feat(backend): fixed a naming conflict in app.py

2026-03-22 15:12:08 +01:00 · 2025-10-13 14:09:39 +02:00
65 changed files with 534 additions and 3471 deletions
--- a/.github/workflows/deploy-pr.yaml
+++ b/.github/workflows/deploy-pr.yaml
@@ -9,11 +9,6 @@ permissions:
  pull-requests: write
 jobs:
  test:
    name: Run Python Tests
    if: github.event.action != 'closed'
    uses: ./.github/workflows/run-tests.yml
  build:
    if: github.event.action != 'closed'
    name: Build and push image (reusable)
@@ -25,26 +20,13 @@ jobs:
      pr_number: ${{ github.event.pull_request.number }}
    secrets: inherit
  get_urls:
    if: github.event.action != 'closed'
    name: Generate Preview URLs
    uses: ./.github/workflows/url_generator.yml
    with:
      runner: vhs
      mode: pr
      pr_number: ${{ github.event.pull_request.number }}
      base_domain: ${{ vars.DEV_BASE_DOMAIN }}
    secrets: inherit
  frontend:
    if: github.event.action != 'closed'
    name: Frontend - Build and Deploy to Cloudflare Pages (PR)
    needs: [get_urls]
    uses: ./.github/workflows/frontend-pages.yml
    with:
      mode: pr
      pr_number: ${{ github.event.pull_request.number }}
      backend_url_scheme: ${{ needs.get_urls.outputs.backend_url_scheme }}
    secrets: inherit
  deploy:
@@ -54,7 +36,7 @@ jobs:
    concurrency:
      group: pr-${{ github.event.pull_request.number }}
      cancel-in-progress: false
-    needs: [build, frontend, get_urls]
+    needs: [build, frontend]
    steps:
      - name: Checkout
        uses: actions/checkout@v4
@@ -80,42 +62,45 @@ jobs:
          DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }}
          RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }}
          DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }}
          IMAGE_REPO: ${{ needs.build.outputs.image_repo }}
          DIGEST: ${{ needs.build.outputs.digest }}
          DOMAIN: "${{ needs.get_urls.outputs.backend_url }}"
          DOMAIN_SCHEME: "${{ needs.get_urls.outputs.backend_url_scheme }}"
          FRONTEND_DOMAIN: "${{ needs.get_urls.outputs.frontend_url }}"
          FRONTEND_DOMAIN_SCHEME: "${{ needs.get_urls.outputs.frontend_url_scheme }}"
        run: |
          PR=${{ github.event.pull_request.number }}
          if [ -z "$PR" ]; then echo "PR number missing"; exit 1; fi
          if [ -z "$DEV_BASE_DOMAIN" ]; then echo "Secret DEV_BASE_DOMAIN is required (e.g., dev.example.com)"; exit 1; fi
          if [ -z "$RABBITMQ_PASSWORD" ]; then echo "Secret DEV_RABBITMQ_PASSWORD is required"; exit 1; fi
          if [ -z "$DB_PASSWORD" ]; then echo "Secret DEV_DB_PASSWORD is required"; exit 1; fi
          RELEASE=myapp-pr-$PR
          NAMESPACE=pr-$PR
          DOMAIN=pr-$PR.$DEV_BASE_DOMAIN
          if [ -z "$IMAGE_REPO" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi
          helm upgrade --install "$RELEASE" ./7project/charts/myapp-chart \
            -n "$NAMESPACE" --create-namespace \
            -f 7project/charts/myapp-chart/values-dev.yaml \
            --set prNumber="$PR" \
            --set deployment="pr-$PR" \
            --set domain="$DOMAIN" \
-            --set domain_scheme="$DOMAIN_SCHEME" \
+            --set image.repository="$IMAGE_REPO" \
            --set frontend_domain="$FRONTEND_DOMAIN" \
            --set frontend_domain_scheme="$FRONTEND_DOMAIN_SCHEME" \
            --set image.digest="$DIGEST" \
            --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
-            --set-string database.password="$DB_PASSWORD" \
+            --set-string database.password="$DB_PASSWORD"
            --set-string database.encryptionSecret="$PR"
      - name: Post preview URLs as PR comment
        uses: actions/github-script@v7
        env:
-          BACKEND_URL: ${{ needs.get_urls.outputs.backend_url_scheme }}
+          DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }}
-          FRONTEND_URL: ${{ needs.get_urls.outputs.frontend_url_scheme }}
+          FRONTEND_URL: ${{ needs.frontend.outputs.deployed_url }}
        with:
          script: |
            const pr = context.payload.pull_request;
            if (!pr) { core.setFailed('No pull_request context'); return; }
            const prNumber = pr.number;
-            const backendUrl = process.env.BACKEND_URL || '(not available)';
+            const domainBase = process.env.DEV_BASE_DOMAIN;
            if (!domainBase) { core.setFailed('DEV_BASE_DOMAIN is required'); return; }
            const backendDomain = `pr-${prNumber}.${domainBase}`;
            const backendUrl = `https://${backendDomain}`;
            const frontendUrl = process.env.FRONTEND_URL || '(not available)';
-            const marker = '<!-- preview-comment-marker -->';
+            const marker = '<!-- preview-link -->';
            const body = `${marker}\nPreview environment is running\n- Frontend: ${frontendUrl}\n- Backend: ${backendUrl}\n`;
            const { owner, repo } = context.repo;
            const { data: comments } = await github.rest.issues.listComments({ owner, repo, issue_number: prNumber, per_page: 100 });
--- a/.github/workflows/deploy-prod.yaml
+++ b/.github/workflows/deploy-prod.yaml
@@ -21,10 +21,6 @@ concurrency:
  cancel-in-progress: false
 jobs:
  test:
    name: Run Python Tests
    uses: ./.github/workflows/run-tests.yml
  build:
    name: Build and push image (reusable)
    uses: ./.github/workflows/build-image.yaml
@@ -34,28 +30,17 @@ jobs:
      context: 7project/backend
    secrets: inherit
  get_urls:
    name: Generate Production URLs
    uses: ./.github/workflows/url_generator.yml
    with:
      mode: prod
      runner: vhs
      base_domain: ${{ vars.PROD_DOMAIN }}
    secrets: inherit
  frontend:
    name: Frontend - Build and Deploy to Cloudflare Pages (prod)
    needs: [get_urls]
    uses: ./.github/workflows/frontend-pages.yml
    with:
      mode: prod
      backend_url_scheme: ${{ needs.get_urls.outputs.backend_url_scheme }}
    secrets: inherit
  deploy:
    name: Helm upgrade/install (prod)
    runs-on: vhs
-    needs: [build, frontend, get_urls]
+    needs: [build, frontend]
    steps:
      - name: Checkout
        uses: actions/checkout@v4
@@ -78,37 +63,25 @@ jobs:
      - name: Helm upgrade/install prod
        env:
-          DOMAIN: ${{ needs.get_urls.outputs.backend_url }}
+          DOMAIN: ${{ secrets.PROD_DOMAIN }}
          DOMAIN_SCHEME: ${{ needs.get_urls.outputs.backend_url_scheme }}
          FRONTEND_DOMAIN: ${{ needs.get_urls.outputs.frontend_url }}
          FRONTEND_DOMAIN_SCHEME: ${{ needs.get_urls.outputs.frontend_url_scheme }}
          RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }}
          DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }}
          IMAGE_REPO: ${{ needs.build.outputs.image_repo }}
          DIGEST: ${{ needs.build.outputs.digest }}
          BANKID_CLIENT_ID: ${{ secrets.BANKID_CLIENT_ID }}
          BANKID_CLIENT_SECRET: ${{ secrets.BANKID_CLIENT_SECRET }}
          MOJEID_CLIENT_ID: ${{ secrets.MOJEID_CLIENT_ID }}
          MOJEID_CLIENT_SECRET: ${{ secrets.MOJEID_CLIENT_SECRET }}
          CSAS_CLIENT_ID: ${{ secrets.CSAS_CLIENT_ID }}
          CSAS_CLIENT_SECRET: ${{ secrets.CSAS_CLIENT_SECRET }}
          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
        run: |
          if [ -z "$DOMAIN" ]; then
            echo "Secret PROD_DOMAIN is required (e.g., app.example.com)"; exit 1; fi
          if [ -z "$RABBITMQ_PASSWORD" ]; then
            echo "Secret PROD_RABBITMQ_PASSWORD is required"; exit 1; fi
          if [ -z "$DB_PASSWORD" ]; then
            echo "Secret PROD_DB_PASSWORD is required"; exit 1; fi
          if [ -z "$IMAGE_REPO" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi
          helm upgrade --install myapp ./7project/charts/myapp-chart \
            -n prod --create-namespace \
            -f 7project/charts/myapp-chart/values-prod.yaml \
            --set deployment="prod" \
            --set domain="$DOMAIN" \
-            --set domain_scheme="$DOMAIN_SCHEME" \
+            --set image.repository="$IMAGE_REPO" \
            --set frontend_domain="$FRONTEND_DOMAIN" \
            --set frontend_domain_scheme="$FRONTEND_DOMAIN_SCHEME" \
            --set image.digest="$DIGEST" \
            --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
-            --set-string database.password="$DB_PASSWORD" \
+            --set-string database.password="$DB_PASSWORD" 
            --set-string oauth.bankid.clientId="$BANKID_CLIENT_ID" \
            --set-string oauth.bankid.clientSecret="$BANKID_CLIENT_SECRET" \
            --set-string oauth.mojeid.clientId="$MOJEID_CLIENT_ID" \
            --set-string oauth.mojeid.clientSecret="$MOJEID_CLIENT_SECRET" \
            --set-string oauth.csas.clientId="$CSAS_CLIENT_ID" \
            --set-string oauth.csas.clientSecret="$CSAS_CLIENT_SECRET" \
            --set-string sentry_dsn="$SENTRY_DSN" \
            --set-string database.encryptionSecret="${{ secrets.PROD_DB_ENCRYPTION_KEY }}"
--- a/.github/workflows/frontend-pages.yml
+++ b/.github/workflows/frontend-pages.yml
@@ -15,10 +15,6 @@ on:
        description: 'Cloudflare Pages project name (overrides default)'
        required: false
        type: string
      backend_url_scheme:
        description: 'The full scheme URL for the backend (e.g., https://api.example.com)'
        required: true
        type: string
    secrets:
      CLOUDFLARE_API_TOKEN:
        required: true
@@ -29,6 +25,14 @@ on:
        description: 'URL of deployed frontend'
        value: ${{ jobs.deploy.outputs.deployed_url }}
 # Required repository secrets:
 #   CLOUDFLARE_API_TOKEN     - API token with Pages:Edit (or Account:Workers Scripts:Edit) permissions
 #   CLOUDFLARE_ACCOUNT_ID    - Your Cloudflare account ID
 # Optional repository variables:
 #   CF_PAGES_PROJECT_NAME      - Default Cloudflare Pages project name
 #   PROD_DOMAIN                - App domain for prod releases (e.g., api.example.com or https://api.example.com)
 #   BACKEND_URL_PR_TEMPLATE    - Template for PR backend URL. Use {PR} placeholder for PR number (e.g., https://api-pr-{PR}.example.com)
 jobs:
  build:
    name: Build frontend
@@ -50,9 +54,50 @@ jobs:
      - name: Install dependencies
        run: npm ci
-      - name: Set backend URL from workflow input
+      - name: Compute backend URL for Vite
        id: be
        env:
          EVENT_NAME: ${{ github.event_name }}
          PR_NUMBER: ${{ github.event.pull_request.number || inputs.pr_number }}
          PR_TEMPLATE: ${{ vars.BACKEND_URL_PR_TEMPLATE }}
          DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }}
          PROD_DOMAIN_VAR: ${{ vars.PROD_DOMAIN }}
          PROD_DOMAIN_SECRET: ${{ secrets.PROD_DOMAIN }}
          BACKEND_URL_OVERRIDE: ${{ vars.BACKEND_URL || secrets.BACKEND_URL }}
          MODE: ${{ inputs.mode }}
        run: |
-          echo "VITE_BACKEND_URL=${{ inputs.backend_url_scheme }}" >> $GITHUB_ENV
+          set -euo pipefail
          URL=""
          # 1) Explicit override wins (from repo var or secret)
          if [ -n "${BACKEND_URL_OVERRIDE:-}" ]; then
            if echo "$BACKEND_URL_OVERRIDE" | grep -Eiq '^https?://'; then
              URL="$BACKEND_URL_OVERRIDE"
            else
              URL="https://${BACKEND_URL_OVERRIDE}"
            fi
          else
            # 2) PR-specific URL when building for PR
            if [ "${MODE:-}" = "pr" ] || [ "${EVENT_NAME}" = "pull_request" ]; then
              if [ -n "${PR_TEMPLATE:-}" ] && [ -n "${PR_NUMBER:-}" ] ; then
                URL="${PR_TEMPLATE//\{PR\}/${PR_NUMBER}}"
              elif [ -n "${DEV_BASE_DOMAIN:-}" ] && [ -n "${PR_NUMBER:-}" ]; then
                URL="https://pr-${PR_NUMBER}.${DEV_BASE_DOMAIN}"
              fi
            fi
            # 3) Fallback to PROD_DOMAIN (prefer repo var, then secret)
            if [ -z "$URL" ]; then
              PROD_DOMAIN="${PROD_DOMAIN_VAR:-${PROD_DOMAIN_SECRET:-}}"
              if [ -n "$PROD_DOMAIN" ]; then
                if echo "$PROD_DOMAIN" | grep -Eiq '^https?://'; then
                  URL="$PROD_DOMAIN"
                else
                  URL="https://${PROD_DOMAIN}"
                fi
              fi
            fi
          fi
          echo "Using backend URL: ${URL:-<empty>}"
          echo "VITE_BACKEND_URL=${URL}" >> $GITHUB_ENV
      - name: Build
        run: npm run build
--- a/.github/workflows/run-tests.yml
+++ b/.github/workflows/run-tests.yml
@@ -1,61 +0,0 @@
 name: Run Python Tests
 permissions:
  contents: read
 on:
  workflow_call:
 jobs:
  build-and-test:
    runs-on: ubuntu-latest
    services:
      mariadb:
        image: mariadb:11.4
        env:
          MARIADB_ROOT_PASSWORD: rootpw
          MARIADB_DATABASE: group_project
          MARIADB_USER: appuser
          MARIADB_PASSWORD: apppass
        ports:
          - 3306:3306
        options: >-
          --health-cmd="mariadb-admin ping -h 127.0.0.1 -u root -prootpw --silent"
          --health-interval=5s
          --health-timeout=2s
          --health-retries=20
    env:
      MARIADB_HOST: 127.0.0.1
      MARIADB_PORT: "3306"
      MARIADB_DB: group_project
      MARIADB_USER: appuser
      MARIADB_PASSWORD: apppass
    steps:
      - name: Check out repository code
        uses: actions/checkout@v4
      - name: Set up Python 3.11
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'
      - name: Add test dependencies to requirements
        run: |
          echo "pytest==8.4.2" >> ./7project/backend/requirements.txt
          echo "pytest-asyncio==1.2.0" >> ./7project/backend/requirements.txt
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install -r ./7project/backend/requirements.txt
      - name: Run Alembic migrations
        run: |
          alembic upgrade head
        working-directory: ./7project/backend
      - name: Run tests with pytest
        run: pytest
        working-directory: ./7project/backend
--- a/.github/workflows/url_generator.yml
+++ b/.github/workflows/url_generator.yml
@@ -1,74 +0,0 @@
 name: Generate Preview or Production URLs
 on:
  workflow_call:
    inputs:
      mode:
        description: "Build mode: 'prod' or 'pr'"
        required: true
        type: string
      pr_number:
        description: 'PR number (required when mode=pr)'
        required: false
        type: string
      runner:
        description: 'The runner to use for this job'
        required: false
        type: string
        default: 'ubuntu-latest'
      base_domain:
        description: 'The base domain for production URLs (e.g., example.com)'
        required: true
        type: string
    outputs:
      backend_url:
        description: "The backend URL without scheme (e.g., api.example.com)"
        value: ${{ jobs.generate-urls.outputs.backend_url }}
      frontend_url:
        description: "The frontend URL without scheme (e.g., app.example.com)"
        value: ${{ jobs.generate-urls.outputs.frontend_url }}
      backend_url_scheme:
        description: "The backend URL with scheme (e.g., https://api.example.com)"
        value: ${{ jobs.generate-urls.outputs.backend_url_scheme }}
      frontend_url_scheme:
        description: "The frontend URL with scheme (e.g., https://app.example.com)"
        value: ${{ jobs.generate-urls.outputs.frontend_url_scheme }}
 jobs:
  generate-urls:
    permissions:
      contents: none
    runs-on: ${{ inputs.runner }}
    outputs:
      backend_url: ${{ steps.set_urls.outputs.backend_url }}
      frontend_url: ${{ steps.set_urls.outputs.frontend_url }}
      backend_url_scheme: ${{ steps.set_urls.outputs.backend_url_scheme }}
      frontend_url_scheme: ${{ steps.set_urls.outputs.frontend_url_scheme }}
    steps:
      - name: Generate URLs
        id: set_urls
        env:
          BASE_DOMAIN: ${{ inputs.base_domain }}
        run: |
          set -euo pipefail
          if [ "${{ inputs.mode }}" = "prod" ]; then
            BACKEND_URL="api.${BASE_DOMAIN}"
            FRONTEND_URL="finance.${BASE_DOMAIN}"
          else
            # This is your current logic
            FRONTEND_URL="pr-${{ inputs.pr_number }}.group-8-frontend.pages.dev"
            BACKEND_URL="api-pr-${{ inputs.pr_number }}.${BASE_DOMAIN}"
          fi
          FRONTEND_URL_SCHEME="https://$FRONTEND_URL"
          BACKEND_URL_SCHEME="https://$BACKEND_URL"
          # This part correctly writes to GITHUB_OUTPUT for the step
          echo "backend_url_scheme=$BACKEND_URL_SCHEME" >> $GITHUB_OUTPUT
          echo "frontend_url_scheme=$FRONTEND_URL_SCHEME" >> $GITHUB_OUTPUT
          echo "backend_url=$BACKEND_URL" >> $GITHUB_OUTPUT
          echo "frontend_url=$FRONTEND_URL" >> $GITHUB_OUTPUT
--- a/7project/backend/alembic/env.py
+++ b/7project/backend/alembic/env.py
@@ -25,8 +25,7 @@ if not DATABASE_URL:
 SYNC_DATABASE_URL = DATABASE_URL.replace("+asyncmy", "+pymysql")
-host_env = os.getenv("MARIADB_HOST", "localhost")
+ssl_enabled = os.getenv("MARIADB_HOST", "localhost") != "localhost"
 ssl_enabled = host_env not in {"localhost", "127.0.0.1"}
 connect_args = {"ssl": {"ssl": True}} if ssl_enabled else {}
 def run_migrations_offline() -> None:
--- a/7project/backend/alembic/versions/2025_10_21_1856-eabec90a94fe_add_config_to_user.py
+++ b/7project/backend/alembic/versions/2025_10_21_1856-eabec90a94fe_add_config_to_user.py
@@ -1,32 +0,0 @@
 """add config to user
 Revision ID: eabec90a94fe
 Revises: 5ab2e654c96e
 Create Date: 2025-10-21 18:56:42.085973
 """
 from typing import Sequence, Union
 from alembic import op
 import sqlalchemy as sa
 # revision identifiers, used by Alembic.
 revision: str = 'eabec90a94fe'
 down_revision: Union[str, Sequence[str], None] = '5ab2e654c96e'
 branch_labels: Union[str, Sequence[str], None] = None
 depends_on: Union[str, Sequence[str], None] = None
 def upgrade() -> None:
    """Upgrade schema."""
    # ### commands auto generated by Alembic - please adjust! ###
    op.add_column('user', sa.Column('config', sa.JSON(), nullable=True))
    # ### end Alembic commands ###
 def downgrade() -> None:
    """Downgrade schema."""
