3.0.2"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.38.0"
}
}
}
# Deploy metrics-server via Helm into kube-system namespace
resource "helm_release" "metrics_server" {
name = "metrics-server"
repository = "https://kubernetes-sigs.github.io/metrics-server/"
chart = "metrics-server"
namespace = "kube-system"
wait = true
timeout = 600
recreate_pods = false
force_update = false
values = [
file("${path.module}/values.yaml")
]
}

15
7project/tofu/modules/metrics-server/values.yaml
View File

@@ -1,15 +0,0 @@
# Values overriding defaults for metrics-server Helm chart
# Fix TLS and address selection issues when scraping kubelets (common on Talos)
args:
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP
- --kubelet-use-node-status-port=true
# Using hostNetwork often helps in restricted CNI/DNS environments
#hostNetwork: true
# Required when hostNetwork is true so DNS works as expected
#dnsPolicy: ClusterFirstWithHostNet
# Enable metrics API service monitor if Prometheus Operator is present (optional)
# serviceMonitor:
# enabled: true

14
7project/tofu/modules/prometheus/grafana-ui.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: networking.cfargotunnel.com/v1alpha1
kind: TunnelBinding
metadata:
name: grafana-tunnel-binding
namespace: monitoring
subjects:
- name: grafana
spec:
target: http://kube-prometheus-stack-grafana.monitoring.svc.cluster.local
fqdn: grafana.${base_domain}
noTlsVerify: true
tunnelRef:
kind: ClusterTunnel
name: cluster-tunnel

66
7project/tofu/modules/prometheus/main.tf
View File

@@ -1,66 +0,0 @@
terraform {
required_providers {
kubectl = {
source = "gavinbunney/kubectl"
version = "1.19.0"
}
helm = {
source = "hashicorp/helm"
version = "3.0.2"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.38.0"
}
kustomization = {
source = "kbst/kustomization"
version = "0.9.6"
}
time = {
source = "hashicorp/time"
version = "0.13.1"
}
}
}
# Create namespace for monitoring
resource "kubernetes_namespace" "monitoring" {
metadata {
name = "monitoring"
labels = {
"pod-security.kubernetes.io/enforce" = "privileged"
}
}
}
# Deploy kube-prometheus-stack
resource "helm_release" "kube_prometheus_stack" {
name = "kube-prometheus-stack"
repository = "https://prometheus-community.github.io/helm-charts"
chart = "kube-prometheus-stack"
namespace = kubernetes_namespace.monitoring.metadata[0].name
version = "67.2.1" # Check for latest version
# Wait for CRDs to be created
wait = true
timeout = 600
force_update = false
recreate_pods = false
# Reference the values file
values = [
file("${path.module}/values.yaml")
]
depends_on = [
kubernetes_namespace.monitoring
]
}
resource "kubectl_manifest" "argocd-tunnel-bind" {
depends_on = [helm_release.kube_prometheus_stack]
yaml_body = templatefile("${path.module}/grafana-ui.yaml", {
base_domain = var.cloudflare_domain
})
}

189
7project/tofu/modules/prometheus/values.yaml
View File

@@ -1,189 +0,0 @@
# Prometheus configuration
prometheus:
prometheusSpec:
retention: 30d
retentionSize: "45GB"
# Storage configuration
storageSpec:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
# storageClassName: "your-storage-class" # Uncomment and specify if needed
# Resource limits
resources:
requests:
cpu: 500m
memory: 2Gi
limits:
cpu: 2000m
memory: 4Gi
# Scrape interval
scrapeInterval: 30s
evaluationInterval: 30s
# Service configuration
service:
type: ClusterIP
port: 9090
# Ingress (disabled by default)
ingress:
enabled: false
# ingressClassName: nginx
# hosts:
# - prometheus.example.com
# tls:
# - secretName: prometheus-tls
# hosts:
# - prometheus.example.com
# Grafana configuration
grafana:
enabled: true
# Admin credentials
adminPassword: "admin" # CHANGE THIS IN PRODUCTION!
# Persistence
persistence:
enabled: true
size: 10Gi
# storageClassName: "your-storage-class" # Uncomment and specify if needed
# Resource limits
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
# Service configuration
service:
type: ClusterIP
port: 80
# Ingress (disabled by default)
ingress:
enabled: false
# ingressClassName: nginx
# hosts:
# - grafana.example.com
# tls:
# - secretName: grafana-tls
# hosts:
# - grafana.example.com
# Default dashboards
defaultDashboardsEnabled: true
defaultDashboardsTimezone: Europe/Prague
# Alertmanager configuration
alertmanager:
enabled: true
alertmanagerSpec:
# Storage configuration
storage:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
# storageClassName: "your-storage-class" # Uncomment and specify if needed
# Resource limits
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 256Mi
# Service configuration
service:
type: ClusterIP
port: 9093
# Ingress (disabled by default)
ingress:
enabled: false
# ingressClassName: nginx
# hosts:
# - alertmanager.example.com
# tls:
# - secretName: alertmanager-tls
# hosts:
# - alertmanager.example.com
# Alertmanager configuration
config:
global:
resolve_timeout: 5m
route:
group_by: [ 'alertname', 'cluster', 'service' ]
group_wait: 10s
group_interval: 10s
repeat_interval: 12h
receiver: 'null'
routes:
- match:
alertname: Watchdog
receiver: 'null'
receivers:
- name: 'null'
# Add your receivers here (email, slack, pagerduty, etc.)
# - name: 'slack'
# slack_configs:
# - api_url: 'YOUR_SLACK_WEBHOOK_URL'
# channel: '#alerts'
# title: '{{ range .Alerts }}{{ .Annotations.summary }}\n{{ end }}'
# text: '{{ range .Alerts }}{{ .Annotations.description }}\n{{ end }}'
# Node Exporter
nodeExporter:
enabled: true
# Kube State Metrics
kubeStateMetrics:
enabled: true
# Prometheus Operator
prometheusOperator:
enabled: true
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 256Mi
# Service Monitors
# Automatically discover and monitor services with appropriate labels
prometheus-node-exporter:
prometheus:
monitor:
enabled: true
# Additional ServiceMonitors can be defined here
# additionalServiceMonitors: []
# Global settings
global:
rbac:
create: true