    # ### commands auto generated by Alembic - please adjust! ###
    op.drop_column('user', 'config')
    # ### end Alembic commands ###
--- a/7project/backend/alembic/versions/2025_10_22_1618-1f2a3c4d5e6f_add_date_to_transaction.py
+++ b/7project/backend/alembic/versions/2025_10_22_1618-1f2a3c4d5e6f_add_date_to_transaction.py
@@ -1,32 +0,0 @@
 """add date to transaction
 Revision ID: 1f2a3c4d5e6f
 Revises: eabec90a94fe
 Create Date: 2025-10-22 16:18:00
 """
 from typing import Sequence, Union
 from alembic import op
 import sqlalchemy as sa
 from sqlalchemy.sql import func
 # revision identifiers, used by Alembic.
 revision: str = '1f2a3c4d5e6f'
 down_revision: Union[str, Sequence[str], None] = 'eabec90a94fe'
 branch_labels: Union[str, Sequence[str], None] = None
 depends_on: Union[str, Sequence[str], None] = None
 def upgrade() -> None:
    """Upgrade schema by adding date column with server default current_date."""
    op.add_column(
        'transaction',
        sa.Column('date', sa.Date(), nullable=False, server_default=sa.text('CURRENT_DATE'))
    )
 def downgrade() -> None:
    """Downgrade schema by removing date column."""
    op.drop_column('transaction', 'date')
--- a/7project/backend/alembic/versions/2025_10_29_1326-46b9e702e83f_add_encrypted_type.py
+++ b/7project/backend/alembic/versions/2025_10_29_1326-46b9e702e83f_add_encrypted_type.py
@@ -1,47 +0,0 @@
 """Add encrypted type
 Revision ID: 46b9e702e83f
 Revises: 1f2a3c4d5e6f
 Create Date: 2025-10-29 13:26:24.568523
 """
 from typing import Sequence, Union
 import sqlalchemy_utils
 from alembic import op
 import sqlalchemy as sa
 from sqlalchemy.dialects import mysql
 # revision identifiers, used by Alembic.
 revision: str = '46b9e702e83f'
 down_revision: Union[str, Sequence[str], None] = '1f2a3c4d5e6f'
 branch_labels: Union[str, Sequence[str], None] = None
 depends_on: Union[str, Sequence[str], None] = None
 def upgrade() -> None:
    """Upgrade schema."""
    # ### commands auto generated by Alembic - please adjust! ###
    op.alter_column('transaction', 'amount',
               existing_type=mysql.FLOAT(),
               type_=sqlalchemy_utils.types.encrypted.encrypted_type.EncryptedType(),
               existing_nullable=False)
    op.alter_column('transaction', 'description',
               existing_type=mysql.VARCHAR(length=255),
               type_=sqlalchemy_utils.types.encrypted.encrypted_type.EncryptedType(),
               existing_nullable=True)
    # ### end Alembic commands ###
 def downgrade() -> None:
    """Downgrade schema."""
    # ### commands auto generated by Alembic - please adjust! ###
    op.alter_column('transaction', 'description',
               existing_type=sqlalchemy_utils.types.encrypted.encrypted_type.EncryptedType(),
               type_=mysql.VARCHAR(length=255),
               existing_nullable=True)
    op.alter_column('transaction', 'amount',
               existing_type=sqlalchemy_utils.types.encrypted.encrypted_type.EncryptedType(),
               type_=mysql.FLOAT(),
               existing_nullable=False)
    # ### end Alembic commands ###
--- a/7project/backend/app/api/auth.py
+++ b/7project/backend/app/api/auth.py
@@ -1,46 +1,11 @@
-from fastapi import APIRouter, Depends, status
+from fastapi import APIRouter
 from fastapi_users import models
 from fastapi_users.manager import BaseUserManager
 from app.schemas.user import UserCreate, UserRead, UserUpdate
 from app.services.user_service import auth_backend, fastapi_users
 router = APIRouter()
@router.delete(
    "/users/me",
    status_code=status.HTTP_204_NO_CONTENT,
    tags=["users"],
    summary="Delete current user",
    response_description="The user has been successfully deleted.",
 )
 async def delete_me(
    user: models.UserProtocol = Depends(fastapi_users.current_user(active=True)),
    user_manager: BaseUserManager = Depends(fastapi_users.get_user_manager),
 ):
    """
    Delete the currently authenticated user.
    """
    await user_manager.delete(user)
 # Keep existing paths as-is under /auth/* and /users/*
 from fastapi import Request, Response
 from app.core.security import revoke_token, extract_bearer_token
@router.post(
    "/auth/jwt/logout",
    status_code=status.HTTP_204_NO_CONTENT,
    tags=["auth"],
    summary="Log out and revoke current token",
 )
 async def custom_logout(request: Request) -> Response:
    """Revoke the current bearer token so it cannot be used anymore."""
    token = extract_bearer_token(request)
    if token:
        revoke_token(token)
    return Response(status_code=status.HTTP_204_NO_CONTENT)
 router.include_router(
    fastapi_users.get_auth_router(auth_backend), prefix="/auth/jwt", tags=["auth"]
 )
--- a/7project/backend/app/api/categories.py
+++ b/7project/backend/app/api/categories.py
@@ -5,7 +5,7 @@ from sqlalchemy import select, delete
 from sqlalchemy.ext.asyncio import AsyncSession
 from app.models.categories import Category
-from app.schemas.category import CategoryCreate, CategoryRead, CategoryUpdate
+from app.schemas.category import CategoryCreate, CategoryRead
 from app.services.db import get_async_session
 from app.services.user_service import current_active_user
 from app.models.user import User
@@ -43,37 +43,6 @@ async def list_categories(
    return list(res.scalars())
@router.patch("/{category_id}", response_model=CategoryRead)
 async def update_category(
    category_id: int,
    payload: CategoryUpdate,
    session: AsyncSession = Depends(get_async_session),
    user: User = Depends(current_active_user),
 ):
    res = await session.execute(
        select(Category).where(Category.id == category_id, Category.user_id == user.id)
    )
    category = res.scalar_one_or_none()
    if not category:
        raise HTTPException(status_code=404, detail="Category not found")
    # If name changed, check uniqueness per user
    if payload.name is not None and payload.name != category.name:
        dup = await session.execute(
            select(Category.id).where(Category.user_id == user.id, Category.name == payload.name)
        )
        if dup.scalar_one_or_none() is not None:
            raise HTTPException(status_code=409, detail="Category with this name already exists")
        category.name = payload.name
    if payload.description is not None:
        category.description = payload.description
    await session.commit()
    await session.refresh(category)
    return category
@router.get("/{category_id}", response_model=CategoryRead)
 async def get_category(
    category_id: int,
--- a/7project/backend/app/api/csas.py
+++ b/7project/backend/app/api/csas.py
@@ -1,40 +0,0 @@
 import json
 import os
 from fastapi import APIRouter
 from fastapi.params import Depends
 from sqlalchemy.ext.asyncio import AsyncSession
 from app.models.user import User
 from app.oauth.csas import CSASOAuth
 from app.services.db import get_async_session
 from app.services.user_service import current_active_user
 router = APIRouter(prefix="/auth/csas", tags=["csas"])
 CLIENT_ID = os.getenv("CSAS_CLIENT_ID")
 CLIENT_SECRET = os.getenv("CSAS_CLIENT_SECRET")
 CSAS_OAUTH = CSASOAuth(CLIENT_ID, CLIENT_SECRET)
@router.get("/authorize")
 async def csas_authorize():
    return {"authorization_url":
                await CSAS_OAUTH.get_authorization_url(os.getenv("FRONTEND_DOMAIN_SCHEME") + "/auth/csas/callback")}
@router.get("/callback")
 async def csas_callback(code: str, session: AsyncSession = Depends(get_async_session),
                        user: User = Depends(current_active_user)):
    response = await CSAS_OAUTH.get_access_token(code, os.getenv("FRONTEND_DOMAIN_SCHEME") + "/auth/csas/callback")
    if not user.config:
        user.config = {}
    new_dict = user.config.copy()
    new_dict["csas"] = json.dumps(response)
    user.config = new_dict
    await session.commit()
    return "OK"
--- a/7project/backend/app/api/transactions.py
+++ b/7project/backend/app/api/transactions.py
@@ -1,8 +1,7 @@
 from typing import List, Optional
 from datetime import date
 from fastapi import APIRouter, Depends, HTTPException, status
-from sqlalchemy import select, and_, func
+from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession
 from app.models.transaction import Transaction
@@ -24,7 +23,6 @@ def _to_read_model(tx: Transaction) -> TransactionRead:
        id=tx.id,
        amount=tx.amount,
        description=tx.description,
        date=tx.date,
        category_ids=[c.id for c in (tx.categories or [])],
    )
@@ -35,21 +33,7 @@ async def create_transaction(
    session: AsyncSession = Depends(get_async_session),
    user: User = Depends(current_active_user),
 ):
-    # Build transaction; set `date` only if provided to let DB default apply otherwise
+    tx = Transaction(amount=payload.amount, description=payload.description, user_id=user.id)
    tx_kwargs = dict(
        amount=payload.amount,
        description=payload.description,
        user_id=user.id,
    )
    if payload.date is not None:
        parsed_date = payload.date
        if isinstance(parsed_date, str):
            try:
                parsed_date = date.fromisoformat(parsed_date)
            except ValueError:
                raise HTTPException(status_code=400, detail="Invalid date format, expected YYYY-MM-DD")
        tx_kwargs["date"] = parsed_date
    tx = Transaction(**tx_kwargs)
    # Attach categories if provided (and owned by user)
    if payload.category_ids:
@@ -76,18 +60,11 @@ async def create_transaction(
@router.get("/", response_model=List[TransactionRead])
 async def list_transactions(
    start_date: Optional[date] = None,
    end_date: Optional[date] = None,
    session: AsyncSession = Depends(get_async_session),
    user: User = Depends(current_active_user),
 ):
    cond = [Transaction.user_id == user.id]
    if start_date is not None:
        cond.append(Transaction.date >= start_date)
    if end_date is not None:
        cond.append(Transaction.date <= end_date)
    res = await session.execute(
-        select(Transaction).where(and_(*cond)).order_by(Transaction.date, Transaction.id)
+        select(Transaction).where(Transaction.user_id == user.id).order_by(Transaction.id)
    )
    txs = list(res.scalars())
    # Eagerly load categories for each transaction
@@ -96,36 +73,6 @@ async def list_transactions(
    return [_to_read_model(tx) for tx in txs]
@router.get("/balance_series")
 async def get_balance_series(
    start_date: Optional[date] = None,
    end_date: Optional[date] = None,
    session: AsyncSession = Depends(get_async_session),
    user: User = Depends(current_active_user),
 ):
    cond = [Transaction.user_id == user.id]
    if start_date is not None:
        cond.append(Transaction.date >= start_date)
    if end_date is not None:
        cond.append(Transaction.date <= end_date)
    res = await session.execute(
        select(Transaction).where(and_(*cond)).order_by(Transaction.date, Transaction.id)
    )
    txs = list(res.scalars())
    # Group by date and accumulate
    daily = {}
    for tx in txs:
        key = tx.date.isoformat() if hasattr(tx.date, 'isoformat') else str(tx.date)
        daily[key] = daily.get(key, 0.0) + float(tx.amount)
    # Build cumulative series sorted by date
    series = []
    running = 0.0
    for d in sorted(daily.keys()):
        running += daily[d]
        series.append({"date": d, "balance": running})
    return series
@router.get("/{transaction_id}", response_model=TransactionRead)
 async def get_transaction(
    transaction_id: int,
@@ -164,14 +111,6 @@ async def update_transaction(
        tx.amount = payload.amount
    if payload.description is not None:
        tx.description = payload.description
    if payload.date is not None:
        new_date = payload.date
        if isinstance(new_date, str):
            try:
                new_date = date.fromisoformat(new_date)
            except ValueError:
                raise HTTPException(status_code=400, detail="Invalid date format, expected YYYY-MM-DD")
        tx.date = new_date
    if payload.category_ids is not None:
        # Preload categories to avoid async lazy-load during assignment
--- a/7project/backend/app/app.py
+++ b/7project/backend/app/app.py
@@ -1,37 +1,15 @@
 import logging
 import os
 from datetime import datetime
 from fastapi import Depends, FastAPI
 from fastapi.middleware.cors import CORSMiddleware
 from starlette.requests import Request
-from app.services import bank_scraper
+from app.models.user import User
 from app.workers.celery_tasks import load_transactions, load_all_transactions
 from app.models.user import User, OAuthAccount
 from app.services.user_service import current_active_verified_user
 from app.api.auth import router as auth_router
 from app.api.csas import router as csas_router
 from app.api.categories import router as categories_router
 from app.api.transactions import router as transactions_router
-from app.services.user_service import auth_backend, current_active_verified_user, fastapi_users, get_oauth_provider, UserManager, get_jwt_strategy
+from app.services.user_service import auth_backend, current_active_verified_user, fastapi_users, get_oauth_provider
 from app.core.security import extract_bearer_token, is_token_revoked, decode_and_verify_jwt
 from app.services.user_service import SECRET
 from fastapi import FastAPI
 import sentry_sdk
 from fastapi_users.db import SQLAlchemyUserDatabase
 from app.core.db import async_session_maker
 sentry_sdk.init(
    dsn=os.getenv("SENTRY_DSN"),
    send_default_pii=True,
 )
 fastApi = FastAPI()
 app = fastApi
 # CORS for frontend dev server
 fastApi.add_middleware(
@@ -39,7 +17,6 @@ fastApi.add_middleware(
    allow_origins=[
        "http://localhost:5173",
        "http://127.0.0.1:5173",
        os.getenv("FRONTEND_DOMAIN_SCHEME", "")
    ],
    allow_credentials=True,
    allow_methods=["*"],
@@ -50,51 +27,12 @@ fastApi.include_router(auth_router)
 fastApi.include_router(categories_router)
 fastApi.include_router(transactions_router)
 logging.basicConfig(filename='app.log', level=logging.INFO, format='%(asctime)s %(message)s')
@fastApi.middleware("http")
 async def auth_guard(request: Request, call_next):
    # Enforce revoked/expired JWTs are rejected globally
    token = extract_bearer_token(request)
    if token:
        from fastapi import Response, status as _status
        # Deny if token is revoked
        if is_token_revoked(token):
            return Response(status_code=_status.HTTP_401_UNAUTHORIZED)
        # Deny if token is expired or invalid
        try:
            decode_and_verify_jwt(token, SECRET)
        except Exception:
            return Response(status_code=_status.HTTP_401_UNAUTHORIZED)
    return await call_next(request)
@fastApi.middleware("http")
 async def log_traffic(request: Request, call_next):
    start_time = datetime.now()
    response = await call_next(request)
    process_time = (datetime.now() - start_time).total_seconds()
    client_host = request.client.host
    log_params = {
        "request_method": request.method,
        "request_url": str(request.url),
        "request_size": request.headers.get("content-length"),
        "request_headers": dict(request.headers),
        "response_status": response.status_code,
        "response_size": response.headers.get("content-length"),
        "response_headers": dict(response.headers),
        "process_time": process_time,
        "client_host": client_host
    }
    logging.info(str(log_params))
    return response
 fastApi.include_router(
    fastapi_users.get_oauth_router(
        get_oauth_provider("MojeID"),
        auth_backend,
        "SECRET",
        associate_by_email=True,
        redirect_url=os.getenv("FRONTEND_DOMAIN_SCHEME", "http://localhost:3000") + "/auth/mojeid/callback",
    ),
    prefix="/auth/mojeid",
    tags=["auth"],
@@ -106,13 +44,11 @@ fastApi.include_router(
        auth_backend,
        "SECRET",
        associate_by_email=True,
        redirect_url=os.getenv("FRONTEND_DOMAIN_SCHEME", "http://localhost:3000") + "/auth/bankid/callback",
    ),
    prefix="/auth/bankid",
    tags=["auth"],
 )
 fastApi.include_router(csas_router)
 # Liveness/root endpoint
@fastApi.get("/", include_in_schema=False)
@@ -123,17 +59,3 @@ async def root():
@fastApi.get("/authenticated-route")
 async def authenticated_route(user: User = Depends(current_active_verified_user)):
    return {"message": f"Hello {user.email}!"}
@fastApi.get("/debug/scrape/csas/all", tags=["debug"])
 async def debug_scrape_csas_all():
    logging.info("[Debug] Queueing CSAS scrape for all users via HTTP endpoint (Celery)")
    task = load_all_transactions.delay()
    return {"status": "queued", "action": "csas_scrape_all", "task_id": getattr(task, 'id', None)}
@fastApi.post("/debug/scrape/csas/{user_id}", tags=["debug"]) 
 async def debug_scrape_csas_user(user_id: str, user: User = Depends(current_active_verified_user)):
    logging.info("[Debug] Queueing CSAS scrape for single user via HTTP endpoint (Celery) | user_id=%s", user_id)
    task = load_transactions.delay(user_id)
    return {"status": "queued", "action": "csas_scrape_single", "user_id": user_id, "task_id": getattr(task, 'id', None)}
--- a/7project/backend/app/core/db.py
+++ b/7project/backend/app/core/db.py
@@ -19,8 +19,7 @@ from app.models.user import User
 from app.models.transaction import Transaction
 from app.models.categories import Category
-host_env = os.getenv("MARIADB_HOST", "localhost")
+ssl_enabled = os.getenv("MARIADB_HOST", "localhost") != "localhost"
 ssl_enabled = host_env not in {"localhost", "127.0.0.1"}
 connect_args = {"ssl": {"ssl": True}} if ssl_enabled else {}
 engine = create_async_engine(
--- a/7project/backend/app/core/security.py
+++ b/7project/backend/app/core/security.py
@@ -1,52 +0,0 @@
 from typing import Optional
 import re
 import jwt
 from fastapi import Request
 # Simple in-memory revocation store for revoked JWT tokens.
 # 
 # Limitations:
 # - All revoked tokens will be lost if the process restarts (data loss on restart).
 # - Not suitable for multi-instance deployments: the revocation list is not shared between instances.
 #   A token revoked in one instance will not be recognized as revoked in others.
 # 
 # For production, use a persistent and shared store (e.g., Redis or a database).
 _REVOKED_TOKENS: set[str] = set()
 # Bearer token regex
 _BEARER_RE = re.compile(r"^[Bb]earer\s+(.+)$")
 def extract_bearer_token(request: Request) -> Optional[str]:
    auth = request.headers.get("authorization")
    if not auth:
        return None
    m = _BEARER_RE.match(auth)
    if not m:
        return None
    return m.group(1).strip()
 def revoke_token(token: str) -> None:
    if token:
        _REVOKED_TOKENS.add(token)
 def is_token_revoked(token: str) -> bool:
    return token in _REVOKED_TOKENS
 def decode_and_verify_jwt(token: str, secret: str) -> dict:
    """
    Decode the JWT using the shared secret, verifying expiration and signature.
    Audience is not verified here to be compatible with fastapi-users default tokens.
    Raises jwt.ExpiredSignatureError if expired.
    Raises jwt.InvalidTokenError for other issues.
    Returns the decoded payload dict on success.