5
7project/tofu/modules/prometheus/variables.tf
View File

@@ -1,5 +0,0 @@
variable "cloudflare_domain" {
type = string
default = "Base cloudflare domain, e.g. example.com"
nullable = false
}

91
7project/tofu/modules/rabbitmq/main.tf
View File

@@ -1,91 +0,0 @@
terraform {
required_providers {
kubectl = {
source = "gavinbunney/kubectl"
version = "1.19.0"
}
helm = {
source = "hashicorp/helm"
version = "3.0.2" # Doporučuji použít novější verzi providera
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.38.0" # Doporučuji použít novější verzi providera
}
# Ostatní provideři mohou zůstat
}
}
resource "kubernetes_namespace" "rabbitmq_namespace" {
metadata {
name = "rabbitmq-system"
}
}
resource "helm_release" "rabbitmq_operator" {
name = "rabbitmq-cluster-operator"
repository = "oci://registry-1.docker.io/bitnamicharts"
chart = "rabbitmq-cluster-operator"
version = "4.4.34"
namespace = "rabbitmq-system"
# Zde můžete přepsat výchozí hodnoty chartu, pokud by bylo potřeba
# Například sledovat jen určité namespace, nastavit tolerations atd.
# Pro základní instalaci není potřeba nic měnit.
# values = [
# templatefile("${path.module}/values/operator-values.yaml", {})
# ]
set = [
{
name = "rabbitmqImage.repository"
value = "bitnamilegacy/rabbitmq"
},
{
name = "clusterOperator.image.repository"
value = "bitnamilegacy/rabbitmq-cluster-operator"
},
{
name = "msgTopologyOperator.image.repository"
value = "bitnamilegacy/rmq-messaging-topology-operator"
},
{
name = "credentialUpdaterImage.repository"
value = "bitnamilegacy/rmq-default-credential-updater"
},
{
name = "clusterOperator.metrics.service.enabled"
value = "true"
},
{
name = "clusterOperator.metrics.service.enabled"
value = "true"
}
]
depends_on = [kubernetes_namespace.rabbitmq_namespace]
}
resource "kubectl_manifest" "rabbitmq_cluster" {
yaml_body = templatefile("${path.module}/rabbit-cluster.yaml", {
replicas = var.rabbitmq_replicas
password = var.rabbitmq-password
})
depends_on = [
helm_release.rabbitmq_operator
]
}
resource "kubectl_manifest" "rabbit_ui" {
yaml_body = templatefile("${path.module}/rabbit-ui.yaml", {
base_domain = var.base_domain
})
depends_on = [
kubectl_manifest.rabbitmq_cluster
]
}

5
7project/tofu/modules/rabbitmq/rabbit-cluster.yaml
View File

@@ -1,5 +0,0 @@
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: 'rabbitmq-cluster'
namespace: "rabbitmq-system"

0
7project/README.md → README.md
View File

3
7project/backend/Dockerfile → backend/Dockerfile
View File

@@ -1,8 +1,7 @@
FROM python:3.11-slim FROM python:3.11-slim
WORKDIR /app WORKDIR /app
COPY requirements.txt . COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt RUN pip install --no-cache-dir -r requirements.txt
COPY . . COPY . .
EXPOSE 8000 EXPOSE 8000
CMD alembic upgrade head && uvicorn app.app:fastApi --host 0.0.0.0 --port 8000 CMD alembic upgrade head && uvicorn app.app:app --host 0.0.0.0 --port 8000