    """
    return jwt.decode(
        token,
        secret,
        algorithms=["HS256"],
        options={"verify_aud": False},
    )  # verify_exp is True by default
--- a/7project/backend/app/models/transaction.py
+++ b/7project/backend/app/models/transaction.py
@@ -1,22 +1,15 @@
 import os
 from fastapi_users_db_sqlalchemy import GUID
-from sqlalchemy import Column, Integer, String, Float, ForeignKey, Date, func
+from sqlalchemy import Column, Integer, String, Float, ForeignKey
 from sqlalchemy.orm import relationship
 from sqlalchemy_utils import EncryptedType
 from sqlalchemy_utils.types.encrypted.encrypted_type import FernetEngine
 from app.core.base import Base
 from app.models.categories import association_table
 SECRET_KEY = os.environ.get("DB_ENCRYPTION_KEY", "localdev")
 class Transaction(Base):
    __tablename__ = "transaction"
    id = Column(Integer, primary_key=True, autoincrement=True)
-    amount = Column(EncryptedType(Float, SECRET_KEY, engine=FernetEngine), nullable=False)
+    amount = Column(Float, nullable=False)
-    description = Column(EncryptedType(String(length=255), SECRET_KEY, engine=FernetEngine), nullable=True)
+    description = Column(String(length=255), nullable=True)
    date = Column(Date, nullable=False, server_default=func.current_date())
    user_id = Column(GUID, ForeignKey("user.id"), nullable=False)
    # Relationship
--- a/7project/backend/app/models/user.py
+++ b/7project/backend/app/models/user.py
@@ -1,8 +1,6 @@
 from sqlalchemy import Column, String
 from sqlalchemy.orm import relationship, mapped_column, Mapped
 from fastapi_users.db import SQLAlchemyBaseUserTableUUID, SQLAlchemyBaseOAuthAccountTableUUID
 from sqlalchemy.sql.sqltypes import JSON
 from app.core.base import Base
@@ -15,7 +13,6 @@ class User(SQLAlchemyBaseUserTableUUID, Base):
    first_name = Column(String(length=100), nullable=True)
    last_name = Column(String(length=100), nullable=True)
    oauth_accounts = relationship("OAuthAccount", lazy="joined")
    config = Column(JSON, default={})
    # Relationship
    transactions = relationship("Transaction", back_populates="user")
--- a/7project/backend/app/oauth/csas.py
+++ b/7project/backend/app/oauth/csas.py
@@ -1,33 +0,0 @@
 import os
 from os.path import dirname, join
 from typing import Optional, Any
 import httpx
 from httpx_oauth.exceptions import GetProfileError
 from httpx_oauth.oauth2 import BaseOAuth2
 import app.services.db
 BASE_DIR = dirname(__file__)
 certs = (
    join(BASE_DIR, "public_key.pem"),
    join(BASE_DIR, "private_key.key")
 )
 class CSASOAuth(BaseOAuth2):
    def __init__(self, client_id: str, client_secret: str):
        super().__init__(
            client_id,
            client_secret,
            base_scopes=["aisp"],
            authorize_endpoint="https://webapi.developers.erstegroup.com/api/csas/sandbox/v1/sandbox-idp/auth",
            access_token_endpoint="https://webapi.developers.erstegroup.com/api/csas/sandbox/v1/sandbox-idp/token",
            refresh_token_endpoint="https://webapi.developers.erstegroup.com/api/csas/sandbox/v1/sandbox-idp/token"
        )
--- a/7project/backend/app/oauth/moje_id.py
+++ b/7project/backend/app/oauth/moje_id.py
@@ -11,7 +11,7 @@ class MojeIDOAuth(CustomOpenID):
        super().__init__(
            client_id,
            client_secret,
-            "https://mojeid.cz/.well-known/openid-configuration/",
+            "https://mojeid.regtest.nic.cz/.well-known/openid-configuration/",
            "MojeID",
            base_scopes=["openid", "email", "profile"],
        )
--- a/7project/backend/app/oauth/private_key.key
+++ b/7project/backend/app/oauth/private_key.key
@@ -1,28 +0,0 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDcr/oxgV074ETd
 DkP/0l8LFnRofru+m2wNNG/ttVCioTqwnvR4oYxwq3U9qIBsT0D+Rx/Ef7qcpzqf
 /w9xt6Hosdv6I5jMHGaVQqLiPuV26/a7WvcmU+PpYuEBmbBHjGVJRBwgPtlUW1VL
 M8Pht9YiaagEKvFa6SUidZLfPv+ECohqgH4mgMrEcG/BTnry0/5xQdadRC9o25cl
 NtZIesS5GPeelhggFTkbh/FaxvMXhIAaRXT61cnxgxtfM71h5ObX5Lwle9z5a+Tw
 xgQhSQq1jbHALYvTwsc4Q/NQGXpGNWy599sb7dg5AkPFSSF4ceXBo/2jOaZCqWrt
 FVONZ+blAgMBAAECggEBAJwQbrRXsaFIRiq1jez5znC+3m+PQCHZM55a+NR3pqB7
 uE9y+ZvdUr3S4sRJxxfRLDsl/Rcu5L8nm9PNwhQ/MmamcNQCHGoro3fmed3ZcNia
 og94ktMt/DztygUhtIHEjVQ0sFc1WufG9xiJcPrM0MfhRAo+fBQ4UCSAVO8/U98B
 a4yukrPNeEA03hyjLB9W41pNQfyOtAHqzwDg9Q5XVaGMCLZT1bjCIquUcht5iMva
 tiw3cwdiYIklLTzTCsPPK9A/AlWZyUXL8KxtN0mU0kkwlXqASoXZ2nqdkhjRye/V
 3JXOmlDtDaJCqWDpH2gHLxMCl7OjfPvuD66bAT3H63kCgYEA5zxW/l6oI3gwYW7+
 j6rEjA2n8LikVnyW2e/PZ7pxBH3iBFe2DHx/imeqd/0IzixcM1zZT/V+PTFPQizG
 lOU7stN6Zg/LuRdxneHPyLWCimJP7BBJCWyJkuxKy9psokyBhGSLR/phL3fP7UkB
 o2I3vGmTFu5A0FzXcNH/cXPMdy8CgYEA9FJw3kyzXlInhJ6Cd63mckLPLYDArUsm
 THBoeH2CVTBS5g0bCbl7N1ZxUoYwZPD4lg5V0nWhZALGf+85ULSjX03PMf1cc6WW
 EIbZIo9hX+mGRa/FudDd+TlbtBnn0jucwABuLQi9mIepE55Hu9tw5/FT3cHeZVQc
 cC0T6ulVvisCgYBCzFeFG+sOdAXl356B+h7VJozBKVWv9kXNp00O9fj4BzVnc78P
 VFezr8a66snEZWQtIkFUq+JP4xK2VyD2mlHoktbk7OM5EOCtbzILFQQk3cmgtAOl
 SUlkvAXPZcXEDL3NdQ4XOOkiQUY7kb97Z0AamZT4JtNqXaeO29si9wS12QKBgHYg
 Hd3864Qg6GZgVOgUNiTsVErFw2KFwQCYIIqQ9CDH+myrzXTILuC0dJnXszI6p5W1
 XJ0irmMyTFKykN2KWKrNbe3Xd4mad5GKARWKiSPcPkUXFNwgNhI3PzU2iTTGCaVz
 D9HKNhC3FnIbxsb29AHQViITh7kqD43U3ZpoMkJ9AoGAZ+sg+CPfuo3ZMpbcdb3B
 ZX2UhAvNKxgHvNnHOjO+pvaM7HiH+BT0650brfBWQ0nTG1dt18mCevVk1UM/5hO9
 AtZw06vCLOJ3p3qpgkSlRZ1H7VokG9M8Od0zXqtJrmeLeBq7dfuDisYOuA+NUEbJ
 UM/UHByieS6ywetruz0LpM0=
 -----END RSA PRIVATE KEY-----
--- a/7project/backend/app/oauth/public_key.pem
+++ b/7project/backend/app/oauth/public_key.pem
@@ -1,31 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIFSTCCAzGgAwIBAgIEAQIDBDANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMC
 Q1oxDjAMBgNVBAcTBUN6ZWNoMRMwEQYDVQQKEwpFcnN0ZUdyb3VwMRUwEwYDVQQL
 EwxFcnN0ZUh1YlRlYW0xETAPBgNVBAMTCEVyc3RlSHViMSIwIAYJKoZIhvcNAQkB
 FhNpbmZvQGVyc3RlZ3JvdXAuY29tMB4XDTIyMTIxNDA4MDc1N1oXDTI2MDMxNDA4
 MDc1N1owUjEaMBgGA1UEYRMRUFNEQ1otQ05CLTEyMzQ1NjcxCzAJBgNVBAYTAkNa
 MRYwFAYDVQQDEw1UUFAgVGVzdCBRV0FDMQ8wDQYDVQQKEwZNeSBUUFAwggEiMA0G
 CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcr/oxgV074ETdDkP/0l8LFnRofru+
 m2wNNG/ttVCioTqwnvR4oYxwq3U9qIBsT0D+Rx/Ef7qcpzqf/w9xt6Hosdv6I5jM
 HGaVQqLiPuV26/a7WvcmU+PpYuEBmbBHjGVJRBwgPtlUW1VLM8Pht9YiaagEKvFa
 6SUidZLfPv+ECohqgH4mgMrEcG/BTnry0/5xQdadRC9o25clNtZIesS5GPeelhgg
 FTkbh/FaxvMXhIAaRXT61cnxgxtfM71h5ObX5Lwle9z5a+TwxgQhSQq1jbHALYvT
 wsc4Q/NQGXpGNWy599sb7dg5AkPFSSF4ceXBo/2jOaZCqWrtFVONZ+blAgMBAAGj
 gfcwgfQwCwYDVR0PBAQDAgHGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
 AjCBrwYIKwYBBQUHAQMEgaIwgZ8wCAYGBACORgEBMAsGBgQAjkYBAwIBFDAIBgYE
 AI5GAQQwEwYGBACORgEGMAkGBwQAjkYBBgMwZwYGBACBmCcCMF0wTDARBgcEAIGY
 JwEBDAZQU1BfQVMwEQYHBACBmCcBAgwGUFNQX1BJMBEGBwQAgZgnAQMMBlBTUF9B
 STARBgcEAIGYJwEEDAZQU1BfSUMMBUVyc3RlDAZBVC1FUlMwFAYDVR0RBA0wC4IJ
 bXl0cHAuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQBlTMPSwz46GMRBEPcy+25gV7xE
 5aFS5N6sf3YQyFelRJgPxxPxTHo55WelcK4XmXRQKeQ4VoKf4FgP0Cj74+p0N0gw
 wFJDWPGXH3SdjAXPRtG+FOiHwUSoyrmvbL4kk6Vbrd4cF+qe0BlzHzJ2Q6vFLwsk
 NYvWzkY9YjoItB38nAnQhyYgl1yHUK/uDWyrwHVfZn1AeTws/hr/KufORuiQfaTU
 kvAH1nzi7WSJ6AIQCd2exUEPx/O14Y+oCoJhTVd+RpA/9lkcqebceBijj47b2bvv
 QbjymvyTXqHd3L224Y7zVmh95g+CaJ8PRpApdrImfjfDDRy8PaFWx2pd/v0UQgrQ
 lgbO6jE7ah/tS0T5q5JtwnLAiOOqHPaKRvo5WB65jcZ2fvOH/0/oZ89noxp1Ihus
 vvsjqc9k2h9Rvt2pEjVU40HtQZ6XCmWqgFwK3n9CHrKNV/GqgANIZRNcvXKMCUoB
 VoJORVwi2DF4caKSFmyEWuK+5FyCEILtQ60SY/NHVGsUeOuN7OTjZjECARO6p4hz
 Uw+GCIXrzmIjS6ydh/LRef+NK28+xTbjmLHu/wnHg9rrHEnTPd39is+byfS7eeLV
 Dld/0Xrv88C0wxz63dcwAceiahjyz2mbQm765tOf9rK7EqsvT5M8EXFJ3dP4zwqS
 6mNFoIa0XGbAUT3E1w==
 -----END CERTIFICATE-----
--- a/7project/backend/app/schemas/category.py
+++ b/7project/backend/app/schemas/category.py
@@ -11,11 +11,6 @@ class CategoryCreate(CategoryBase):
    pass
 class CategoryUpdate(BaseModel):
    name: Optional[str] = None
    description: Optional[str] = None
 class CategoryRead(CategoryBase):
    id: int
    model_config = ConfigDict(from_attributes=True)
--- a/7project/backend/app/schemas/transaction.py
+++ b/7project/backend/app/schemas/transaction.py
@@ -1,13 +1,10 @@
-from typing import List, Optional, Union
+from typing import List, Optional
 from datetime import date
 from pydantic import BaseModel, Field, ConfigDict
 class TransactionBase(BaseModel):
    amount: float = Field(..., gt=-1e18, lt=1e18)
    description: Optional[str] = None
    # accept either ISO date string or date object
    date: Optional[Union[date, str]] = None
 class TransactionCreate(TransactionBase):
    category_ids: Optional[List[int]] = None
@@ -15,12 +12,10 @@ class TransactionCreate(TransactionBase):
 class TransactionUpdate(BaseModel):
    amount: Optional[float] = Field(None, gt=-1e18, lt=1e18)
    description: Optional[str] = None
    # accept either ISO date string or date object
    date: Optional[Union[date, str]] = None
    category_ids: Optional[List[int]] = None
 class TransactionRead(TransactionBase):
    id: int
    category_ids: List[int] = []
-    date: Optional[Union[date, str]]
+
    model_config = ConfigDict(from_attributes=True)
--- a/7project/backend/app/services/bank_scraper.py
+++ b/7project/backend/app/services/bank_scraper.py
@@ -1,121 +0,0 @@
 import json
 import logging
 from os.path import dirname, join
 from uuid import UUID
 import httpx
 from sqlalchemy import select
 from app.core.db import async_session_maker
 from app.models.user import User
 logger = logging.getLogger(__name__)
 # Reuse CSAS mTLS certs used by OAuth profile calls
 OAUTH_DIR = join(dirname(__file__), "..", "oauth")
 CERTS = (
    join(OAUTH_DIR, "public_key.pem"),
    join(OAUTH_DIR, "private_key.key"),
 )
 async def aload_ceska_sporitelna_transactions(user_id: str) -> None:
    """
    Async entry point to load Česká spořitelna transactions for a single user.
    Validates the user_id and performs a minimal placeholder action.
    """
    try:
        uid = UUID(str(user_id))
    except Exception:
        logger.error("Invalid user_id provided to bank_scraper (async): %r", user_id)
        return
    await _aload_ceska_sporitelna_transactions(uid)
 async def aload_all_ceska_sporitelna_transactions() -> None:
    """
    Async entry point to load Česká spořitelna transactions for all users.
    """
    async with async_session_maker() as session:
        result = await session.execute(select(User))
        users = result.unique().scalars().all()
        logger.info("[BankScraper] Starting CSAS scrape for all users | count=%d", len(users))
    processed = 0
    for user in users:
        try:
            await _aload_ceska_sporitelna_transactions(user.id)
            processed += 1
        except Exception:
            logger.exception("[BankScraper] Error scraping for user id=%s email=%s", user.id,
                             getattr(user, 'email', None))
    logger.info("[BankScraper] Finished CSAS scrape for all users | processed=%d", processed)
 async def _aload_ceska_sporitelna_transactions(user_id: UUID) -> None:
    async with async_session_maker() as session:
        result = await session.execute(select(User).where(User.id == user_id))
        user: User = result.unique().scalar_one_or_none()
        if user is None:
            logger.warning("User not found for id=%s", user_id)
            return
        cfg = user.config or {}
        if "csas" not in cfg:
            return
        cfg = json.loads(cfg["csas"])
        if "access_token" not in cfg:
            return
        accounts = []
        try:
            async with httpx.AsyncClient(cert=CERTS, timeout=httpx.Timeout(20.0)) as client:
                response = await client.get(
                    "https://webapi.developers.erstegroup.com/api/csas/sandbox/v4/account-information/my/accounts?size=10&page=0&sort=iban&order=desc",
                    headers={
                        "Authorization": f"Bearer {cfg['access_token']}",
                        "WEB-API-key": "09fdc637-3c57-4242-95f2-c2205a2438f3",
                        "user-involved": "false",
                    },
                )
                if response.status_code != httpx.codes.OK:
                    return
                for account in response.json()["accounts"]:
                    accounts.append(account)
        except (httpx.HTTPError,) as e:
            logger.exception("[BankScraper] HTTP error during CSAS request | user_id=%s", user_id)
            return
        for account in accounts:
            id = account["id"]
            url = f"https://webapi.developers.erstegroup.com/api/csas/sandbox/v4/account-information/my/accounts/{id}/transactions?size=100&page=0&sort=bookingdate&order=desc"
            async with httpx.AsyncClient(cert=CERTS) as client:
                response = await client.get(
                    url,
                    headers={
                        "Authorization": f"Bearer {cfg['access_token']}",
                        "WEB-API-key": "09fdc637-3c57-4242-95f2-c2205a2438f3",
                        "user-involved": "false",
                    },
                )
                if response.status_code != httpx.codes.OK:
                    continue
                # Placeholder: just print the account transactions
                transactions = response.json()["transactions"]
                pass
            for transaction in transactions:
                #parse and store transaction to database
                #create Transaction object and save to DB
                #obj =
                pass
            pass
--- a/7project/backend/app/services/user_service.py
+++ b/7project/backend/app/services/user_service.py
@@ -14,7 +14,6 @@ from httpx_oauth.oauth2 import BaseOAuth2
 from app.models.user import User
 from app.oauth.bank_id import BankID
 from app.oauth.csas import CSASOAuth
 from app.oauth.custom_openid import CustomOpenID
 from app.oauth.moje_id import MojeIDOAuth
 from app.services.db import get_user_db
@@ -33,7 +32,7 @@ providers = {
    "BankID": BankID(
        os.getenv("BANKID_CLIENT_ID", "CHANGE_ME_CLIENT_ID"),
        os.getenv("BANKID_CLIENT_SECRET", "CHANGE_ME_CLIENT_SECRET"),
-    ),
+    )
 }
@@ -102,7 +101,7 @@ bearer_transport = BearerTransport(tokenUrl="auth/jwt/login")
 def get_jwt_strategy() -> JWTStrategy:
-    return JWTStrategy(secret=SECRET, lifetime_seconds=604800)
+    return JWTStrategy(secret=SECRET, lifetime_seconds=3600)
 auth_backend = AuthenticationBackend(
--- a/7project/backend/app/workers/celery_tasks.py
+++ b/7project/backend/app/workers/celery_tasks.py
@@ -1,10 +1,7 @@
 import logging
 import asyncio
 from celery import shared_task
 import app.services.bank_scraper
 logger = logging.getLogger("celery_tasks")
 if not logger.handlers:
    _h = logging.StreamHandler()
@@ -12,72 +9,6 @@ if not logger.handlers:
 logger.setLevel(logging.INFO)
 def run_coro(coro) -> None:
    """Run an async coroutine in a fresh event loop without using run_until_complete.
    Primary strategy runs in a new loop in the current thread. If that fails due to
    debugger patches (e.g., Bad file descriptor from pydevd_nest_asyncio), fall back
    to running in a dedicated thread with its own event loop.
    """
    import threading
    def _cleanup_loop(loop):
        try:
            pending = [t for t in asyncio.all_tasks(loop) if not t.done()]
            for t in pending:
                t.cancel()
            if pending:
                loop.run_until_complete(asyncio.gather(*pending, return_exceptions=True))
        except Exception:
            pass
        finally:
            try:
                loop.close()
            finally:
                asyncio.set_event_loop(None)
    # First attempt: Run in current thread with a fresh event loop
    try:
        loop = asyncio.get_event_loop_policy().new_event_loop()
        try:
            asyncio.set_event_loop(loop)
            task = loop.create_task(coro)
            task.add_done_callback(lambda _t: loop.stop())
            loop.run_forever()
            exc = task.exception()
            if exc:
                raise exc
            return
        finally:
            _cleanup_loop(loop)
    except OSError as e:
        logger.warning("run_coro primary strategy failed (%s). Falling back to thread runner.", e)
    except Exception:
        # For any other unexpected errors, try thread fallback as well
        logger.exception("run_coro primary strategy raised; attempting thread fallback")
    # Fallback: Run in a dedicated thread with its own event loop
    error = {"exc": None}
    def _thread_target():
        loop = asyncio.new_event_loop()
        try:
            asyncio.set_event_loop(loop)
            task = loop.create_task(coro)
            task.add_done_callback(lambda _t: loop.stop())
            loop.run_forever()
            exc = task.exception()
            if exc:
                error["exc"] = exc
        finally:
            _cleanup_loop(loop)
    th = threading.Thread(target=_thread_target, name="celery-async-runner", daemon=True)
    th.start()
    th.join()
    if error["exc"] is not None:
        raise error["exc"]
@shared_task(name="workers.send_email")
 def send_email(to: str, subject: str, body: str) -> None:
    if not (to and subject and body):
@@ -86,22 +17,3 @@ def send_email(to: str, subject: str, body: str) -> None:
    # Placeholder for real email sending logic
    logger.info("[Celery] Email sent | to=%s | subject=%s | body_len=%d", to, subject, len(body))
@shared_task(name="workers.load_transactions")
 def load_transactions(user_id: str) -> None:
    if not user_id:
        logger.error("Load transactions task missing user_id.")
        return
    run_coro(app.services.bank_scraper.aload_ceska_sporitelna_transactions(user_id))
    # Placeholder for real transaction loading logic
    logger.info("[Celery] Transactions loaded for user_id=%s", user_id)
@shared_task(name="workers.load_all_transactions")
 def load_all_transactions() -> None:
    logger.info("[Celery] Starting load_all_transactions")
    run_coro(app.services.bank_scraper.aload_all_ceska_sporitelna_transactions())
    logger.info("[Celery] Finished load_all_transactions")
--- a/7project/backend/pyproject.toml
+++ b/7project/backend/pyproject.toml
@@ -1,5 +0,0 @@
 [tool.pytest.ini_options]
 pythonpath = "."
 asyncio_mode = "auto"
 asyncio_default_fixture_loop_scope = "session"
 asyncio_default_test_loop_scope = "session"
--- a/7project/backend/requirements.txt
+++ b/7project/backend/requirements.txt
@@ -50,17 +50,14 @@ python-dateutil==2.9.0.post0
 python-dotenv==1.1.1
 python-multipart==0.0.20
 PyYAML==6.0.2
 sentry-sdk==2.42.0
 six==1.17.0
 sniffio==1.3.1
 SQLAlchemy==2.0.43
 SQLAlchemy-Utils==0.42.0
 starlette==0.48.0
 tomli==2.2.1
 typing-inspection==0.4.1
 typing_extensions==4.15.0
 tzdata==2025.2
 urllib3==2.5.0
 uvicorn==0.37.0
 uvloop==0.21.0
 vine==5.1.0
--- a/7project/backend/tests/conftest.py
+++ b/7project/backend/tests/conftest.py
@@ -1,44 +0,0 @@
 import sys
 import uuid
 import types
 import pytest
 from fastapi.testclient import TestClient
 from httpx import AsyncClient, ASGITransport
 # Stub sentry_sdk to avoid optional dependency issues during import of app
 stub = types.ModuleType("sentry_sdk")
 stub.init = lambda *args, **kwargs: None
 sys.modules.setdefault("sentry_sdk", stub)
 # Import the FastAPI application
 from app.app import fastApi as app  # noqa: E402
@pytest.fixture(scope="session")
 def fastapi_app():
    return app
@pytest.fixture(scope="session")
 def client(fastapi_app):
    return TestClient(fastapi_app, raise_server_exceptions=True)
@pytest.fixture(scope="function")
 async def test_user(fastapi_app):
    """
    Creates a new user asynchronously and returns their credentials.
    Does NOT log them in.
    Using AsyncClient with ASGITransport avoids event loop conflicts with DB connections.
    """
    unique_email = f"testuser_{uuid.uuid4()}@example.com"
    password = "a_strong_password"
    user_payload = {"email": unique_email, "password": password}
    transport = ASGITransport(app=fastapi_app, raise_app_exceptions=True)
    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
        response = await ac.post("/auth/register", json=user_payload)
        assert response.status_code == 201
    return {"username": unique_email, "password": password}
--- a/7project/backend/tests/test_e2e_auth_flow.py
+++ b/7project/backend/tests/test_e2e_auth_flow.py
@@ -1,98 +0,0 @@
 import pytest
 import uuid
 from httpx import AsyncClient, ASGITransport
 from fastapi import status
 def test_e2e_minimal_auth_flow(client):
    # 1) Service is alive
    alive = client.get("/")
    assert alive.status_code == status.HTTP_200_OK
    # 2) Attempt to login without payload should fail fast (validation error)
    login = client.post("/auth/jwt/login")
    assert login.status_code in (status.HTTP_400_BAD_REQUEST, status.HTTP_422_UNPROCESSABLE_CONTENT)
    # 3) Protected endpoint should not be accessible without token
    me = client.get("/users/me")
    assert me.status_code in (status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN)
@pytest.mark.asyncio
 async def test_e2e_full_user_lifecycle(fastapi_app, test_user):
    # Use an AsyncClient with ASGITransport for async tests
    transport = ASGITransport(app=fastapi_app, raise_app_exceptions=True)
    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
        login_payload = test_user
        # 1. Log in with the new credentials
        login_resp = await ac.post("/auth/jwt/login", data=login_payload)
        assert login_resp.status_code == status.HTTP_200_OK
        token = login_resp.json()["access_token"]
        headers = {"Authorization": f"Bearer {token}"}
        # 2. Access a protected endpoint
        me_resp = await ac.get("/users/me", headers=headers)
        assert me_resp.status_code == status.HTTP_200_OK
        assert me_resp.json()["email"] == test_user["username"]
        # 3. Update the user's profile
        update_payload = {"first_name": "Test"}
        patch_resp = await ac.patch("/users/me", json=update_payload, headers=headers)
        assert patch_resp.status_code == status.HTTP_200_OK
        assert patch_resp.json()["first_name"] == "Test"
        # 4. Log out
        logout_resp = await ac.post("/auth/jwt/logout", headers=headers)
        assert logout_resp.status_code in (status.HTTP_200_OK, status.HTTP_204_NO_CONTENT)
        # 5. Verify token is invalid
        me_again_resp = await ac.get("/users/me", headers=headers)
        assert me_again_resp.status_code == status.HTTP_401_UNAUTHORIZED
@pytest.mark.asyncio
 async def test_e2e_transaction_workflow(fastapi_app, test_user):
    transport = ASGITransport(app=fastapi_app, raise_app_exceptions=True)
    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
        # 1. Log in to get the token
        login_resp = await ac.post("/auth/jwt/login", data=test_user)
        token = login_resp.json()["access_token"]
        headers = {"Authorization": f"Bearer {token}"}
        # NEW STEP: Create a category first to get a valid ID
        category_payload = {"name": "Test Category for E2E"}
        create_category_resp = await ac.post("/categories/create", json=category_payload, headers=headers)
        assert create_category_resp.status_code == status.HTTP_201_CREATED
        category_id = create_category_resp.json()["id"]
        # 2. Create a new transaction
        tx_payload = {"amount": -55.40, "description": "Milk and eggs"}
        tx_resp = await ac.post("/transactions/create", json=tx_payload, headers=headers)
        assert tx_resp.status_code == status.HTTP_201_CREATED
        tx_id = tx_resp.json()["id"]
        # 3. Assign the category
        assign_resp = await ac.post(f"/transactions/{tx_id}/categories/{category_id}", headers=headers)
        assert assign_resp.status_code == status.HTTP_200_OK
        # 4. Verify assignment
        get_tx_resp = await ac.get(f"/transactions/{tx_id}", headers=headers)
        assert category_id in get_tx_resp.json()["category_ids"]
        # 5. Unassign the category
        unassign_resp = await ac.delete(f"/transactions/{tx_id}/categories/{category_id}", headers=headers)
        assert unassign_resp.status_code == status.HTTP_200_OK
        # 6. Get the transaction again and verify the category is gone
        get_tx_again_resp = await ac.get(f"/transactions/{tx_id}", headers=headers)
        final_tx_data = get_tx_again_resp.json()
        assert category_id not in final_tx_data["category_ids"]
        # 7. Delete the transaction for cleanup
        delete_resp = await ac.delete(f"/transactions/{tx_id}/delete", headers=headers)
        assert delete_resp.status_code in (status.HTTP_200_OK, status.HTTP_204_NO_CONTENT)
        # NEW STEP: Clean up the created category
        delete_category_resp = await ac.delete(f"/categories/{category_id}", headers=headers)
        assert delete_category_resp.status_code in (status.HTTP_200_OK, status.HTTP_204_NO_CONTENT)
--- a/7project/backend/tests/test_integration_app.py
+++ b/7project/backend/tests/test_integration_app.py
@@ -1,66 +0,0 @@
 from fastapi import status
 import pytest
 from httpx import AsyncClient, ASGITransport
 def test_root_ok(client):
    resp = client.get("/")
    assert resp.status_code == status.HTTP_200_OK
    assert resp.json() == {"status": "ok"}
 def test_authenticated_route_requires_auth(client):
    resp = client.get("/authenticated-route")
    assert resp.status_code in (status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN)
@pytest.mark.asyncio
 async def test_create_and_get_category(fastapi_app, test_user):
    # Use AsyncClient for async tests
    transport = ASGITransport(app=fastapi_app)
    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
        # 1. Log in to get an auth token
        login_resp = await ac.post("/auth/jwt/login", data=test_user)
        token = login_resp.json()["access_token"]
        headers = {"Authorization": f"Bearer {token}"}
        # 2. Define and create the new category
        category_name = "Async Integration Test"
        category_payload = {"name": category_name}
        create_resp = await ac.post("/categories/create", json=category_payload, headers=headers)
        # 3. Assert creation was successful
        assert create_resp.status_code == status.HTTP_201_CREATED
        created_data = create_resp.json()
        category_id = created_data["id"]
        assert created_data["name"] == category_name
        # 4. GET the list of categories to verify
        list_resp = await ac.get("/categories/", headers=headers)
        assert list_resp.status_code == status.HTTP_200_OK
        # 5. Check that our new category is in the list
        categories_list = list_resp.json()
        assert any(cat["name"] == category_name for cat in categories_list)
        delete_resp = await ac.delete(f"/categories/{category_id}", headers=headers)
        assert delete_resp.status_code in (status.HTTP_200_OK, status.HTTP_204_NO_CONTENT)
@pytest.mark.asyncio
 async def test_create_transaction_missing_amount_fails(fastapi_app, test_user):
    transport = ASGITransport(app=fastapi_app)
    async with AsyncClient(transport=transport, base_url="http://testserver") as ac:
        # 1. Log in to get an auth token
        login_resp = await ac.post("/auth/jwt/login", data=test_user)
        token = login_resp.json()["access_token"]
        headers = {"Authorization": f"Bearer {token}"}
        # 2. Define an invalid payload
        invalid_payload = {"description": "This should fail"}
        # 3. Attempt to create the transaction
        resp = await ac.post("/transactions/create", json=invalid_payload, headers=headers)
        # 4. Assert the expected validation error
        assert resp.status_code == status.HTTP_422_UNPROCESSABLE_ENTITY
--- a/7project/backend/tests/test_unit_user_service.py
+++ b/7project/backend/tests/test_unit_user_service.py
@@ -1,55 +0,0 @@
 import types
 import asyncio
 import pytest
 from app.services import user_service
 def test_get_oauth_provider_known_unknown():
    # Known providers should return a provider instance
    bankid = user_service.get_oauth_provider("BankID")
    mojeid = user_service.get_oauth_provider("MojeID")
    assert bankid is not None
    assert mojeid is not None
    # Unknown should return None
    assert user_service.get_oauth_provider("DoesNotExist") is None
 def test_get_jwt_strategy_lifetime():
    strategy = user_service.get_jwt_strategy()
    assert strategy is not None
    # Basic smoke check: strategy has a lifetime set to 604800
    assert getattr(strategy, "lifetime_seconds", None) in (604800,)
@pytest.mark.asyncio
 async def test_on_after_request_verify_enqueues_email(monkeypatch):
    calls = {}
    def fake_enqueue_email(to: str, subject: str, body: str):
        calls.setdefault("emails", []).append({
            "to": to,
            "subject": subject,
            "body": body,
        })
    # Patch the enqueue_email used inside user_service
    monkeypatch.setattr(user_service, "enqueue_email", fake_enqueue_email)
    class DummyUser:
        def __init__(self, email):
            self.email = email
    mgr = user_service.UserManager(user_db=None)  # user_db not needed for this method
    user = DummyUser("test@example.com")
    # Call the hook
    await mgr.on_after_request_verify(user, token="abc123", request=None)
    # Verify one email has been enqueued with expected content
    assert len(calls.get("emails", [])) == 1
    email = calls["emails"][0]
    assert email["to"] == "test@example.com"
    assert "ověření účtu" in email["subject"].lower()
    assert "abc123" in email["body"]
--- a/7project/charts/myapp-chart/templates/NOTES.txt
+++ b/7project/charts/myapp-chart/templates/NOTES.txt
@@ -0,0 +1,54 @@
 Thank you for installing myapp-chart.
 This chart packages all Kubernetes manifests from the original deployment directory and parameterizes environment, database name (with optional PR suffix), image, and domain for external access.
 Namespaces per developer (important):
 - Install each developer's environment into their own namespace using Helm's -n/--namespace flag.
 - No hardcoded namespace is used in templates; resources are created in .Release.Namespace.
 - Example namespaces: dev-alice, dev-bob, pr-123, etc.
 Key values:
 - deployment -> used as Database CR name and DB username (MARIADB_DB and MARIADB_USER)
 - image.repository/tag or image.digest -> container image
 - domain -> public FQDN used by TunnelBinding (required to expose app)
 - app/worker names, replicas, ports
 Examples:
 - Dev install (Alice):
  helm upgrade --install myapp ./7project/charts/myapp-chart \
    -n dev-alice --create-namespace \
    -f values-dev.yaml \
    --set domain=alice.demo.example.com \
    --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
    --set-string database.password="$DB_PASSWORD"
 - Dev install (Bob):
  helm upgrade --install myapp ./7project/charts/myapp-chart \
    -n dev-bob --create-namespace \
    -f values-dev.yaml \
    --set domain=bob.demo.example.com
 - Prod install (different cleanupPolicy):
  helm upgrade --install myapp ./7project/charts/myapp-chart \
    -n prod --create-namespace \
    -f values-prod.yaml \
    --set domain=app.example.com
 - PR (preview) install with DB name containing PR number (also its own namespace):
  PR=123
  helm upgrade --install myapp-pr-$PR ./7project/charts/myapp-chart \
    -n pr-$PR --create-namespace \
    -f values-dev.yaml \
    --set prNumber=$PR \
    --set deployment=preview-$PR \
    --set domain=pr-$PR.example.com
 - Use a custom deployment identifier to suffix DB name, DB username and Secret name:
  helm upgrade --install myapp ./7project/charts/myapp-chart \
    -n dev-alice --create-namespace \
    -f values-dev.yaml \
    --set deployment=alice \
    --set domain=alice.demo.example.com
 Render locally (dry run):
  helm template ./7project/charts/myapp-chart -f values-dev.yaml --set prNumber=456 --set deployment=test --set domain=demo.example.com --namespace dev-test | sed -n '/kind: Database/,$p' | head -n 30
--- a/7project/charts/myapp-chart/templates/app-deployment.yaml
+++ b/7project/charts/myapp-chart/templates/app-deployment.yaml
@@ -29,27 +29,21 @@ spec:
            - name: MARIADB_PORT
              value: '3306'
            - name: MARIADB_DB
-              valueFrom:
+              value: {{ required "Set .Values.deployment" .Values.deployment | quote }}
                secretKeyRef:
                  name: prod
                  key: MARIADB_DB
            - name: MARIADB_USER
-              valueFrom:
+              value: {{ required "Set .Values.deployment" .Values.deployment | quote }}
                secretKeyRef:
                  name: prod
                  key: MARIADB_USER
            - name: MARIADB_PASSWORD
              valueFrom:
                secretKeyRef:
-                  name: prod
+                  name: {{ required "Set .Values.database.secretName" .Values.database.secretName }}
-                  key: MARIADB_PASSWORD
+                  key: password
            - name: RABBITMQ_USERNAME
              value: {{ .Values.rabbitmq.username | quote }}
            - name: RABBITMQ_PASSWORD
              valueFrom:
                secretKeyRef:
-                  name: prod
+                  name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
-                  key: RABBITMQ_PASSWORD
+                  key: password
            - name: RABBITMQ_HOST
              value: {{ printf "%s.%s.svc.cluster.local" "rabbitmq-cluster" .Release.Namespace | quote }}
            - name: RABBITMQ_PORT
@@ -58,54 +52,6 @@ spec:
              value: {{ .Values.rabbitmq.vhost | default "/" | quote }}
            - name: MAIL_QUEUE
              value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }}
            - name: MOJEID_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: prod
                  key: MOJEID_CLIENT_ID
            - name: MOJEID_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: prod
                  key: MOJEID_CLIENT_SECRET
            - name: BANKID_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: prod
                  key: BANKID_CLIENT_ID
            - name: BANKID_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: prod
                  key: BANKID_CLIENT_SECRET
            - name: CSAS_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: prod
                  key: CSAS_CLIENT_ID
            - name: CSAS_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: prod
                  key: CSAS_CLIENT_SECRET
            - name: DOMAIN
              value: {{ required "Set .Values.domain" .Values.domain | quote }}
            - name: DOMAIN_SCHEME
              value: {{ required "Set .Values.domain_scheme" .Values.domain_scheme | quote }}
            - name: FRONTEND_DOMAIN
              value: {{ required "Set .Values.frontend_domain" .Values.frontend_domain | quote }}
            - name: FRONTEND_DOMAIN_SCHEME
              value: {{ required "Set .Values.frontend_domain_scheme" .Values.frontend_domain_scheme | quote }}
            - name: SENTRY_DSN
              valueFrom:
                secretKeyRef:
                  name: prod
                  key: SENTRY_DSN
            - name: DB_ENCRYPTION_KEY
              valueFrom:
                secretKeyRef:
                  name: prod
                  key: DB_ENCRYPTION_KEY
          livenessProbe:
            httpGet:
              path: /
--- a/7project/charts/myapp-chart/templates/prod.yaml
+++ b/7project/charts/myapp-chart/templates/prod.yaml
@@ -1,21 +0,0 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: prod
 type: Opaque
 stringData:
  MOJEID_CLIENT_ID: {{ .Values.oauth.mojeid.clientId | quote }}
  MOJEID_CLIENT_SECRET: {{ .Values.oauth.mojeid.clientSecret | quote }}
  BANKID_CLIENT_ID: {{ .Values.oauth.bankid.clientId | quote }}
  BANKID_CLIENT_SECRET: {{ .Values.oauth.bankid.clientSecret | quote }}
  CSAS_CLIENT_ID: {{ .Values.oauth.csas.clientId | quote }}
  CSAS_CLIENT_SECRET: {{ .Values.oauth.csas.clientSecret | quote }}
  # Database credentials
  MARIADB_DB: {{ required "Set .Values.deployment" .Values.deployment | quote }}
  MARIADB_USER: {{ required "Set .Values.deployment" .Values.deployment | quote }}
  MARIADB_PASSWORD: {{ .Values.database.password | default "" | quote }}
  # RabbitMQ credentials
  RABBITMQ_PASSWORD: {{ .Values.rabbitmq.password | default "" | quote }}
  RABBITMQ_USERNAME: {{ .Values.rabbitmq.username | quote }}
  SENTRY_DSN: {{ .Values.sentry_dsn | quote }}
  DB_ENCRYPTION_KEY: {{ required "Set .Values.database.encryptionSecret" .Values.database.encryptionSecret | quote }}
--- a/7project/charts/myapp-chart/templates/worker-deployment.yaml
+++ b/7project/charts/myapp-chart/templates/worker-deployment.yaml
@@ -31,32 +31,13 @@ spec:
            - --loglevel
            - INFO
          env:
            - name: MARIADB_HOST
              value: "mariadb-repl-maxscale-internal.mariadb-operator.svc.cluster.local"
            - name: MARIADB_PORT
              value: '3306'
            - name: MARIADB_DB
              valueFrom:
                secretKeyRef:
                  name: prod
                  key: MARIADB_DB
            - name: MARIADB_USER
              valueFrom:
                secretKeyRef:
                  name: prod
                  key: MARIADB_USER
            - name: MARIADB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: prod
                  key: MARIADB_PASSWORD
            - name: RABBITMQ_USERNAME
              value: {{ .Values.rabbitmq.username | quote }}
            - name: RABBITMQ_PASSWORD
              valueFrom:
                secretKeyRef:
-                  name: prod
+                  name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
-                  key: RABBITMQ_PASSWORD
+                  key: password
            - name: RABBITMQ_HOST
              value: {{ printf "%s.%s.svc.cluster.local" "rabbitmq-cluster" .Release.Namespace | quote }}
            - name: RABBITMQ_PORT
@@ -65,23 +46,3 @@ spec:
              value: {{ .Values.rabbitmq.vhost | default "/" | quote }}
            - name: MAIL_QUEUE
              value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }}
            - name: SENTRY_DSN
              valueFrom:
                secretKeyRef:
                  name: prod
                  key: SENTRY_DSN
            - name: CSAS_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: prod
                  key: CSAS_CLIENT_ID
            - name: CSAS_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: prod
                  key: CSAS_CLIENT_SECRET
            - name: DB_ENCRYPTION_KEY
              valueFrom:
                secretKeyRef:
                  name: prod
                  key: DB_ENCRYPTION_KEY
--- a/7project/charts/myapp-chart/values.yaml
+++ b/7project/charts/myapp-chart/values.yaml
@@ -11,12 +11,6 @@ deployment: ""
 # Public domain to expose the app under (used by TunnelBinding fqdn)
 # Set at install time: --set domain=example.com
 domain: ""
 domain_scheme: ""
 frontend_domain: ""
 frontend_domain_scheme: ""
 sentry_dsn: ""
 image:
  repository: lukastrkan/cc-app-demo
@@ -39,17 +33,6 @@ worker:
 service:
  port: 80
 oauth:
  bankid:
    clientId: ""
    clientSecret: ""
  mojeid:
    clientId: ""
    clientSecret: ""
  csas:
    clientId: ""
    clientSecret: ""
 rabbitmq:
  create: true
  replicas: 1
@@ -75,4 +58,3 @@ database:
  userName: app-demo-user
  secretName: app-demo-database-secret
  password: ""
  encryptionSecret: ""
--- a/7project/deployment/app-demo-database-grant.yaml
+++ b/7project/deployment/app-demo-database-grant.yaml
@@ -0,0 +1,20 @@
 apiVersion: k8s.mariadb.com/v1alpha1
 kind: Grant
 metadata:
  name: grant
 spec:
  mariaDbRef:
    name: mariadb-repl
    namespace: mariadb-operator
  privileges:
    - "ALL PRIVILEGES"
  database: "app-demo-database"
  table: "*"
  username: "app-demo-user"
  grantOption: true
  host: "%"