2
7project/backend/alembic.ini → backend/alembic.ini
View File

@@ -11,7 +11,7 @@ script_location = %(here)s/alembic
# Uncomment the line below if you want the files to be prepended with date and time # Uncomment the line below if you want the files to be prepended with date and time
# see https://alembic.sqlalchemy.org/en/latest/tutorial.html#editing-the-ini-file # see https://alembic.sqlalchemy.org/en/latest/tutorial.html#editing-the-ini-file
# for all available tokens # for all available tokens
file_template = %%(year)d_%%(month).2d_%%(day).2d_%%(hour).2d%%(minute).2d-%%(rev)s_%%(slug)s # file_template = %%(year)d_%%(month).2d_%%(day).2d_%%(hour).2d%%(minute).2d-%%(rev)s_%%(slug)s
# sys.path path, will be prepended to sys.path if present. # sys.path path, will be prepended to sys.path if present.
# defaults to the current working directory. for multiple paths, the path separator # defaults to the current working directory. for multiple paths, the path separator

5
7project/backend/alembic/env.py → backend/alembic/env.py
View File

@@ -23,10 +23,9 @@ if not DATABASE_URL:
mariadb_password = os.getenv("MARIADB_PASSWORD", "strongpassword") mariadb_password = os.getenv("MARIADB_PASSWORD", "strongpassword")
DATABASE_URL = f"mysql+pymysql://{mariadb_user}:{mariadb_password}@{mariadb_host}:{mariadb_port}/{mariadb_db}" DATABASE_URL = f"mysql+pymysql://{mariadb_user}:{mariadb_password}@{mariadb_host}:{mariadb_port}/{mariadb_db}"
# Use synchronous driver for Alembic migrations
SYNC_DATABASE_URL = DATABASE_URL.replace("+asyncmy", "+pymysql") SYNC_DATABASE_URL = DATABASE_URL.replace("+asyncmy", "+pymysql")
ssl_enabled = os.getenv("MARIADB_HOST", "localhost") != "localhost"
connect_args = {"ssl": {"ssl": True}} if ssl_enabled else {}
def run_migrations_offline() -> None: def run_migrations_offline() -> None:
context.configure( context.configure(
@@ -40,7 +39,7 @@ def run_migrations_offline() -> None:
def run_migrations_online() -> None: def run_migrations_online() -> None:
connectable = create_engine(SYNC_DATABASE_URL, poolclass=pool.NullPool, connect_args=connect_args) connectable = create_engine(SYNC_DATABASE_URL, poolclass=pool.NullPool)
with connectable.connect() as connection: with connectable.connect() as connection:
context.configure( context.configure(
connection=connection, connection=connection,

0
7project/backend/alembic/script.py.mako → backend/alembic/script.py.mako
View File

41
7project/backend/alembic/versions/2025_10_09_1456-63e072f09836_add_categories.py → backend/alembic/versions/81f275275556_init_migration.py
View File

@@ -1,8 +1,8 @@
"""add categories """Init migration
Revision ID: 63e072f09836 Revision ID: 81f275275556
Revises: Revises:
Create Date: 2025-10-09 14:56:14.653249 Create Date: 2025-09-24 17:39:25.346690
""" """
from typing import Sequence, Union from typing import Sequence, Union
@@ -13,7 +13,7 @@ import sqlalchemy as sa
# revision identifiers, used by Alembic. # revision identifiers, used by Alembic.
revision: str = '63e072f09836' revision: str = '81f275275556'
down_revision: Union[str, Sequence[str], None] = None down_revision: Union[str, Sequence[str], None] = None
branch_labels: Union[str, Sequence[str], None] = None branch_labels: Union[str, Sequence[str], None] = None
depends_on: Union[str, Sequence[str], None] = None depends_on: Union[str, Sequence[str], None] = None
@@ -22,6 +22,12 @@ depends_on: Union[str, Sequence[str], None] = None
def upgrade() -> None: def upgrade() -> None:
"""Upgrade schema.""" """Upgrade schema."""
# ### commands auto generated by Alembic - please adjust! ### # ### commands auto generated by Alembic - please adjust! ###
op.create_table('transaction',
sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
sa.Column('amount', sa.Float(), nullable=False),
sa.Column('description', sa.String(length=255), nullable=True),
sa.PrimaryKeyConstraint('id')
)
op.create_table('user', op.create_table('user',
sa.Column('first_name', sa.String(length=100), nullable=True), sa.Column('first_name', sa.String(length=100), nullable=True),
sa.Column('last_name', sa.String(length=100), nullable=True), sa.Column('last_name', sa.String(length=100), nullable=True),
@@ -34,38 +40,13 @@ def upgrade() -> None:
sa.PrimaryKeyConstraint('id') sa.PrimaryKeyConstraint('id')
) )
op.create_index(op.f('ix_user_email'), 'user', ['email'], unique=True) op.create_index(op.f('ix_user_email'), 'user', ['email'], unique=True)
op.create_table('categories',
sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
sa.Column('name', sa.String(length=100), nullable=False),
sa.Column('description', sa.String(length=255), nullable=True),
sa.Column('user_id', fastapi_users_db_sqlalchemy.generics.GUID(), nullable=False),
sa.ForeignKeyConstraint(['user_id'], ['user.id'], ),
sa.PrimaryKeyConstraint('id'),
sa.UniqueConstraint('name')
)
op.create_table('transaction',
sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
sa.Column('amount', sa.Float(), nullable=False),
sa.Column('description', sa.String(length=255), nullable=True),
sa.Column('user_id', fastapi_users_db_sqlalchemy.generics.GUID(), nullable=False),
sa.ForeignKeyConstraint(['user_id'], ['user.id'], ),
sa.PrimaryKeyConstraint('id')
)
op.create_table('category_transaction',
sa.Column('id_category', sa.Integer(), nullable=True),
sa.Column('id_transaction', sa.Integer(), nullable=True),
sa.ForeignKeyConstraint(['id_category'], ['categories.id'], ),
sa.ForeignKeyConstraint(['id_transaction'], ['transaction.id'], )
)
# ### end Alembic commands ### # ### end Alembic commands ###
def downgrade() -> None: def downgrade() -> None:
"""Downgrade schema.""" """Downgrade schema."""
# ### commands auto generated by Alembic - please adjust! ### # ### commands auto generated by Alembic - please adjust! ###
op.drop_table('category_transaction')
op.drop_table('transaction')
op.drop_table('categories')
op.drop_index(op.f('ix_user_email'), table_name='user') op.drop_index(op.f('ix_user_email'), table_name='user')
op.drop_table('user') op.drop_table('user')
op.drop_table('transaction')
# ### end Alembic commands ### # ### end Alembic commands ###