  # Delete the resource in the database whenever the CR gets deleted.
  # Alternatively, you can specify Skip in order to omit deletion.
  cleanupPolicy: Skip
  requeueInterval: 10h
  retryInterval: 30s
--- a/7project/deployment/app-demo-database-secret.yaml
+++ b/7project/deployment/app-demo-database-secret.yaml
@@ -0,0 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: app-demo-database-secret
 type: kubernetes.io/basic-auth
 stringData:
  password: "strongpassword"
--- a/7project/deployment/app-demo-database-user.yaml
+++ b/7project/deployment/app-demo-database-user.yaml
@@ -0,0 +1,20 @@
 apiVersion: k8s.mariadb.com/v1alpha1
 kind: User
 metadata:
  name: app-demo-user
 spec:
  # If you want the user to be created with a different name than the resource name
  # name: user-custom
  mariaDbRef:
    name: mariadb-repl
    namespace: mariadb-operator
  passwordSecretKeyRef:
    name: app-demo-database-secret
    key: password
  maxUserConnections: 20
  host: "%"
  # Delete the resource in the database whenever the CR gets deleted.
  # Alternatively, you can specify Skip in order to omit deletion.
  cleanupPolicy: Skip
  requeueInterval: 10h
  retryInterval: 30s
--- a/7project/deployment/app-demo-database.yaml
+++ b/7project/deployment/app-demo-database.yaml
@@ -0,0 +1,15 @@
 apiVersion: k8s.mariadb.com/v1alpha1
 kind: Database
 metadata:
  name: app-demo-database
 spec:
  mariaDbRef:
    name: mariadb-repl
    namespace: mariadb-operator
  characterSet: utf8
  collate: utf8_general_ci
  # Delete the resource in the database whenever the CR gets deleted.
  # Alternatively, you can specify Skip in order to omit deletion.
  cleanupPolicy: Skip
  requeueInterval: 10h
  retryInterval: 30s
--- a/7project/deployment/app-demo-deployment.yaml
+++ b/7project/deployment/app-demo-deployment.yaml
@@ -0,0 +1,48 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: app-demo
 spec:
  replicas: 3
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app: app-demo
  template:
    metadata:
      labels:
        app: app-demo
    spec:
      containers:
        - image: lukastrkan/cc-app-demo@sha256:75634b4d97282b6b8424fe17767c81adf44af5f7359c1d25883073b5629b3e05
          name: app-demo
          ports:
            - containerPort: 8000
          env:
            - name: MARIADB_HOST
              value: mariadb-repl.mariadb-operator.svc.cluster.local
            - name: MARIADB_PORT
              value: '3306'
            - name: MARIADB_DB
              value: app-demo-database
            - name: MARIADB_USER
              value: app-demo-user
            - name: MARIADB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: app-demo-database-secret
                  key: password
          livenessProbe:
            httpGet:
              path: /
              port: 8000
            initialDelaySeconds: 10
            periodSeconds: 10
            failureThreshold: 3
          readinessProbe:
            httpGet:
              path: /
              port: 8000
            initialDelaySeconds: 10
            periodSeconds: 10
            failureThreshold: 3
--- a/7project/deployment/app-demo-svc.yaml
+++ b/7project/deployment/app-demo-svc.yaml
@@ -0,0 +1,10 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: app-demo
 spec:
  ports:
  - port: 80
    targetPort: 8000
  selector:
    app: app-demo
--- a/7project/deployment/app-demo-worker-deployment.yaml
+++ b/7project/deployment/app-demo-worker-deployment.yaml
@@ -0,0 +1,41 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: app-demo-worker
 spec:
  replicas: 3
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app: app-demo-worker
  template:
    metadata:
      labels:
        app: app-demo-worker
    spec:
      containers:
        - image: lukastrkan/cc-app-demo@sha256:75634b4d97282b6b8424fe17767c81adf44af5f7359c1d25883073b5629b3e05
          name: app-demo-worker
          command:
            - celery
            - -A
            - app.celery_app
            - worker
            - -Q
            - $(MAIL_QUEUE)
            - --loglevel
            - INFO
          env:
            - name: RABBITMQ_USERNAME
              value: demo-app
            - name: RABBITMQ_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: demo-app-user-credentials
                  key: password
            - name: RABBITMQ_HOST
              value: rabbitmq.rabbitmq.svc.cluster.local
            - name: RABBITMQ_PORT
              value: '5672'
            - name: RABBITMQ_VHOST
              value: "/"
--- a/7project/deployment/tunnel.yaml
+++ b/7project/deployment/tunnel.yaml
@@ -0,0 +1,14 @@
 apiVersion: networking.cfargotunnel.com/v1alpha1
 kind: TunnelBinding
 metadata:
  name: guestbook-tunnel-binding
  namespace: group-project
 subjects:
  - name: app-server
    spec:
      target: http://app-demo.group-project.svc.cluster.local
      fqdn: demo.ltrk.cz
      noTlsVerify: true
 tunnelRef:
  kind: ClusterTunnel
  name: cluster-tunnel
--- a/7project/frontend/package-lock.json
+++ b/7project/frontend/package-lock.json
@@ -9,8 +9,7 @@
      "version": "0.0.0",
      "dependencies": {
        "react": "^19.1.1",
-        "react-dom": "^19.1.1",
+        "react-dom": "^19.1.1"
        "recharts": "^3.3.0"
      },
      "devDependencies": {
        "@eslint/js": "^9.36.0",
@@ -1048,32 +1047,6 @@
        "node": ">= 8"
      }
    },
    "node_modules/@reduxjs/toolkit": {
      "version": "2.9.1",
      "resolved": "https://registry.npmjs.org/@reduxjs/toolkit/-/toolkit-2.9.1.tgz",
      "integrity": "sha512-sETJ3qO72y7L7WiR5K54UFLT3jRzAtqeBPVO15xC3bGA6kDqCH8m/v7BKCPH4czydXzz/1lPEGLvew7GjOO3Qw==",
      "license": "MIT",
      "dependencies": {
        "@standard-schema/spec": "^1.0.0",
        "@standard-schema/utils": "^0.3.0",
        "immer": "^10.0.3",
        "redux": "^5.0.1",
        "redux-thunk": "^3.1.0",
        "reselect": "^5.1.0"
      },
      "peerDependencies": {
        "react": "^16.9.0 || ^17.0.0 || ^18 || ^19",
        "react-redux": "^7.2.1 || ^8.1.3 || ^9.0.0"
      },
      "peerDependenciesMeta": {
        "react": {
          "optional": true
        },
        "react-redux": {
          "optional": true
        }
      }
    },
    "node_modules/@rolldown/pluginutils": {
      "version": "1.0.0-beta.38",
      "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-beta.38.tgz",
@@ -1389,18 +1362,6 @@
        "win32"
      ]
    },
    "node_modules/@standard-schema/spec": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/@standard-schema/spec/-/spec-1.0.0.tgz",
      "integrity": "sha512-m2bOd0f2RT9k8QJx1JN85cZYyH1RqFBdlwtkSlf4tBDYLCiiZnv1fIIwacK6cqwXavOydf0NPToMQgpKq+dVlA==",
      "license": "MIT"
    },
    "node_modules/@standard-schema/utils": {
      "version": "0.3.0",
      "resolved": "https://registry.npmjs.org/@standard-schema/utils/-/utils-0.3.0.tgz",
      "integrity": "sha512-e7Mew686owMaPJVNNLs55PUvgz371nKgwsc4vxE49zsODpJEnxgxRo2y/OKrqueavXgZNMDVj3DdHFlaSAeU8g==",
      "license": "MIT"
    },
    "node_modules/@types/babel__core": {
      "version": "7.20.5",
      "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz",
@@ -1446,69 +1407,6 @@
        "@babel/types": "^7.28.2"
      }
    },
    "node_modules/@types/d3-array": {
      "version": "3.2.2",
      "resolved": "https://registry.npmjs.org/@types/d3-array/-/d3-array-3.2.2.tgz",
      "integrity": "sha512-hOLWVbm7uRza0BYXpIIW5pxfrKe0W+D5lrFiAEYR+pb6w3N2SwSMaJbXdUfSEv+dT4MfHBLtn5js0LAWaO6otw==",
      "license": "MIT"
    },
    "node_modules/@types/d3-color": {
      "version": "3.1.3",
      "resolved": "https://registry.npmjs.org/@types/d3-color/-/d3-color-3.1.3.tgz",
      "integrity": "sha512-iO90scth9WAbmgv7ogoq57O9YpKmFBbmoEoCHDB2xMBY0+/KVrqAaCDyCE16dUspeOvIxFFRI+0sEtqDqy2b4A==",
      "license": "MIT"
    },
    "node_modules/@types/d3-ease": {
      "version": "3.0.2",
      "resolved": "https://registry.npmjs.org/@types/d3-ease/-/d3-ease-3.0.2.tgz",
      "integrity": "sha512-NcV1JjO5oDzoK26oMzbILE6HW7uVXOHLQvHshBUW4UMdZGfiY6v5BeQwh9a9tCzv+CeefZQHJt5SRgK154RtiA==",
      "license": "MIT"
    },
    "node_modules/@types/d3-interpolate": {
      "version": "3.0.4",
      "resolved": "https://registry.npmjs.org/@types/d3-interpolate/-/d3-interpolate-3.0.4.tgz",
      "integrity": "sha512-mgLPETlrpVV1YRJIglr4Ez47g7Yxjl1lj7YKsiMCb27VJH9W8NVM6Bb9d8kkpG/uAQS5AmbA48q2IAolKKo1MA==",
      "license": "MIT",
      "dependencies": {
        "@types/d3-color": "*"
      }
    },
    "node_modules/@types/d3-path": {
      "version": "3.1.1",
      "resolved": "https://registry.npmjs.org/@types/d3-path/-/d3-path-3.1.1.tgz",
      "integrity": "sha512-VMZBYyQvbGmWyWVea0EHs/BwLgxc+MKi1zLDCONksozI4YJMcTt8ZEuIR4Sb1MMTE8MMW49v0IwI5+b7RmfWlg==",
      "license": "MIT"
    },
    "node_modules/@types/d3-scale": {
      "version": "4.0.9",
      "resolved": "https://registry.npmjs.org/@types/d3-scale/-/d3-scale-4.0.9.tgz",
      "integrity": "sha512-dLmtwB8zkAeO/juAMfnV+sItKjlsw2lKdZVVy6LRr0cBmegxSABiLEpGVmSJJ8O08i4+sGR6qQtb6WtuwJdvVw==",
      "license": "MIT",
      "dependencies": {
        "@types/d3-time": "*"
      }
    },
    "node_modules/@types/d3-shape": {
      "version": "3.1.7",
      "resolved": "https://registry.npmjs.org/@types/d3-shape/-/d3-shape-3.1.7.tgz",
      "integrity": "sha512-VLvUQ33C+3J+8p+Daf+nYSOsjB4GXp19/S/aGo60m9h1v6XaxjiT82lKVWJCfzhtuZ3yD7i/TPeC/fuKLLOSmg==",
      "license": "MIT",
      "dependencies": {
        "@types/d3-path": "*"
      }
    },
    "node_modules/@types/d3-time": {
      "version": "3.0.4",
      "resolved": "https://registry.npmjs.org/@types/d3-time/-/d3-time-3.0.4.tgz",
      "integrity": "sha512-yuzZug1nkAAaBlBBikKZTgzCeA+k1uy4ZFwWANOfKw5z5LRhV0gNA7gNkKm7HoK+HRN0wX3EkxGk0fpbWhmB7g==",
      "license": "MIT"
    },
    "node_modules/@types/d3-timer": {
      "version": "3.0.2",
      "resolved": "https://registry.npmjs.org/@types/d3-timer/-/d3-timer-3.0.2.tgz",
      "integrity": "sha512-Ps3T8E8dZDam6fUyNiMkekK3XUsaUEik+idO9/YjPtfj2qruF8tFBXS7XhtE4iIXBLxhmLjP3SXpLhVf21I9Lw==",
      "license": "MIT"
    },
    "node_modules/@types/estree": {
      "version": "1.0.8",
      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz",
@@ -1537,7 +1435,7 @@
      "version": "19.2.0",
      "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.0.tgz",
      "integrity": "sha512-1LOH8xovvsKsCBq1wnT4ntDUdCJKmnEakhsuoUSy6ExlHCkGP2hqnatagYTgFk6oeL0VU31u7SNjunPN+GchtA==",
-      "devOptional": true,
+      "dev": true,
      "license": "MIT",
      "dependencies": {
        "csstype": "^3.0.2"
@@ -1553,12 +1451,6 @@
        "@types/react": "^19.2.0"
      }
    },
    "node_modules/@types/use-sync-external-store": {
      "version": "0.0.6",
      "resolved": "https://registry.npmjs.org/@types/use-sync-external-store/-/use-sync-external-store-0.0.6.tgz",
      "integrity": "sha512-zFDAD+tlpf2r4asuHEj0XH6pY6i0g5NeAHPn+15wk3BV6JA69eERFXC1gyGThDkVa1zCyKr5jox1+2LbV/AMLg==",
      "license": "MIT"
    },
    "node_modules/@typescript-eslint/eslint-plugin": {
      "version": "8.45.0",
      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.45.0.tgz",
@@ -2037,15 +1929,6 @@
        "url": "https://github.com/chalk/chalk?sponsor=1"
      }
    },
    "node_modules/clsx": {
      "version": "2.1.1",
      "resolved": "https://registry.npmjs.org/clsx/-/clsx-2.1.1.tgz",
      "integrity": "sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==",
      "license": "MIT",
      "engines": {
        "node": ">=6"
      }
    },
    "node_modules/color-convert": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
@@ -2099,130 +1982,9 @@
      "version": "3.1.3",
      "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.3.tgz",
      "integrity": "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw==",
-      "devOptional": true,
+      "dev": true,
      "license": "MIT"
    },
    "node_modules/d3-array": {
      "version": "3.2.4",
      "resolved": "https://registry.npmjs.org/d3-array/-/d3-array-3.2.4.tgz",
      "integrity": "sha512-tdQAmyA18i4J7wprpYq8ClcxZy3SC31QMeByyCFyRt7BVHdREQZ5lpzoe5mFEYZUWe+oq8HBvk9JjpibyEV4Jg==",
      "license": "ISC",
      "dependencies": {
        "internmap": "1 - 2"
      },
      "engines": {
        "node": ">=12"
      }
    },
    "node_modules/d3-color": {
      "version": "3.1.0",
      "resolved": "https://registry.npmjs.org/d3-color/-/d3-color-3.1.0.tgz",
      "integrity": "sha512-zg/chbXyeBtMQ1LbD/WSoW2DpC3I0mpmPdW+ynRTj/x2DAWYrIY7qeZIHidozwV24m4iavr15lNwIwLxRmOxhA==",
      "license": "ISC",
      "engines": {
        "node": ">=12"
      }
    },
    "node_modules/d3-ease": {
      "version": "3.0.1",
      "resolved": "https://registry.npmjs.org/d3-ease/-/d3-ease-3.0.1.tgz",
      "integrity": "sha512-wR/XK3D3XcLIZwpbvQwQ5fK+8Ykds1ip7A2Txe0yxncXSdq1L9skcG7blcedkOX+ZcgxGAmLX1FrRGbADwzi0w==",
      "license": "BSD-3-Clause",
      "engines": {
        "node": ">=12"
      }
    },
    "node_modules/d3-format": {
      "version": "3.1.0",
      "resolved": "https://registry.npmjs.org/d3-format/-/d3-format-3.1.0.tgz",
      "integrity": "sha512-YyUI6AEuY/Wpt8KWLgZHsIU86atmikuoOmCfommt0LYHiQSPjvX2AcFc38PX0CBpr2RCyZhjex+NS/LPOv6YqA==",
      "license": "ISC",
      "engines": {
        "node": ">=12"
      }
    },
    "node_modules/d3-interpolate": {
      "version": "3.0.1",
      "resolved": "https://registry.npmjs.org/d3-interpolate/-/d3-interpolate-3.0.1.tgz",
      "integrity": "sha512-3bYs1rOD33uo8aqJfKP3JWPAibgw8Zm2+L9vBKEHJ2Rg+viTR7o5Mmv5mZcieN+FRYaAOWX5SJATX6k1PWz72g==",
      "license": "ISC",
      "dependencies": {
        "d3-color": "1 - 3"
      },
      "engines": {
        "node": ">=12"
      }
    },
    "node_modules/d3-path": {
      "version": "3.1.0",
      "resolved": "https://registry.npmjs.org/d3-path/-/d3-path-3.1.0.tgz",
      "integrity": "sha512-p3KP5HCf/bvjBSSKuXid6Zqijx7wIfNW+J/maPs+iwR35at5JCbLUT0LzF1cnjbCHWhqzQTIN2Jpe8pRebIEFQ==",
      "license": "ISC",
      "engines": {
        "node": ">=12"
      }
    },
    "node_modules/d3-scale": {
      "version": "4.0.2",
      "resolved": "https://registry.npmjs.org/d3-scale/-/d3-scale-4.0.2.tgz",
      "integrity": "sha512-GZW464g1SH7ag3Y7hXjf8RoUuAFIqklOAq3MRl4OaWabTFJY9PN/E1YklhXLh+OQ3fM9yS2nOkCoS+WLZ6kvxQ==",
      "license": "ISC",
      "dependencies": {
        "d3-array": "2.10.0 - 3",
        "d3-format": "1 - 3",
        "d3-interpolate": "1.2.0 - 3",
        "d3-time": "2.1.1 - 3",
        "d3-time-format": "2 - 4"
      },
      "engines": {
        "node": ">=12"
      }
    },
    "node_modules/d3-shape": {
      "version": "3.2.0",
      "resolved": "https://registry.npmjs.org/d3-shape/-/d3-shape-3.2.0.tgz",
      "integrity": "sha512-SaLBuwGm3MOViRq2ABk3eLoxwZELpH6zhl3FbAoJ7Vm1gofKx6El1Ib5z23NUEhF9AsGl7y+dzLe5Cw2AArGTA==",
      "license": "ISC",
      "dependencies": {
        "d3-path": "^3.1.0"
      },
      "engines": {
        "node": ">=12"
      }
    },
    "node_modules/d3-time": {
      "version": "3.1.0",
      "resolved": "https://registry.npmjs.org/d3-time/-/d3-time-3.1.0.tgz",
      "integrity": "sha512-VqKjzBLejbSMT4IgbmVgDjpkYrNWUYJnbCGo874u7MMKIWsILRX+OpX/gTk8MqjpT1A/c6HY2dCA77ZN0lkQ2Q==",
      "license": "ISC",
      "dependencies": {
        "d3-array": "2 - 3"
      },
      "engines": {
        "node": ">=12"
      }
    },
    "node_modules/d3-time-format": {
      "version": "4.1.0",
      "resolved": "https://registry.npmjs.org/d3-time-format/-/d3-time-format-4.1.0.tgz",
      "integrity": "sha512-dJxPBlzC7NugB2PDLwo9Q8JiTR3M3e4/XANkreKSUxF8vvXKqm1Yfq4Q5dl8budlunRVlUUaDUgFt7eA8D6NLg==",
      "license": "ISC",
      "dependencies": {
        "d3-time": "1 - 3"
      },
      "engines": {
        "node": ">=12"
      }
    },
    "node_modules/d3-timer": {
      "version": "3.0.1",
      "resolved": "https://registry.npmjs.org/d3-timer/-/d3-timer-3.0.1.tgz",
      "integrity": "sha512-ndfJ/JxxMd3nw31uyKoY2naivF+r29V+Lc0svZxe1JvvIRmi8hUsrMvdOwgS1o6uBHmiz91geQ0ylPP0aj1VUA==",
      "license": "ISC",
      "engines": {
        "node": ">=12"
      }
    },
    "node_modules/debug": {
      "version": "4.4.3",
      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
@@ -2241,12 +2003,6 @@
        }
      }
    },
    "node_modules/decimal.js-light": {
      "version": "2.5.1",
      "resolved": "https://registry.npmjs.org/decimal.js-light/-/decimal.js-light-2.5.1.tgz",
      "integrity": "sha512-qIMFpTMZmny+MMIitAB6D7iVPEorVw6YQRWkvarTkT4tBeSLLiHzcwj6q0MmYSFCiVpiqPJTJEYIrpcPzVEIvg==",
      "license": "MIT"
    },
    "node_modules/deep-is": {
      "version": "0.1.4",
      "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz",
@@ -2261,16 +2017,6 @@
      "dev": true,
      "license": "ISC"
    },
    "node_modules/es-toolkit": {
      "version": "1.40.0",
      "resolved": "https://registry.npmjs.org/es-toolkit/-/es-toolkit-1.40.0.tgz",
      "integrity": "sha512-8o6w0KFmU0CiIl0/Q/BCEOabF2IJaELM1T2PWj6e8KqzHv1gdx+7JtFnDwOx1kJH/isJ5NwlDG1nCr1HrRF94Q==",
      "license": "MIT",
      "workspaces": [
        "docs",
        "benchmarks"
      ]
    },
    "node_modules/esbuild": {
      "version": "0.25.10",
      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.10.tgz",
@@ -2514,12 +2260,6 @@
        "node": ">=0.10.0"
      }
    },
    "node_modules/eventemitter3": {
      "version": "5.0.1",
      "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-5.0.1.tgz",
      "integrity": "sha512-GWkBvjiSZK87ELrYOSESUYeVIc9mvLLf/nXalMOS5dYrgZq9o5OVkbZAVM06CVxYsCwH9BDZFPlQTlPA1j4ahA==",
      "license": "MIT"
    },
    "node_modules/fast-deep-equal": {
      "version": "3.1.3",
      "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
@@ -2723,16 +2463,6 @@
        "node": ">= 4"
      }
    },
    "node_modules/immer": {
      "version": "10.1.3",
      "resolved": "https://registry.npmjs.org/immer/-/immer-10.1.3.tgz",
      "integrity": "sha512-tmjF/k8QDKydUlm3mZU+tjM6zeq9/fFpPqH9SzWmBnVVKsPBg/V66qsMwb3/Bo90cgUN+ghdVBess+hPsxUyRw==",
      "license": "MIT",
      "funding": {
        "type": "opencollective",
        "url": "https://opencollective.com/immer"
      }
    },
    "node_modules/import-fresh": {
      "version": "3.3.1",
      "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.1.tgz",
@@ -2760,15 +2490,6 @@
        "node": ">=0.8.19"
      }
    },
    "node_modules/internmap": {
      "version": "2.0.3",
      "resolved": "https://registry.npmjs.org/internmap/-/internmap-2.0.3.tgz",
      "integrity": "sha512-5Hh7Y1wQbvY5ooGgPbDaL5iYLAPzMTUrjMulskHLH6wnv/A+1q5rgEaiuqEjB+oxGXIVZs1FF+R/KPN3ZSQYYg==",
      "license": "ISC",
      "engines": {
        "node": ">=12"
      }
    },
    "node_modules/is-extglob": {
      "version": "2.1.1",
      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
@@ -3204,36 +2925,6 @@
        "react": "^19.2.0"
      }
    },
    "node_modules/react-is": {
      "version": "19.2.0",
      "resolved": "https://registry.npmjs.org/react-is/-/react-is-19.2.0.tgz",
      "integrity": "sha512-x3Ax3kNSMIIkyVYhWPyO09bu0uttcAIoecO/um/rKGQ4EltYWVYtyiGkS/3xMynrbVQdS69Jhlv8FXUEZehlzA==",
      "license": "MIT",
      "peer": true
    },
    "node_modules/react-redux": {
      "version": "9.2.0",
      "resolved": "https://registry.npmjs.org/react-redux/-/react-redux-9.2.0.tgz",
      "integrity": "sha512-ROY9fvHhwOD9ySfrF0wmvu//bKCQ6AeZZq1nJNtbDC+kk5DuSuNX/n6YWYF/SYy7bSba4D4FSz8DJeKY/S/r+g==",
      "license": "MIT",
      "dependencies": {
        "@types/use-sync-external-store": "^0.0.6",
        "use-sync-external-store": "^1.4.0"
      },
      "peerDependencies": {
        "@types/react": "^18.2.25 || ^19",
        "react": "^18.0 || ^19",
        "redux": "^5.0.0"
      },
      "peerDependenciesMeta": {
        "@types/react": {
          "optional": true
        },
        "redux": {
          "optional": true
        }
      }
    },
    "node_modules/react-refresh": {
      "version": "0.17.0",
      "resolved": "https://registry.npmjs.org/react-refresh/-/react-refresh-0.17.0.tgz",
@@ -3244,54 +2935,6 @@
        "node": ">=0.10.0"
      }
    },
    "node_modules/recharts": {
      "version": "3.3.0",
      "resolved": "https://registry.npmjs.org/recharts/-/recharts-3.3.0.tgz",
      "integrity": "sha512-Vi0qmTB0iz1+/Cz9o5B7irVyUjX2ynvEgImbgMt/3sKRREcUM07QiYjS1QpAVrkmVlXqy5gykq4nGWMz9AS4Rg==",
      "license": "MIT",
      "dependencies": {
        "@reduxjs/toolkit": "1.x.x || 2.x.x",
        "clsx": "^2.1.1",
        "decimal.js-light": "^2.5.1",
        "es-toolkit": "^1.39.3",
        "eventemitter3": "^5.0.1",
        "immer": "^10.1.1",
        "react-redux": "8.x.x || 9.x.x",
        "reselect": "5.1.1",
        "tiny-invariant": "^1.3.3",
        "use-sync-external-store": "^1.2.2",
        "victory-vendor": "^37.0.2"
      },
      "engines": {
        "node": ">=18"
      },
      "peerDependencies": {
        "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
        "react-dom": "^16.0.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
        "react-is": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0"
      }
    },
    "node_modules/redux": {
      "version": "5.0.1",
      "resolved": "https://registry.npmjs.org/redux/-/redux-5.0.1.tgz",
      "integrity": "sha512-M9/ELqF6fy8FwmkpnF0S3YKOqMyoWJ4+CS5Efg2ct3oY9daQvd/Pc71FpGZsVsbl3Cpb+IIcjBDUnnyBdQbq4w==",
      "license": "MIT"
    },
    "node_modules/redux-thunk": {
      "version": "3.1.0",
      "resolved": "https://registry.npmjs.org/redux-thunk/-/redux-thunk-3.1.0.tgz",
      "integrity": "sha512-NW2r5T6ksUKXCabzhL9z+h206HQw/NJkcLm1GPImRQ8IzfXwRGqjVhKJGauHirT0DAuyy6hjdnMZaRoAcy0Klw==",
      "license": "MIT",
      "peerDependencies": {
        "redux": "^5.0.0"
      }
    },
    "node_modules/reselect": {
      "version": "5.1.1",
      "resolved": "https://registry.npmjs.org/reselect/-/reselect-5.1.1.tgz",
      "integrity": "sha512-K/BG6eIky/SBpzfHZv/dd+9JBFiS4SWV7FIujVyJRux6e45+73RaUHXLmIR1f7WOMaQ0U1km6qwklRQxpJJY0w==",
      "license": "MIT"
    },
    "node_modules/resolve-from": {
      "version": "4.0.0",
      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz",
@@ -3454,12 +3097,6 @@
        "node": ">=8"
      }
    },
    "node_modules/tiny-invariant": {
      "version": "1.3.3",
      "resolved": "https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.3.3.tgz",
      "integrity": "sha512-+FbBPE1o9QAYvviau/qC5SE3caw21q3xkvWKBtja5vgqOWIHHJ3ioaq1VPfn/Szqctz2bU/oYeKd9/z5BL+PVg==",
      "license": "MIT"
    },
    "node_modules/tinyglobby": {
      "version": "0.2.15",
      "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.15.tgz",
@@ -3633,41 +3270,10 @@
        "punycode": "^2.1.0"
      }
    },
    "node_modules/use-sync-external-store": {
      "version": "1.6.0",
      "resolved": "https://registry.npmjs.org/use-sync-external-store/-/use-sync-external-store-1.6.0.tgz",
      "integrity": "sha512-Pp6GSwGP/NrPIrxVFAIkOQeyw8lFenOHijQWkUTrDvrF4ALqylP2C/KCkeS9dpUM3KvYRQhna5vt7IL95+ZQ9w==",
      "license": "MIT",
      "peerDependencies": {
        "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0"
      }
    },
    "node_modules/victory-vendor": {
      "version": "37.3.6",
      "resolved": "https://registry.npmjs.org/victory-vendor/-/victory-vendor-37.3.6.tgz",
      "integrity": "sha512-SbPDPdDBYp+5MJHhBCAyI7wKM3d5ivekigc2Dk2s7pgbZ9wIgIBYGVw4zGHBml/qTFbexrofXW6Gu4noGxrOwQ==",
      "license": "MIT AND ISC",
      "dependencies": {
        "@types/d3-array": "^3.0.3",
        "@types/d3-ease": "^3.0.0",
        "@types/d3-interpolate": "^3.0.1",
        "@types/d3-scale": "^4.0.2",
        "@types/d3-shape": "^3.1.0",
        "@types/d3-time": "^3.0.0",
        "@types/d3-timer": "^3.0.0",
        "d3-array": "^3.1.6",
        "d3-ease": "^3.0.1",
        "d3-interpolate": "^3.0.1",
        "d3-scale": "^4.0.2",
        "d3-shape": "^3.1.0",
        "d3-time": "^3.0.0",
        "d3-timer": "^3.0.1"
      }
    },
    "node_modules/vite": {
-      "version": "7.1.11",
+      "version": "7.1.9",
-      "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.11.tgz",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.9.tgz",
-      "integrity": "sha512-uzcxnSDVjAopEUjljkWh8EIrg6tlzrjFUfMcR1EVsRDGwf/ccef0qQPRyOrROwhrTDaApueq+ja+KLPlzR/zdg==",
+      "integrity": "sha512-4nVGliEpxmhCL8DslSAUdxlB6+SMrhB0a1v5ijlh1xB1nEPuy1mxaHxysVucLHuWryAxLWg6a5ei+U4TLn/rFg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
--- a/7project/frontend/package.json
+++ b/7project/frontend/package.json
@@ -11,8 +11,7 @@
  },
  "dependencies": {
    "react": "^19.1.1",
-    "react-dom": "^19.1.1",
+    "react-dom": "^19.1.1"
    "recharts": "^3.3.0"
  },
  "devDependencies": {
    "@eslint/js": "^9.36.0",
--- a/7project/frontend/src/App.css
+++ b/7project/frontend/src/App.css
@@ -0,0 +1,42 @@
 #root {
  max-width: 1280px;
  margin: 0 auto;
  padding: 2rem;
  text-align: center;
 }
 .logo {
  height: 6em;
  padding: 1.5em;
  will-change: filter;
  transition: filter 300ms;
 }
 .logo:hover {
  filter: drop-shadow(0 0 2em #646cffaa);
 }
 .logo.react:hover {
  filter: drop-shadow(0 0 2em #61dafbaa);
 }
@keyframes logo-spin {
  from {
    transform: rotate(0deg);
  }
  to {
    transform: rotate(360deg);
  }
 }
@media (prefers-reduced-motion: no-preference) {
  a:nth-of-type(2) .logo {
    animation: logo-spin infinite 20s linear;
  }
 }
 .card {
  padding: 2em;
 }
 .read-the-docs {
  color: #888;
 }
--- a/7project/frontend/src/App.tsx
+++ b/7project/frontend/src/App.tsx
@@ -1,89 +1,39 @@
-import { useEffect, useState } from 'react';
+import { useState } from 'react'
-import LoginRegisterPage from './pages/LoginRegisterPage';
+import reactLogo from './assets/react.svg'
-import Dashboard from './pages/Dashboard';
+import viteLogo from '/vite.svg'
-import { logout } from './api';
+import './App.css'
-import { BACKEND_URL } from './config';
+import { BACKEND_URL } from './config'
 function App() {
-  const [hasToken, setHasToken] = useState<boolean>(!!localStorage.getItem('token'));
+  const [count, setCount] = useState(0)
  const [processingCallback, setProcessingCallback] = useState<boolean>(false);
  useEffect(() => {
    const path = window.location.pathname;
    // Minimal handling for provider callbacks: /auth|/oauth/:provider/callback?code=...&state=...
    const parts = path.split('/').filter(Boolean);
    const isCallback = parts.length === 3 && (parts[0] === 'auth') && parts[2] === 'callback';
    if (isCallback) {
      // Guard against double invocation in React 18 StrictMode/dev
      const w = window as any;
      if (w.__oauthCallbackHandled) {
        return;
      }
      w.__oauthCallbackHandled = true;
      setProcessingCallback(true);
      const provider = parts[1];
      const qs = window.location.search || '';
      const base = BACKEND_URL.replace(/\/$/, '');
      const url = `${base}/auth/${encodeURIComponent(provider)}/callback${qs}`;
      (async () => {
        try {
          const token = localStorage.getItem('token');
          const res = await fetch(url, {
            method: 'GET',
            credentials: 'include',
            headers: token ? { Authorization: `Bearer ${token}` } : undefined,
          });
          let data: any = null;
          try {
            data = await res.json();
          } catch {}
          if (provider !== 'csas' && res.ok && data?.access_token) {
            localStorage.setItem('token', data?.access_token);
            setHasToken(true);
          }
        } catch {}
        // Clean URL and go home regardless of result
        setProcessingCallback(false);
        window.history.replaceState({}, '', '/');
      })();
    }
    const onStorage = (e: StorageEvent) => {
      if (e.key === 'token') setHasToken(!!e.newValue);
    };
    window.addEventListener('storage', onStorage);
    return () => window.removeEventListener('storage', onStorage);
  }, []);
  if (processingCallback) {
    return (
      <div style={{ display: 'grid', placeItems: 'center', height: '100vh' }}>
        <div className="card" style={{ width: 360, textAlign: 'center', padding: 24 }}>
          <div style={{ display: 'flex', flexDirection: 'column', alignItems: 'center', gap: 12 }}>
            <svg width="48" height="48" viewBox="0 0 50 50" aria-label="Loading">
              <circle cx="25" cy="25" r="20" fill="none" stroke="#3b82f6" strokeWidth="5" strokeLinecap="round" strokeDasharray="31.4 31.4">
                <animateTransform attributeName="transform" type="rotate" from="0 25 25" to="360 25 25" dur="0.9s" repeatCount="indefinite" />
              </circle>
            </svg>
            <div>Finishing sign-in…</div>
            <div className="muted">Please wait</div>
          </div>
        </div>
      </div>
    );
  }
  if (!hasToken) {
    return <LoginRegisterPage onLoggedIn={() => setHasToken(true)} />;
  }
  return (
-    <Dashboard onLogout={() => { logout(); setHasToken(false); }} />
+    <>
-  );
+      <div>
        <a href="https://vite.dev" target="_blank">
          <img src={viteLogo} className="logo" alt="Vite logo" />
        </a>
        <a href="https://react.dev" target="_blank">
          <img src={reactLogo} className="logo react" alt="React logo" />
        </a>
      </div>
      <h1>Vite + React</h1>
      <div className="card">
        <button onClick={() => setCount((count) => count + 1)}>
          count is {count}
        </button>
        <p>
          Edit <code>src/App.tsx</code> and save to test HMR
        </p>
        <p style={{ fontSize: 12, color: '#888' }}>
          Backend URL: <code>{BACKEND_URL || '(not configured)'}</code>
        </p>
      </div>
      <p className="read-the-docs">
        Click on the Vite and React logos to learn more
      </p>
    </>
  )
 }
-export default App;
+export default App
--- a/7project/frontend/src/api.ts
+++ b/7project/frontend/src/api.ts
@@ -1,227 +0,0 @@
 import { BACKEND_URL } from './config';
 export type LoginResponse = {
  access_token: string;
  token_type: string;
 };
 export type Category = {
  id: number;
  name: string;
  description?: string | null;
 };
 export type Transaction = {
  id: number;
  amount: number;
  description?: string | null;
  category_ids: number[];
  date?: string | null; // ISO date (YYYY-MM-DD)
 };
 function getBaseUrl() {
  const base = BACKEND_URL?.replace(/\/$/, '') || '';
  return base || '';
 }
 function getHeaders(contentType: 'json' | 'form' | 'none' = 'json'): Record<string, string> {
  const token = localStorage.getItem('token');
  const headers: Record<string, string> = {};
  if (contentType === 'json') {
    headers['Content-Type'] = 'application/json';
  } else if (contentType === 'form') {
    headers['Content-Type'] = 'application/x-www-form-urlencoded';
  }
  if (token) {
    headers['Authorization'] = `Bearer ${token}`;
  }
  return headers;
 }
 export async function login(email: string, password: string): Promise<void> {
  const body = new URLSearchParams();
  body.set('username', email);
  body.set('password', password);
  const res = await fetch(`${getBaseUrl()}/auth/jwt/login`, {
    method: 'POST',
    headers: {
      'Content-Type': 'application/x-www-form-urlencoded',
    },
    body: body.toString(),
  });
  if (!res.ok) {
    const text = await res.text();
    throw new Error(text || 'Login failed');
  }
  const data: LoginResponse = await res.json();
  localStorage.setItem('token', data.access_token);
 }
 export async function register(email: string, password: string, first_name?: string, last_name?: string): Promise<void> {
  const res = await fetch(`${getBaseUrl()}/auth/register`, {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ email, password, first_name, last_name }),
  });
  if (!res.ok) {
    const text = await res.text();
    throw new Error(text || 'Registration failed');
  }
 }
 export async function getCategories(): Promise<Category[]> {
  const res = await fetch(`${getBaseUrl()}/categories/`, {
    headers: getHeaders(),
  });
  if (!res.ok) throw new Error('Failed to load categories');
  return res.json();
 }
 export type CreateTransactionInput = {
  amount: number;
  description?: string;
  category_ids?: number[];
  date?: string; // YYYY-MM-DD
 };
 export async function createTransaction(input: CreateTransactionInput): Promise<Transaction> {
  const res = await fetch(`${getBaseUrl()}/transactions/create`, {
    method: 'POST',
    headers: getHeaders(),
    body: JSON.stringify(input),
  });
  if (!res.ok) {
    const text = await res.text();
    throw new Error(text || 'Failed to create transaction');
  }
  return res.json();
 }
 export async function getTransactions(start_date?: string, end_date?: string): Promise<Transaction[]> {
  const params = new URLSearchParams();
  if (start_date) params.set('start_date', start_date);
  if (end_date) params.set('end_date', end_date);
  const qs = params.toString();
  const url = `${getBaseUrl()}/transactions/${qs ? `?${qs}` : ''}`;
  const res = await fetch(url, {
    headers: getHeaders(),
  });
  if (!res.ok) throw new Error('Failed to load transactions');
  return res.json();
 }
 export type User = {
  id: string;
  email: string;
  first_name?: string | null;
  last_name?: string | null;
  is_active: boolean;
  is_superuser: boolean;
  is_verified: boolean;
 };
 export async function getMe(): Promise<User> {
  const res = await fetch(`${getBaseUrl()}/users/me`, {
    headers: getHeaders(),
  });
  if (!res.ok) throw new Error('Failed to load user');
  return res.json();
 }
 export type UpdateMeInput = Partial<Pick<User, 'first_name' | 'last_name'>> & { password?: string };
 export async function updateMe(input: UpdateMeInput): Promise<User> {
  const res = await fetch(`${getBaseUrl()}/users/me`, {
    method: 'PATCH',
    headers: getHeaders(),
    body: JSON.stringify(input),
  });
  if (!res.ok) {
    const text = await res.text();
    throw new Error(text || 'Failed to update user');
  }
  return res.json();
 }
 export async function deleteMe(): Promise<void> {
  const res = await fetch(`${getBaseUrl()}/users/me`, {
    method: 'DELETE',
    headers: getHeaders(),
  });
  if (!res.ok) {
    const text = await res.text();
    throw new Error(text || 'Failed to delete account');
  }
 }
 export function logout() {
  localStorage.removeItem('token');
 }
 // Categories
 export type CreateCategoryInput = { name: string; description?: string };
 export async function createCategory(input: CreateCategoryInput): Promise<Category> {
  const res = await fetch(`${getBaseUrl()}/categories/create`, {
    method: 'POST',
    headers: getHeaders(),
    body: JSON.stringify(input),
  });
  if (!res.ok) {
    const text = await res.text();
    throw new Error(text || 'Failed to create category');
  }
  return res.json();
 }
 export type UpdateCategoryInput = { name?: string; description?: string };
 export async function updateCategory(category_id: number, input: UpdateCategoryInput): Promise<Category> {
  const res = await fetch(`${getBaseUrl()}/categories/${category_id}`, {
    method: 'PATCH',
    headers: getHeaders(),
    body: JSON.stringify(input),
  });
  if (!res.ok) {
    const text = await res.text();
    throw new Error(text || 'Failed to update category');
  }
  return res.json();
 }
 // Transactions update
 export type UpdateTransactionInput = {
  amount?: number;
  description?: string;
  date?: string;
  category_ids?: number[];
 };
 export async function updateTransaction(id: number, input: UpdateTransactionInput): Promise<Transaction> {
  const res = await fetch(`${getBaseUrl()}/transactions/${id}/edit`, {
    method: 'PATCH',
    headers: getHeaders(),
    body: JSON.stringify(input),
  });
  if (!res.ok) {
    const text = await res.text();
    throw new Error(text || 'Failed to update transaction');
  }
  return res.json();
 }
 // Balance series
 export type BalancePoint = { date: string; balance: number };
 export async function getBalanceSeries(start_date?: string, end_date?: string): Promise<BalancePoint[]> {
  const params = new URLSearchParams();
  if (start_date) params.set('start_date', start_date);
  if (end_date) params.set('end_date', end_date);
  const qs = params.toString();
  const url = `${getBaseUrl()}/transactions/balance_series${qs ? `?${qs}` : ''}`;
  const res = await fetch(url, { headers: getHeaders() });
  if (!res.ok) {
    const text = await res.text();
    throw new Error(text || 'Failed to load balance series');
  }
  return res.json();
 }
--- a/7project/frontend/src/appearance.ts
+++ b/7project/frontend/src/appearance.ts
@@ -1,38 +0,0 @@
 export type Theme = 'system' | 'light' | 'dark';
 export type FontSize = 'small' | 'medium' | 'large';
 const THEME_KEY = 'app_theme';
 const FONT_KEY = 'app_font_size';
 export function applyTheme(theme: Theme) {
  const body = document.body;
  const effective = theme === 'system' ? (window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light') : theme;
  body.setAttribute('data-theme', effective);
 }
 export function applyFontSize(size: FontSize) {
  const root = document.documentElement;
  const map: Record<FontSize, string> = {
    small: '14px',
    medium: '18px',
    large: '22px',
  };
  root.style.fontSize = map[size];
 }
 export function saveAppearance(theme: Theme, size: FontSize) {
  localStorage.setItem(THEME_KEY, theme);
  localStorage.setItem(FONT_KEY, size);
 }
 export function loadAppearance(): { theme: Theme; size: FontSize } {
  const theme = (localStorage.getItem(THEME_KEY) as Theme) || 'light';
  const size = (localStorage.getItem(FONT_KEY) as FontSize) || 'medium';
  return { theme, size };
 }
 export function applyAppearanceFromStorage() {
  const { theme, size } = loadAppearance();
  applyTheme(theme);
  applyFontSize(size);
 }
--- a/7project/frontend/src/main.tsx
+++ b/7project/frontend/src/main.tsx
@@ -1,11 +1,7 @@
 import { StrictMode } from 'react'
 import { createRoot } from 'react-dom/client'
 import './index.css'
 import './ui.css'
 import App from './App.tsx'
 import { applyAppearanceFromStorage } from './appearance'