0
7project/backend/app/__init__.py → backend/app/__init__.py
View File

0
7project/backend/app/api/.keep → backend/app/api/.keep
View File

0
7project/backend/app/api/__init__.py → backend/app/api/__init__.py
View File

56
backend/app/app.py Normal file
View File

@@ -0,0 +1,56 @@
from fastapi import Depends, FastAPI
from fastapi.middleware.cors import CORSMiddleware
from app.models.user import User
from app.schemas.user import UserCreate, UserRead, UserUpdate
from app.services.user_service import auth_backend, current_active_verified_user, fastapi_users
app = FastAPI()
# CORS for frontend dev server
app.add_middleware(
CORSMiddleware,
allow_origins=[
"http://localhost:5173",
"http://127.0.0.1:5173",
],
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
app.include_router(
fastapi_users.get_auth_router(auth_backend), prefix="/auth/jwt", tags=["auth"]
)
app.include_router(
fastapi_users.get_register_router(UserRead, UserCreate),
prefix="/auth",
tags=["auth"],
)
app.include_router(
fastapi_users.get_reset_password_router(),
prefix="/auth",
tags=["auth"],
)
app.include_router(
fastapi_users.get_verify_router(UserRead),
prefix="/auth",
tags=["auth"],
)
app.include_router(
fastapi_users.get_users_router(UserRead, UserUpdate),
prefix="/users",
tags=["users"],
)
# Liveness/root endpoint
@app.get("/", include_in_schema=False)
async def root():
return {"status": "ok"}
@app.get("/authenticated-route")
async def authenticated_route(user: User = Depends(current_active_verified_user)):
return {"message": f"Hello {user.email}!"}

0
7project/backend/app/core/__init__.py → backend/app/core/__init__.py
View File

0
7project/backend/app/core/base.py → backend/app/core/base.py
View File

2
7project/backend/app/core/db.py → backend/app/core/db.py
View File

@@ -15,9 +15,9 @@ if not DATABASE_URL:
raise Exception("Only MariaDB is supported. Please set the DATABASE_URL environment variable.") raise Exception("Only MariaDB is supported. Please set the DATABASE_URL environment variable.")
# Load all models to register them # Load all models to register them
from app.models.user import User from app.models.user import User
from app.models.transaction import Transaction from app.models.transaction import Transaction
from app.models.categories import Category
ssl_enabled = os.getenv("MARIADB_HOST", "localhost") != "localhost" ssl_enabled = os.getenv("MARIADB_HOST", "localhost") != "localhost"
connect_args = {"ssl": {"ssl": True}} if ssl_enabled else {} connect_args = {"ssl": {"ssl": True}} if ssl_enabled else {}

35
backend/app/core/queue.py Normal file
View File

@@ -0,0 +1,35 @@
import json
import os
from typing import Any, Dict
import asyncio
RABBITMQ_URL = os.getenv("RABBITMQ_URL") or (
f"amqp://{os.getenv('RABBITMQ_USERNAME', 'user')}:"
f"{os.getenv('RABBITMQ_PASSWORD', 'bitnami123')}@"
f"{os.getenv('RABBITMQ_HOST', 'localhost')}:"
f"{os.getenv('RABBITMQ_PORT', '5672')}"
)
QUEUE_NAME = os.getenv("MAIL_QUEUE", "mail_queue")
async def _publish_async(message: Dict[str, Any]) -> None:
import aio_pika
connection = await aio_pika.connect_robust(RABBITMQ_URL)
try:
channel = await connection.channel()
await channel.declare_queue(QUEUE_NAME, durable=True)
body = json.dumps(message).encode("utf-8")
await channel.default_exchange.publish(
aio_pika.Message(body=body, delivery_mode=aio_pika.DeliveryMode.PERSISTENT),
routing_key=QUEUE_NAME,
)
finally:
await connection.close()
def enqueue_email(to: str, subject: str, body: str) -> None:
message = {"type": "email", "to": to, "subject": subject, "body": body}
try:
loop = asyncio.get_running_loop()
loop.create_task(_publish_async(message))
except RuntimeError:
asyncio.run(_publish_async(message))