 applyAppearanceFromStorage()
 createRoot(document.getElementById('root')!).render(
  <StrictMode>
--- a/7project/frontend/src/pages/AccountPage.tsx
+++ b/7project/frontend/src/pages/AccountPage.tsx
@@ -1,87 +0,0 @@
 import { useEffect, useState } from 'react';
 import { deleteMe, getMe, type UpdateMeInput, type User, updateMe } from '../api';
 export default function AccountPage({ onDeleted }: { onDeleted: () => void }) {
  const [user, setUser] = useState<User | null>(null);
  const [firstName, setFirstName] = useState('');
  const [lastName, setLastName] = useState('');
  const [loading, setLoading] = useState(true);
  const [saving, setSaving] = useState(false);
  const [error, setError] = useState<string | null>(null);
  useEffect(() => {
    (async () => {
      try {
        const u = await getMe();
        setUser(u);
        setFirstName(u.first_name || '');
        setLastName(u.last_name || '');
      } catch (e: any) {
        setError(e?.message || 'Failed to load account');
      } finally {
        setLoading(false);
      }
    })();
  }, []);
  async function handleSave(e: React.FormEvent) {
    e.preventDefault();
    setSaving(true);
    setError(null);
    try {
      const payload: UpdateMeInput = { first_name: firstName || null as any, last_name: lastName || null as any };
      const updated = await updateMe(payload);
      setUser(updated);
    } catch (e: any) {
      setError(e?.message || 'Failed to update');
    } finally {
      setSaving(false);
    }
  }
  async function handleDelete() {
    if (!confirm('Are you sure you want to delete your account? This cannot be undone.')) return;
    try {
      await deleteMe();
      onDeleted();
    } catch (e: any) {
      alert(e?.message || 'Failed to delete account');
    }
  }
  return (
    <section className="card">
      <h3>Account</h3>
      {loading ? (
        <div>Loading…</div>
      ) : error ? (
        <div style={{ color: 'crimson' }}>{error}</div>
      ) : !user ? (
        <div>Not signed in</div>
      ) : (
        <div className="space-y">
          <div className="muted">Email: <strong>{user.email}</strong></div>
          <form onSubmit={handleSave} className="space-y">
            <div className="form-row">
              <div>
                <label className="muted">First name</label>
                <input className="input" value={firstName} onChange={(e) => setFirstName(e.target.value)} />
              </div>
              <div>
                <label className="muted">Last name</label>
                <input className="input" value={lastName} onChange={(e) => setLastName(e.target.value)} />
              </div>
            </div>
            <div className="actions" style={{ justifyContent: 'flex-end' }}>
              <button className="btn primary" type="submit" disabled={saving}>{saving ? 'Saving…' : 'Save changes'}</button>
            </div>
          </form>
          <div className="actions" style={{ justifyContent: 'space-between' }}>
            <div className="muted"></div>
            <button className="btn" style={{ borderColor: 'crimson', color: 'crimson' }} onClick={handleDelete}>Delete account</button>
          </div>
        </div>
      )}
    </section>
  );
 }
--- a/7project/frontend/src/pages/AppearancePage.tsx
+++ b/7project/frontend/src/pages/AppearancePage.tsx
@@ -1,49 +0,0 @@
 import { useEffect, useState } from 'react';
 import { applyFontSize, applyTheme, loadAppearance, saveAppearance, type FontSize, type Theme } from '../appearance';
 export default function AppearancePage() {
  const [theme, setTheme] = useState<Theme>('light');
  const [size, setSize] = useState<FontSize>('medium');
  useEffect(() => {
    const { theme, size } = loadAppearance();
    setTheme(theme);
    setSize(size);
  }, []);
  function onThemeChange(next: Theme) {
    setTheme(next);
    applyTheme(next);
    saveAppearance(next, size);
  }
  function onSizeChange(next: FontSize) {
    setSize(next);
    applyFontSize(next);
    saveAppearance(theme, next);
  }
  return (
    <section className="card">
      <h3>Appearance</h3>
      <div className="space-y">
        <div>
          <div className="muted" style={{ marginBottom: 6 }}>Theme</div>
          <div className="segmented">
            <button className={theme === 'light' ? 'active' : ''} onClick={() => onThemeChange('light')}>Light</button>
            <button className={theme === 'dark' ? 'active' : ''} onClick={() => onThemeChange('dark')}>Dark</button>
            <button className={theme === 'system' ? 'active' : ''} onClick={() => onThemeChange('system')}>System</button>
          </div>
        </div>
        <div>
          <div className="muted" style={{ marginBottom: 6 }}>Font size</div>
          <div className="segmented">
            <button className={size === 'small' ? 'active' : ''} onClick={() => onSizeChange('small')}>Small</button>
            <button className={size === 'medium' ? 'active' : ''} onClick={() => onSizeChange('medium')}>Medium</button>
            <button className={size === 'large' ? 'active' : ''} onClick={() => onSizeChange('large')}>Large</button>
          </div>
        </div>
      </div>
    </section>
  );
 }
--- a/7project/frontend/src/pages/BalanceChart.tsx
+++ b/7project/frontend/src/pages/BalanceChart.tsx
@@ -1,46 +0,0 @@
 // src/BalanceChart.tsx
 import { LineChart, Line, XAxis, YAxis, CartesianGrid, Tooltip, Legend, ResponsiveContainer } from 'recharts';
 import { type BalancePoint } from '../api';
 function formatAmount(n: number) {
  return new Intl.NumberFormat(undefined, { minimumFractionDigits: 2, maximumFractionDigits: 2 }).format(n);
 }
 function formatDate(dateStr: string) {
  return new Date(dateStr).toLocaleDateString(undefined, { month: 'short', day: 'numeric' });
 }
 export default function BalanceChart({ data }: { data: BalancePoint[] }) {
  if (data.length === 0) {
    return <div>No data to display</div>;
  }
  return (
    <ResponsiveContainer width="100%" height={300}>
      <LineChart
        data={data}
        // Increased 'left' margin to create more space for the Y-axis label and tick values
        margin={{ top: 5, right: 30, left: 50, bottom: 5 }} // <-- Change this line
      >
        <CartesianGrid strokeDasharray="3 3" />
        <XAxis
          dataKey="date"
          tickFormatter={formatDate}
          label={{ value: 'Date', position: 'insideBottom', offset: -5 }}
        />
        <YAxis
          tickFormatter={(value) => formatAmount(value as number)}
          // Adjusted 'offset' for the Y-axis label.
          // A negative offset moves it further away from the axis.
          label={{ value: 'Balance', angle: -90, position: 'insideLeft', offset: -30 }} // <-- Change this line
        />
        <Tooltip
          labelFormatter={formatDate}
          formatter={(value) => [formatAmount(value as number), 'Balance']}
        />
        <Legend />
        <Line type="monotone" dataKey="balance" stroke="#3b82f6" strokeWidth={2} activeDot={{ r: 8 }} />
      </LineChart>
    </ResponsiveContainer>
  );
 }
--- a/7project/frontend/src/pages/CategoryPieChart.tsx
+++ b/7project/frontend/src/pages/CategoryPieChart.tsx
@@ -1,100 +0,0 @@
 // src/CategoryPieCharts.tsx (renamed from CategoryPieChart.tsx)
 import { useMemo } from 'react';
 import { PieChart, Pie, Cell, Tooltip, Legend, ResponsiveContainer } from 'recharts';
 import { type Transaction, type Category } from '../api';
 const COLORS = ['#0088FE', '#00C49F', '#FFBB28', '#FF8042', '#AF19FF', '#FF4242', '#8884d8', '#82ca9d'];
 // Helper component for a single pie chart
 function SinglePieChart({ data, title }: { data: { name: string; value: number }[]; title: string }) {
  if (data.length === 0) {
    return (
      <div style={{ flex: 1, textAlign: 'center' }}>
        <h4>{title}</h4>
        <div>No data to display.</div>
      </div>
    );
  }
    return (
    <div style={{ flex: 1 }}>
      <h4>{title}</h4>
      <ResponsiveContainer width="100%" height={300}>
        <PieChart>
          <Pie
            data={data}
            cx="50%"
            cy="50%"
            labelLine={false}
            outerRadius={80}
            fill="#8884d8"
            dataKey="value"
            nameKey="name"
            label={(props: any) => `${props.name} ${(props.percent * 100).toFixed(0)}%`}
          >
            {data.map((_entry, index) => (
              <Cell key={`cell-${index}`} fill={COLORS[index % COLORS.length]} />
            ))}
          </Pie>
          <Tooltip formatter={(value) => new Intl.NumberFormat(undefined, { style: 'currency', currency: 'USD' }).format(value as number)} />
          <Legend />
        </PieChart>
      </ResponsiveContainer>
    </div>
  );
 }
 export default function CategoryPieCharts({ transactions, categories }: { transactions: Transaction[], categories: Category[] }) {
  // Calculate expenses data
  const expensesData = useMemo(() => {
    const spendingMap = new Map<number, number>();
    transactions.forEach(tx => {
      // Expenses are typically negative amounts in your system
      if (tx.amount < 0 && tx.category_ids.length > 0) {
        tx.category_ids.forEach(catId => {
          // Use absolute value for display on chart
          spendingMap.set(catId, (spendingMap.get(catId) || 0) + Math.abs(tx.amount));
        });
      }
    });
    return Array.from(spendingMap.entries())
      .map(([categoryId, total]) => ({
        name: categories.find(c => c.id === categoryId)?.name || `Category #${categoryId}`,
        value: total,
      }))
      .sort((a, b) => b.value - a.value); // Sort descending
  }, [transactions, categories]);
  // Calculate earnings data
  const earningsData = useMemo(() => {
    const incomeMap = new Map<number, number>();
    transactions.forEach(tx => {
      // Earnings are typically positive amounts in your system
      if (tx.amount > 0 && tx.category_ids.length > 0) {
        tx.category_ids.forEach(catId => {
          incomeMap.set(catId, (incomeMap.get(catId) || 0) + tx.amount);
        });
      }
    });
    return Array.from(incomeMap.entries())
      .map(([categoryId, total]) => ({
        name: categories.find(c => c.id === categoryId)?.name || `Category #${categoryId}`,
        value: total,
      }))
      .sort((a, b) => b.value - a.value); // Sort descending
  }, [transactions, categories]);
  return (
    <div style={{ display: 'flex', flexWrap: 'wrap', gap: '20px', justifyContent: 'center' }}>
      <SinglePieChart data={expensesData} title="Expenses by Category" />
      <SinglePieChart data={earningsData} title="Earnings by Category" />
    </div>
  );
 }
--- a/7project/frontend/src/pages/Dashboard.tsx
+++ b/7project/frontend/src/pages/Dashboard.tsx
@@ -1,385 +0,0 @@
 import { useEffect, useMemo, useState } from 'react';
 import { type Category, type Transaction, type BalancePoint, createTransaction, getCategories, getTransactions, createCategory, updateTransaction, getBalanceSeries } from '../api';
 import AccountPage from './AccountPage';
 import AppearancePage from './AppearancePage';
 import BalanceChart from './BalanceChart';
 import CategoryPieChart from './CategoryPieChart';
 import MockBankModal, { type MockGenerationOptions } from './MockBankModal';
 import { BACKEND_URL } from '../config';
 function formatAmount(n: number) {
  return new Intl.NumberFormat(undefined, { minimumFractionDigits: 2, maximumFractionDigits: 2 }).format(n);
 }
 export default function Dashboard({ onLogout }: { onLogout: () => void }) {
  const [current, setCurrent] = useState<'home' | 'account' | 'appearance'>('home');
  const [transactions, setTransactions] = useState<Transaction[]>([]);
  const [categories, setCategories] = useState<Category[]>([]);
  const [loading, setLoading] = useState(true);
  const [error, setError] = useState<string | null>(null);
  const [isMockModalOpen, setMockModalOpen] = useState(false);
  const [isGenerating, setIsGenerating] = useState(false);
  // Start CSAS (George) OAuth after login
  async function startOauthCsas() {
    const base = BACKEND_URL.replace(/\/$/, '');
    const url = `${base}/auth/csas/authorize`;
    try {
      const token = localStorage.getItem('token');
      const res = await fetch(url, {
        credentials: 'include',
        headers: token ? { Authorization: `Bearer ${token}` } : undefined,
      });
      const data = await res.json();
      if (data && typeof data.authorization_url === 'string') {
        window.location.assign(data.authorization_url);
      } else {
        alert('Cannot start CSAS OAuth.');
      }
    } catch (e) {
      alert('Cannot start CSAS OAuth.');
    }
  }
  // New transaction form state
  const [amount, setAmount] = useState<string>('');
  const [description, setDescription] = useState('');
  const [selectedCategoryId, setSelectedCategoryId] = useState<number | ''>('');
  // Filters
  const [minAmount, setMinAmount] = useState<string>('');
  const [maxAmount, setMaxAmount] = useState<string>('');
  const [filterCategoryId, setFilterCategoryId] = useState<number | ''>('');
  const [searchText, setSearchText] = useState('');
  // Date-range filter
  const [startDate, setStartDate] = useState<string>(''); // YYYY-MM-DD
  const [endDate, setEndDate] = useState<string>('');
  // Pagination over filtered transactions (20 per page), 0 = latest (most recent)
  const pageSize = 20;
  const [page, setPage] = useState<number>(0);
  // Balance chart series for current date filter
  const [balanceSeries, setBalanceSeries] = useState<BalancePoint[]>([]);
  // Category creation form
  const [newCatName, setNewCatName] = useState('');
  const [newCatDesc, setNewCatDesc] = useState('');
  // New transaction date
  const [txDate, setTxDate] = useState<string>('');
  // Inline edit state for transaction categories
  const [editingTxId, setEditingTxId] = useState<number | null>(null);
  const [editingCategoryIds, setEditingCategoryIds] = useState<number[]>([]);
  async function loadAll() {
    setLoading(true);
    setError(null);
    try {
      const [txs, cats, series] = await Promise.all([
        getTransactions(startDate || undefined, endDate || undefined),
        getCategories(),
        getBalanceSeries(startDate || undefined, endDate || undefined),
      ]);
      setTransactions(txs);
      setCategories(cats);
      setBalanceSeries(series);
      // reset paging to most recent
      setPage(0);
    } catch (err: any) {
      setError(err?.message || 'Failed to load data');
    } finally {
      setLoading(false);
    }
  }
  async function handleGenerateMockTransactions(options: MockGenerationOptions) {
    setIsGenerating(true);
    setMockModalOpen(false);
    const { count, minAmount, maxAmount, startDate, endDate, categoryIds } = options;
    const newTransactions: Transaction[] = [];
    const startDateTime = new Date(startDate).getTime();
    const endDateTime = new Date(endDate).getTime();
    for (let i = 0; i < count; i++) {
      // Generate random data based on user input
      const amount = parseFloat((Math.random() * (maxAmount - minAmount) + minAmount).toFixed(2));
      const randomTime = Math.random() * (endDateTime - startDateTime) + startDateTime;
      const date = new Date(randomTime);
      const dateString = date.toISOString().split('T')[0];
      const randomCategory = categoryIds.length > 0
        ? [categoryIds[Math.floor(Math.random() * categoryIds.length)]]
        : [];
      const payload = {
        amount,
        date: dateString,
        category_ids: randomCategory,
      };
      try {
        const created = await createTransaction(payload);
        newTransactions.push(created);
      } catch (err) {
        console.error("Failed to create mock transaction:", err);
        alert('An error occurred while generating transactions. Check the console.');
        break;
      }
    }
    setIsGenerating(false);
    alert(`${newTransactions.length} mock transactions were successfully generated!`);
    await loadAll();
  }
  useEffect(() => { loadAll(); }, [startDate, endDate]);
  const filtered = useMemo(() => {
    let arr = [...transactions];
    const min = minAmount !== '' ? Number(minAmount) : undefined;
    const max = maxAmount !== '' ? Number(maxAmount) : undefined;
    if (min !== undefined) arr = arr.filter(t => t.amount >= min);
    if (max !== undefined) arr = arr.filter(t => t.amount <= max);
    if (filterCategoryId !== '') arr = arr.filter(t => t.category_ids.includes(filterCategoryId as number));
    if (searchText.trim()) arr = arr.filter(t => (t.description || '').toLowerCase().includes(searchText.toLowerCase()));
    return arr;
  }, [transactions, minAmount, maxAmount, filterCategoryId, searchText]);
  const sortedDesc = useMemo(() => {
    return [...filtered].sort((a, b) => {
      const ad = (a.date || '') > (b.date || '') ? 1 : (a.date || '') < (b.date || '') ? -1 : 0;
      if (ad !== 0) return -ad; // date desc
      return b.id - a.id; // fallback id desc
    });
  }, [filtered]);
  const totalPages = Math.ceil(sortedDesc.length / pageSize);
  const pageStart = page * pageSize;
  const pageEnd = pageStart + pageSize;
  const visible = sortedDesc.slice(pageStart, pageEnd);
  function categoryNameById(id: number) { return categories.find(c => c.id === id)?.name || `#${id}`; }
  async function handleCreate(e: React.FormEvent) {
    e.preventDefault();
    if (!amount) return;
    const payload = {
      amount: Number(amount),
      description: description || undefined,
      category_ids: selectedCategoryId !== '' ? [Number(selectedCategoryId)] : undefined,
      date: txDate || undefined,
    };
    try {
      const created = await createTransaction(payload);
      setTransactions(prev => [created, ...prev]);
      setAmount(''); setDescription(''); setSelectedCategoryId(''); setTxDate('');
    } catch (err: any) {
      alert(err?.message || 'Failed to create transaction');
    }
  }
  function beginEditCategories(t: Transaction) {
    setEditingTxId(t.id);
    setEditingCategoryIds([...(t.category_ids || [])]);
  }
  function cancelEditCategories() {
    setEditingTxId(null);
    setEditingCategoryIds([]);
  }
  async function saveEditCategories() {
    if (editingTxId == null) return;
    try {
      const updated = await updateTransaction(editingTxId, { category_ids: editingCategoryIds });
      setTransactions(prev => prev.map(p => (p.id === updated.id ? updated : p)));
      cancelEditCategories();
    } catch (err: any) {
      alert(err?.message || 'Failed to update transaction categories');
    }
  }
  return (
    <div className="app-layout">
      <aside className="sidebar">
        <div className="logo">7Project</div>
        <nav className="nav">
          <button className={current === 'home' ? 'active' : ''} onClick={() => setCurrent('home')}>Home</button>
          <button className={current === 'account' ? 'active' : ''} onClick={() => setCurrent('account')}>Account</button>