0
7project/backend/app/models/__init__.py → backend/app/models/__init__.py
View File

9
backend/app/models/transaction.py Normal file
View File

@@ -0,0 +1,9 @@
from sqlalchemy import Column, Integer, String, Float
from app.core.base import Base
class Transaction(Base):
__tablename__ = "transaction"
id = Column(Integer, primary_key=True, autoincrement=True)
amount = Column(Float, nullable=False)
description = Column(String(length=255), nullable=True)

7
backend/app/models/user.py Normal file
View File

@@ -0,0 +1,7 @@
from sqlalchemy import Column, String
from fastapi_users.db import SQLAlchemyBaseUserTableUUID
from app.core.base import Base
class User(SQLAlchemyBaseUserTableUUID, Base):
first_name = Column(String(length=100), nullable=True)
last_name = Column(String(length=100), nullable=True)

0
7project/backend/app/oauth/__init__.py → backend/app/schemas/__init__.py
View File

6
7project/backend/app/schemas/user.py → backend/app/schemas/user.py
View File

@@ -4,13 +4,13 @@ from fastapi_users import schemas
class UserRead(schemas.BaseUser[uuid.UUID]): class UserRead(schemas.BaseUser[uuid.UUID]):
first_name: Optional[str] = None first_name: Optional[str] = None
last_name: Optional[str] = None surname: Optional[str] = None
class UserCreate(schemas.BaseUserCreate): class UserCreate(schemas.BaseUserCreate):
first_name: Optional[str] = None first_name: Optional[str] = None
last_name: Optional[str] = None surname: Optional[str] = None
class UserUpdate(schemas.BaseUserUpdate): class UserUpdate(schemas.BaseUserUpdate):
first_name: Optional[str] = None first_name: Optional[str] = None
last_name: Optional[str] = None surname: Optional[str] = None

0
7project/backend/app/schemas/__init__.py → backend/app/services/__init__.py
View File

6
7project/backend/app/services/db.py → backend/app/services/db.py
View File

@@ -4,13 +4,11 @@ from sqlalchemy.ext.asyncio import AsyncSession
from fastapi_users.db import SQLAlchemyUserDatabase from fastapi_users.db import SQLAlchemyUserDatabase
from ..core.db import async_session_maker from ..core.db import async_session_maker
from ..models.user import User, OAuthAccount from ..models.user import User
async def get_async_session() -> AsyncGenerator[AsyncSession, None]: async def get_async_session() -> AsyncGenerator[AsyncSession, None]:
async with async_session_maker() as session: async with async_session_maker() as session:
yield session yield session
async def get_user_db(session: AsyncSession = Depends(get_async_session)): async def get_user_db(session: AsyncSession = Depends(get_async_session)):
yield SQLAlchemyUserDatabase(session, User, OAuthAccount) yield SQLAlchemyUserDatabase(session, User)

51
7project/backend/app/services/user_service.py → backend/app/services/user_service.py
View File

@@ -3,66 +3,26 @@ import uuid
from typing import Optional from typing import Optional
from fastapi import Depends, Request from fastapi import Depends, Request
from fastapi_users import BaseUserManager, FastAPIUsers, UUIDIDMixin, models from fastapi_users import BaseUserManager, FastAPIUsers, UUIDIDMixin
from fastapi_users.authentication import ( from fastapi_users.authentication import (
AuthenticationBackend, AuthenticationBackend,
BearerTransport, BearerTransport,
JWTStrategy,
) )
from fastapi_users.authentication.strategy.jwt import JWTStrategy
from fastapi_users.db import SQLAlchemyUserDatabase from fastapi_users.db import SQLAlchemyUserDatabase
from httpx_oauth.oauth2 import BaseOAuth2
from app.models.user import User from app.models.user import User
from app.oauth.bank_id import BankID
from app.oauth.custom_openid import CustomOpenID
from app.oauth.moje_id import MojeIDOAuth
from app.services.db import get_user_db from app.services.db import get_user_db
from app.core.queue import enqueue_email from app.core.queue import enqueue_email
SECRET = os.getenv("SECRET", "CHANGE_ME_SECRET") SECRET = os.getenv("SECRET", "CHANGE_ME_SECRET")
FRONTEND_URL = os.getenv("FRONTEND_URL", "http://localhost:5173") FRONTEND_URL = os.getenv("FRONTEND_URL", "http://localhost:5173")
BACKEND_URL = os.getenv("BACKEND_URL", "http://localhost:8000") BACKEND_URL = os.getenv("BACKEND_URL", "http://localhost:8000")
providers = {
"MojeID": MojeIDOAuth(
os.getenv("MOJEID_CLIENT_ID", "CHANGE_ME_CLIENT_ID"),
os.getenv("MOJEID_CLIENT_SECRET", "CHANGE_ME_CLIENT_SECRET"),
),
"BankID": BankID(
os.getenv("BANKID_CLIENT_ID", "CHANGE_ME_CLIENT_ID"),
os.getenv("BANKID_CLIENT_SECRET", "CHANGE_ME_CLIENT_SECRET"),
)
}
def get_oauth_provider(name: str) -> Optional[BaseOAuth2]:
if name not in providers:
return None
return providers[name]
class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]): class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
reset_password_token_secret = SECRET reset_password_token_secret = SECRET
verification_token_secret = SECRET verification_token_secret = SECRET
async def oauth_callback(self: "BaseUserManager[models.UOAP, models.ID]", oauth_name: str, access_token: str,
account_id: str, account_email: str, expires_at: Optional[int] = None,
refresh_token: Optional[str] = None, request: Optional[Request] = None, *,
associate_by_email: bool = False, is_verified_by_default: bool = False) -> models.UOAP:
user = await super().oauth_callback(oauth_name, access_token, account_id, account_email, expires_at,
refresh_token, request, associate_by_email=associate_by_email,
is_verified_by_default=is_verified_by_default)
# set additional user info from the OAuth provider
provider = get_oauth_provider(oauth_name)
if provider is not None and isinstance(provider, CustomOpenID):
update_dict = await provider.get_user_info(access_token)
await self.user_db.update(user, update_dict)
return user
async def on_after_register(self, user: User, request: Optional[Request] = None): async def on_after_register(self, user: User, request: Optional[Request] = None):
await self.request_verify(user, request) await self.request_verify(user, request)
@@ -87,23 +47,19 @@ class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
) )
try: try:
enqueue_email(to=user.email, subject=subject, body=body) enqueue_email(to=user.email, subject=subject, body=body)
except Exception as e: except Exception:
print("[Email Fallback] To:", user.email) print("[Email Fallback] To:", user.email)
print("[Email Fallback] Subject:", subject) print("[Email Fallback] Subject:", subject)
print("[Email Fallback] Body:\n", body) print("[Email Fallback] Body:\n", body)
async def get_user_manager(user_db: SQLAlchemyUserDatabase = Depends(get_user_db)): async def get_user_manager(user_db: SQLAlchemyUserDatabase = Depends(get_user_db)):
yield UserManager(user_db) yield UserManager(user_db)
bearer_transport = BearerTransport(tokenUrl="auth/jwt/login") bearer_transport = BearerTransport(tokenUrl="auth/jwt/login")
def get_jwt_strategy() -> JWTStrategy: def get_jwt_strategy() -> JWTStrategy:
return JWTStrategy(secret=SECRET, lifetime_seconds=3600) return JWTStrategy(secret=SECRET, lifetime_seconds=3600)
auth_backend = AuthenticationBackend( auth_backend = AuthenticationBackend(
name="jwt", name="jwt",
transport=bearer_transport, transport=bearer_transport,
@@ -114,3 +70,4 @@ fastapi_users = FastAPIUsers[User, uuid.UUID](get_user_manager, [auth_backend])
current_active_user = fastapi_users.current_user(active=True) current_active_user = fastapi_users.current_user(active=True)
current_active_verified_user = fastapi_users.current_user(active=True, verified=True) current_active_verified_user = fastapi_users.current_user(active=True, verified=True)

0
7project/backend/app/services/__init__.py → backend/app/workers/__init__.py
View File

0
7project/backend/main.py → backend/main.py
View File

18
7project/backend/requirements.txt → backend/requirements.txt
View File

@@ -2,21 +2,14 @@ aio-pika==9.5.6
aiormq==6.8.1 aiormq==6.8.1
aiosqlite==0.21.0 aiosqlite==0.21.0
alembic==1.16.5 alembic==1.16.5
amqp==5.3.1
annotated-types==0.7.0 annotated-types==0.7.0
anyio==4.11.0 anyio==4.11.0
argon2-cffi==23.1.0 argon2-cffi==23.1.0
argon2-cffi-bindings==25.1.0 argon2-cffi-bindings==25.1.0
asyncmy==0.2.9 asyncmy==0.2.9
bcrypt==4.3.0 bcrypt==4.3.0
billiard==4.2.2
celery==5.5.3
certifi==2025.10.5
cffi==2.0.0 cffi==2.0.0
click==8.1.8 click==8.1.8
click-didyoumean==0.3.1
click-plugins==1.1.1.2
click-repl==0.3.0
cryptography==46.0.1 cryptography==46.0.1
dnspython==2.7.0 dnspython==2.7.0
email_validator==2.2.0 email_validator==2.2.0
@@ -26,19 +19,13 @@ fastapi-users==14.0.1
fastapi-users-db-sqlalchemy==7.0.0 fastapi-users-db-sqlalchemy==7.0.0
greenlet==3.2.4 greenlet==3.2.4
h11==0.16.0 h11==0.16.0
httpcore==1.0.9
httptools==0.6.4 httptools==0.6.4
httpx==0.28.1
httpx-oauth==0.16.1
idna==3.10 idna==3.10
kombu==5.5.4
makefun==1.16.0 makefun==1.16.0
Mako==1.3.10 Mako==1.3.10
MarkupSafe==3.0.2 MarkupSafe==3.0.2
multidict==6.6.4 multidict==6.6.4
packaging==25.0
pamqp==3.3.0 pamqp==3.3.0
prompt_toolkit==3.0.52
propcache==0.3.2 propcache==0.3.2
pwdlib==0.2.1 pwdlib==0.2.1
pycparser==2.23 pycparser==2.23
@@ -46,22 +33,17 @@ pydantic==2.11.9
pydantic_core==2.33.2 pydantic_core==2.33.2
PyJWT==2.10.1 PyJWT==2.10.1
PyMySQL==1.1.2 PyMySQL==1.1.2
python-dateutil==2.9.0.post0
python-dotenv==1.1.1 python-dotenv==1.1.1
python-multipart==0.0.20 python-multipart==0.0.20
PyYAML==6.0.2 PyYAML==6.0.2
six==1.17.0
sniffio==1.3.1 sniffio==1.3.1
SQLAlchemy==2.0.43 SQLAlchemy==2.0.43
starlette==0.48.0 starlette==0.48.0
tomli==2.2.1 tomli==2.2.1
typing-inspection==0.4.1 typing-inspection==0.4.1
typing_extensions==4.15.0 typing_extensions==4.15.0
tzdata==2025.2
uvicorn==0.37.0 uvicorn==0.37.0
uvloop==0.21.0 uvloop==0.21.0
vine==5.1.0
watchfiles==1.1.0 watchfiles==1.1.0
wcwidth==0.2.14
websockets==15.0.1 websockets==15.0.1
yarl==1.20.1 yarl==1.20.1

0
7project/backend/app/workers/__init__.py → backend/worker/__init__.py
View File

56
backend/worker/email_worker.py Normal file
View File

@@ -0,0 +1,56 @@
import asyncio
import json
import os
from typing import Any, Dict
RABBITMQ_URL = os.getenv("RABBITMQ_URL") or (
f"amqp://{os.getenv('RABBITMQ_USERNAME', 'user')}:"
f"{os.getenv('RABBITMQ_PASSWORD', 'bitnami123')}@"
f"{os.getenv('RABBITMQ_HOST', 'localhost')}:"
f"{os.getenv('RABBITMQ_PORT', '5672')}"
)
QUEUE_NAME = os.getenv("MAIL_QUEUE", "mail_queue")
async def handle_message(message_body: bytes) -> None:
try:
data: Dict[str, Any] = json.loads(message_body.decode("utf-8"))
except Exception as e:
print(f"[email_worker] Failed to decode message: {e}")
return
if data.get("type") != "email":
print(f"[email_worker] Unknown message type: {data}")
return
to = data.get("to")
subject = data.get("subject")
body = data.get("body")
if not (to and subject and body):
print(f"[email_worker] Incomplete email message: {data}")
return
try:
await send_email(to=to, subject=subject, body=body)
print(f"[email_worker] Sent email to {to}")
except Exception as e:
print(f"[email_worker] Error sending email to {to}: {e}")
async def main() -> None:
import aio_pika
print(f"[email_worker] Connecting to RabbitMQ at {RABBITMQ_URL}")
connection = await aio_pika.connect_robust(RABBITMQ_URL)
channel = await connection.channel()
queue = await channel.declare_queue(QUEUE_NAME, durable=True)
print(f"[email_worker] Waiting for messages in queue '{QUEUE_NAME}' ...")
async with queue.iterator() as queue_iter:
async for message in queue_iter:
async with message.process(requeue=False):
await handle_message(message.body)
if __name__ == "__main__":
asyncio.run(main())

2
7project/compose.yml → compose.yml
View File

@@ -15,7 +15,7 @@ services:
volumes: volumes:
- redis_data:/data - redis_data:/data
rabbitmq: rabbitmq:
image: bitnamilegacy/rabbitmq:3.13.3-debian-12-r0 image: bitnami/rabbitmq:3.13.3-debian-12-r0
network_mode: host network_mode: host
ports: ports:
- "5672:5672" - "5672:5672"

4
7project/create_migration.sh → create_migration.sh
View File

@@ -8,8 +8,4 @@ fi
cd backend || { echo "Directory 'backend' does not exist"; exit 1; } cd backend || { echo "Directory 'backend' does not exist"; exit 1; }
alembic revision --autogenerate -m "$1" alembic revision --autogenerate -m "$1"
git add alembic/versions/* git add alembic/versions/*
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
echo -e "${YELLOW}Don't forget to check imports in the new migration file!${NC}"
cd - || exit cd - || exit

0
7project/deployment/app-demo-database-grant.yaml → deployment/app-demo-database-grant.yaml
View File

0
7project/deployment/app-demo-database-secret.yaml → deployment/app-demo-database-secret.yaml
View File

0
7project/deployment/app-demo-database-user.yaml → deployment/app-demo-database-user.yaml
View File

0
7project/deployment/app-demo-database.yaml → deployment/app-demo-database.yaml
View File

2
7project/deployment/app-demo-deployment.yaml → deployment/app-demo-deployment.yaml
View File

@@ -14,7 +14,7 @@ spec:
app: app-demo app: app-demo
spec: spec:
containers: containers:
- image: lukastrkan/cc-app-demo@sha256:75634b4d97282b6b8424fe17767c81adf44af5f7359c1d25883073b5629b3e05 - image: lukastrkan/cc-app-demo@sha256:84cbe8181c87c32579b00e44d9c15e2db6d4a5c1e73577e517832b76bf337c59
name: app-demo name: app-demo
ports: ports:
- containerPort: 8000 - containerPort: 8000

0
7project/deployment/app-demo-svc.yaml → deployment/app-demo-svc.yaml
View File

19
7project/deployment/app-demo-worker-deployment.yaml → deployment/app-demo-worker-deployment.yaml
View File

@@ -14,28 +14,17 @@ spec:
app: app-demo-worker app: app-demo-worker
spec: spec:
containers: containers:
- image: lukastrkan/cc-app-demo@sha256:75634b4d97282b6b8424fe17767c81adf44af5f7359c1d25883073b5629b3e05 - image: lukastrkan/cc-app-demo@sha256:84cbe8181c87c32579b00e44d9c15e2db6d4a5c1e73577e517832b76bf337c59
name: app-demo-worker name: app-demo-worker
command: command:
- celery - python3
- -A - worker/email_worker.py
- app.celery_app
- worker
- -Q
- $(MAIL_QUEUE)
- --loglevel
- INFO
env: env:
- name: RABBITMQ_USERNAME - name: RABBITMQ_USERNAME
value: demo-app value: demo-app
- name: RABBITMQ_PASSWORD - name: RABBITMQ_PASSWORD
valueFrom: value: StrongPassword123!
secretKeyRef:
name: demo-app-user-credentials
key: password
- name: RABBITMQ_HOST - name: RABBITMQ_HOST
value: rabbitmq.rabbitmq.svc.cluster.local value: rabbitmq.rabbitmq.svc.cluster.local
- name: RABBITMQ_PORT - name: RABBITMQ_PORT
value: '5672' value: '5672'
- name: RABBITMQ_VHOST
value: "/"

0
7project/deployment/tunnel.yaml → deployment/tunnel.yaml
View File

9
6design/design.md → design.md
View File

@@ -45,11 +45,11 @@ flowchart LR
proc_cron[Task planner] --> proc_queue proc_cron[Task planner] --> proc_queue
proc_queue_worker --> ext_bank[(Bank API)] proc_queue_worker --> ext_bank[(Bank API)]
proc_queue_worker --> db proc_queue_worker --> db
client[Client/UI] <--> api[API Gateway / Web Server] client[Client/UI] --> api[API Gateway / Web Server]
api <--> svc[Web API] api --> svc[Web API]
svc --> proc_queue svc --> proc_queue
svc <--> db[(Database)] svc --> db[(Database)]
svc <--> cache[(Cache)] svc --> cache[(Cache)]
``` ```
- Components and responsibilities: What does each box do? - Components and responsibilities: What does each box do?
@@ -169,7 +169,6 @@ flowchart TB
planner --> queue planner --> queue
worker --> db worker --> db
``` ```
- Configuration & secrets: Env vars, secret manager, .env files (never commit secrets). - Configuration & secrets: Env vars, secret manager, .env files (never commit secrets).

0
7project/frontend/.gitignore → frontend/.gitignore vendored
View File

2
7project/frontend/README.md → frontend/README.md
View File

@@ -4,7 +4,7 @@ This template provides a minimal setup to get React working in Vite with HMR and
Currently, two official plugins are available: Currently, two official plugins are available:
- [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react) uses [Babel](https://babeljs.io/) (or [oxc](https://oxc.rs) when used in [rolldown-vite](https://vite.dev/guide/rolldown)) for Fast Refresh - [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react) uses [Babel](https://babeljs.io/) for Fast Refresh
- [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react-swc) uses [SWC](https://swc.rs/) for Fast Refresh - [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react-swc) uses [SWC](https://swc.rs/) for Fast Refresh
## React Compiler ## React Compiler

0
7project/frontend/eslint.config.js → frontend/eslint.config.js
View File

0
7project/frontend/index.html → frontend/index.html
View File

Some files were not shown because too many files have changed in this diff Show More