          <button className={current === 'appearance' ? 'active' : ''} onClick={() => setCurrent('appearance')}>Appearance</button>
        </nav>
      </aside>
      <div className="content">
        <div className="topbar">
          <h2 style={{ margin: 0 }}>{current === 'home' ? 'Dashboard' : current === 'account' ? 'Account' : 'Appearance'}</h2>
          <div className="actions">
            <span className="user muted">Signed in</span>
            <button className="btn" onClick={onLogout}>Logout</button>
          </div>
        </div>
        <main className="page space-y">
          {current === 'home' && (
            <>
              <section className="card space-y">
                  <h3>Bank connections</h3>
                  <div className="connection-row">
                    <p className="muted" style={{ margin: 0 }}>Connect your CSAS (George) account.</p>
                    <button className="btn primary" onClick={startOauthCsas}>Connect CSAS (George)</button>
                  </div>
                  <div className="connection-row">
                    <p className="muted" style={{ margin: 0 }}>Generate data from a mock bank.</p>
                    <button className="btn primary" onClick={() => setMockModalOpen(true)}>Connect Mock Bank</button>
                  </div>
              </section>
              <section className="card">
                <h3>Add Transaction</h3>
                <form onSubmit={handleCreate} className="form-row">
                  <input className="input" type="number" step="0.01" placeholder="Amount" value={amount} onChange={(e) => setAmount(e.target.value)} required />
                  <input className="input" type="date" placeholder="Date (optional)" value={txDate} onChange={(e) => setTxDate(e.target.value)} />
                  <input className="input" type="text" placeholder="Description (optional)" value={description} onChange={(e) => setDescription(e.target.value)} />
                  <select className="input" value={selectedCategoryId} onChange={(e) => setSelectedCategoryId(e.target.value ? Number(e.target.value) : '')}>
                    <option value="">No category</option>
                    {categories.map(c => (<option key={c.id} value={c.id}>{c.name}</option>))}
                  </select>
                  <button className="btn primary" type="submit">Add</button>
                </form>
              </section>
              <section className="card">
                <h3>Categories</h3>
                <form className="form-row" onSubmit={async (e) => { e.preventDefault(); if (!newCatName.trim()) return; try { const cat = await createCategory({ name: newCatName.trim(), description: newCatDesc || undefined }); setCategories(prev => [...prev, cat]); setNewCatName(''); setNewCatDesc(''); } catch (err: any) { alert(err?.message || 'Failed to create category'); } }}>
                  <input className="input" type="text" placeholder="New category name" value={newCatName} onChange={(e) => setNewCatName(e.target.value)} />
                  <input className="input" type="text" placeholder="Description (optional)" value={newCatDesc} onChange={(e) => setNewCatDesc(e.target.value)} />
                  <button className="btn primary" type="submit">Create category</button>
                </form>
              </section>
              <section className="card">
                <h3>Filters</h3>
                <div className="form-row" style={{ gap: 8, flexWrap: 'wrap' }}>
                  <input className="input" type="date" placeholder="Start date" value={startDate} onChange={(e) => setStartDate(e.target.value)} />
                  <input className="input" type="date" placeholder="End date" value={endDate} onChange={(e) => setEndDate(e.target.value)} />
                  <input className="input" type="number" step="0.01" placeholder="Min amount" value={minAmount} onChange={(e) => setMinAmount(e.target.value)} />
                  <input className="input" type="number" step="0.01" placeholder="Max amount" value={maxAmount} onChange={(e) => setMaxAmount(e.target.value)} />
                  <select className="input" value={filterCategoryId} onChange={(e) => setFilterCategoryId(e.target.value ? Number(e.target.value) : '')}>
                    <option value="">All categories</option>
                    {categories.map(c => (<option key={c.id} value={c.id}>{c.name}</option>))}
                  </select>
                  <input className="input" type="text" placeholder="Search in description" value={searchText} onChange={(e) => setSearchText(e.target.value)} />
                </div>
              </section>
              <section className="card">
                <h3>Balance over time</h3>
                {loading ? (
                  <div>Loading…</div>
                ) : error ? (
                  <div style={{ color: 'crimson' }}>{error}</div>
                ) : (
                  <BalanceChart data={balanceSeries} />
                )}
              </section>
              {/* 3. Add the new section for the Category Pie Chart */}
              <section className="card">
                {loading ? (
                  <div>Loading…</div>
                ) : error ? (
                  <div style={{ color: 'crimson' }}>{error}</div>
                ) : (
                  // Pass the filtered transactions to see the breakdown for the current view
                  <CategoryPieChart transactions={filtered} categories={categories} />
                )}
              </section>
              <section className="card">
                <h3>Transactions</h3>
                {loading ? (
                  <div>Loading…</div>
                ) : error ? (
                  <div style={{ color: 'crimson' }}>{error}</div>
                ) : filtered.length === 0 ? (
                  <div>No transactions</div>
                ) : (
                  <>
                    <div className="table-controls">
                      <div className="muted">
                        Showing {visible.length} of {filtered.length} (page {Math.min(page + 1, Math.max(1, totalPages))}/{Math.max(1, totalPages)})
                      </div>
                      <div className="actions">
                        <button className="btn primary" disabled={page <= 0} onClick={() => setPage(p => Math.max(0, p - 1))}>Previous</button>
                        <button className="btn primary" disabled={page >= totalPages - 1} onClick={() => setPage(p => Math.min(totalPages - 1, p + 1))}>Next</button>
                      </div>
                    </div>
                    <table className="table">
                      <thead>
                        <tr>
                          <th>Date</th>
                          <th style={{ textAlign: 'right' }}>Amount</th>
                          <th>Description</th>
                          <th>Categories</th>
                        </tr>
                      </thead>
                      <tbody>
                        {visible.map(t => (
                          <tr key={t.id}>
                            <td>{t.date || ''}</td>
                            <td className="amount">{formatAmount(t.amount)}</td>
                            <td>{t.description || ''}</td>
                            <td>
                              {editingTxId === t.id ? (
                                <div className="space-y" style={{ display: 'flex', alignItems: 'center', gap: 8 }}>
                                  <select multiple className="input" value={editingCategoryIds.map(String)} onChange={(e) => {
                                    const opts = Array.from(e.currentTarget.selectedOptions).map(o => Number(o.value));
                                    setEditingCategoryIds(opts);
                                  }}>
                                    {categories.map(c => (
                                      <option key={c.id} value={c.id}>{c.name}</option>
                                    ))}
                                  </select>
                                  <button className="btn small" onClick={saveEditCategories}>Save</button>
                                    <button className="btn small" onClick={cancelEditCategories}>Cancel</button>
                                </div>
                              ) : (
                                <div className="space-x" style={{ display: 'flex', alignItems: 'center', gap: 8, justifyContent: 'space-between' }}>
                                  <span>{t.category_ids.map(id => categoryNameById(id)).join(', ') || '—'}</span>
                                  <button className="btn small" onClick={() => beginEditCategories(t)}>Change</button>
                                </div>
                              )}
                            </td>
                          </tr>
                        ))}
                      </tbody>
                    </table>
                  </>
                )}
              </section>
            </>
          )}
          {current === 'account' && (
            // lazy import avoided for simplicity
            <AccountPage onDeleted={onLogout} />
          )}
          {current === 'appearance' && (
            <AppearancePage />
          )}
        </main>
      </div>
        <MockBankModal
          isOpen={isMockModalOpen}
          isGenerating={isGenerating}
          categories={categories}
          onClose={() => setMockModalOpen(false)}
          onGenerate={handleGenerateMockTransactions}
        />
    </div>
  );
 }
--- a/7project/frontend/src/pages/LoginRegisterPage.tsx
+++ b/7project/frontend/src/pages/LoginRegisterPage.tsx
@@ -1,107 +0,0 @@
 import { useState, useEffect } from 'react';
 import { login, register } from '../api';
 import { BACKEND_URL } from '../config';
 // Minimal helper to start OAuth: fetch authorization_url and redirect
 async function startOauth(provider: 'mojeid' | 'bankid') {
  const base = BACKEND_URL.replace(/\/$/, '');
  const url = `${base}/auth/${provider}/authorize`;
  try {
    const res = await fetch(url, { credentials: 'include' });
    const data = await res.json();
    if (data && typeof data.authorization_url === 'string') {
      window.location.assign(data.authorization_url);
    } else {
      alert('Cannot start OAuth.');
    }
  } catch (e) {
    alert('Cannot start OAuth.');
  }
 }
 export default function LoginRegisterPage({ onLoggedIn }: { onLoggedIn: () => void }) {
  const [mode, setMode] = useState<'login' | 'register'>('login');
  const [email, setEmail] = useState('');
  const [password, setPassword] = useState('');
  const [firstName, setFirstName] = useState('');
  const [lastName, setLastName] = useState('');
  const [loading, setLoading] = useState(false);
  const [error, setError] = useState<string | null>(null);
  async function handleSubmit(e: React.FormEvent) {
    e.preventDefault();
    setLoading(true);
    setError(null);
    try {
      if (mode === 'login') {
        await login(email, password);
        onLoggedIn();
      } else {
        await register(email, password, firstName || undefined, lastName || undefined);
        // After register, prompt login automatically
        await login(email, password);
        onLoggedIn();
      }
    } catch (err: any) {
      setError(err?.message || 'Operation failed');
    } finally {
      setLoading(false);
    }
  }
  // Add this useEffect hook
  useEffect(() => {
    // When the component mounts, add a class to the body
    document.body.classList.add('auth-page');
    // When the component unmounts, remove the class
    return () => {
      document.body.classList.remove('auth-page');
    };
  }, []); // The empty array ensures this runs only once
  // The JSX no longer needs the wrapper div
  return (
    <div className="card" style={{ width: 420 }}>
      <div style={{ display: 'flex', alignItems: 'center', justifyContent: 'space-between', marginBottom: 12 }}>
        <h2 style={{ margin: 0 }}>{mode === 'login' ? 'Welcome back' : 'Create your account'}</h2>
        <div className="segmented">
          <button className={mode === 'login' ? 'active' : ''} type="button" onClick={() => setMode('login')}>Login</button>
          <button className={mode === 'register' ? 'active' : ''} type="button" onClick={() => setMode('register')}>Register</button>
        </div>
      </div>
      <form onSubmit={handleSubmit} className="space-y">
        <div>
            <label className="muted">Email</label>
            <input className="input" type="email" required value={email} onChange={(e) => setEmail(e.target.value)} />
          </div>
          <div>
            <label className="muted">Password</label>
            <input className="input" type="password" required value={password} onChange={(e) => setPassword(e.target.value)} />
          </div>
          {mode === 'register' && (
            <div className="form-row">
              <div>
                <label className="muted">First name (optional)</label>
                <input className="input" type="text" value={firstName} onChange={(e) => setFirstName(e.target.value)} />
              </div>
              <div>
                <label className="muted">Last name (optional)</label>
                <input className="input" type="text" value={lastName} onChange={(e) => setLastName(e.target.value)} />
              </div>
            </div>
          )}
          {error && <div style={{ color: 'crimson' }}>{error}</div>}
          <div className="actions" style={{ justifyContent: 'space-between' }}>
            <div className="muted">Or continue with</div>
            <div className="actions">
              <button type="button" className="btn" onClick={() => startOauth('mojeid')}>MojeID</button>
              <button type="button" className="btn" onClick={() => startOauth('bankid')}>BankID</button>
              <button className="btn primary" type="submit" disabled={loading}>{loading ? 'Please wait…' : (mode === 'login' ? 'Login' : 'Register')}</button>
            </div>
          </div>
      </form>
    </div>
  );
 }
--- a/7project/frontend/src/pages/MockBankModal.tsx
+++ b/7project/frontend/src/pages/MockBankModal.tsx
@@ -1,100 +0,0 @@
 // src/MockBankModal.tsx
 import { useState } from 'react';
 import { type Category } from '../api';
 // Define the shape of the generation options
 export interface MockGenerationOptions {
  count: number;
  minAmount: number;
  maxAmount: number;
  startDate: string;
  endDate: string;
  categoryIds: number[];
 }
 interface MockBankModalProps {
  isOpen: boolean;
  isGenerating: boolean;
  categories: Category[]; // Pass in available categories
  onClose: () => void;
  onGenerate: (options: MockGenerationOptions) => void;
 }
 export default function MockBankModal({ isOpen, isGenerating, categories, onClose, onGenerate }: MockBankModalProps) {
  // State for all the new form fields
  const [count, setCount] = useState('10');
  const [minAmount, setMinAmount] = useState('-200');
  const [maxAmount, setMaxAmount] = useState('200');
  const [startDate, setStartDate] = useState(() => new Date(Date.now() - 365 * 24 * 60 * 60 * 1000).toISOString().split('T')[0]); // Default to one year ago
  const [endDate, setEndDate] = useState(() => new Date().toISOString().split('T')[0]); // Default to today
  const [selectedCategoryIds, setSelectedCategoryIds] = useState<string[]>([]);
  if (!isOpen) return null;
  function handleGenerateClick() {
    const parsedCount = parseInt(count, 10);
    const parsedMinAmount = parseFloat(minAmount);
    const parsedMaxAmount = parseFloat(maxAmount);
    const parsedStartDate = new Date(startDate);
    const parsedEndDate = new Date(endDate);
    // Validation
    if (
      isNaN(parsedCount) || parsedCount <= 0 ||
      isNaN(parsedMinAmount) || isNaN(parsedMaxAmount) ||
      parsedMaxAmount < parsedMinAmount ||
      isNaN(parsedStartDate.getTime()) || isNaN(parsedEndDate.getTime()) ||
      parsedEndDate < parsedStartDate
    ) {
      alert(
        "Please ensure:\n" +
        "- Count is a positive number\n" +
        "- Min and Max Amount are valid numbers, and Max >= Min\n" +
        "- Start and End Date are valid, and End Date >= Start Date"
      );
      return;
    }
    const options: MockGenerationOptions = {
      count: parsedCount,
      minAmount: parsedMinAmount,
      maxAmount: parsedMaxAmount,
      startDate,
      endDate,
      categoryIds: selectedCategoryIds.map(Number),
    };
    onGenerate(options);
  }
  return (
    <div className="modal-overlay" onClick={onClose}>
      <div className="modal-content" onClick={(e) => e.stopPropagation()}>
        <h3>Generate Mock Transactions</h3>
        <p className="muted">
          Customize the random transactions you'd like to import.
        </p>
        <div className="space-y">
          <input className="input" type="number" value={count} onChange={(e) => setCount(e.target.value)} placeholder="Number of transactions" />
          <div className="form-row" style={{ gridTemplateColumns: '1fr 1fr' }}>
            <input className="input" type="number" value={minAmount} onChange={(e) => setMinAmount(e.target.value)} placeholder="Min amount" />
            <input className="input" type="number" value={maxAmount} onChange={(e) => setMaxAmount(e.target.value)} placeholder="Max amount" />
          </div>
          <div className="form-row" style={{ gridTemplateColumns: '1fr 1fr' }}>
            <input className="input" type="date" value={startDate} onChange={(e) => setStartDate(e.target.value)} placeholder="Earliest date" />
            <input className="input" type="date" value={endDate} onChange={(e) => setEndDate(e.target.value)} placeholder="Latest date" />
          </div>
          <select multiple className="input" style={{ height: '120px' }} value={selectedCategoryIds} onChange={(e) => setSelectedCategoryIds(Array.from(e.target.selectedOptions, option => option.value))}>
            {categories.map(c => (<option key={c.id} value={c.id}>{c.name}</option>))}
          </select>
        </div>
        <div className="actions" style={{ justifyContent: 'flex-end', marginTop: '16px' }}>
          <button className="btn" onClick={onClose} disabled={isGenerating}>Cancel</button>
          <button className="btn primary" onClick={handleGenerateClick} disabled={isGenerating}>
            {isGenerating ? 'Generating...' : `Generate Transactions`}
          </button>
        </div>
      </div>
    </div>
  );
 }
--- a/7project/frontend/src/ui.css
+++ b/7project/frontend/src/ui.css
@@ -1,153 +0,0 @@
 :root {
  --bg: #f7f7fb;
  --panel: #ffffff;
  --text: #9aa3b2;
  --muted: #6b7280;
  --primary: #6f49fe;
  --primary-600: #5a37fb;
  --border: #e5e7eb;
  --radius: 12px;
  --shadow: 0 1px 2px rgba(0,0,0,0.04), 0 8px 24px rgba(0,0,0,0.08);
  font-family: Inter, ui-sans-serif, system-ui, -apple-system, Segoe UI, Roboto, Helvetica, Arial, "Apple Color Emoji", "Segoe UI Emoji";
  color: var(--text);
 }
 * { box-sizing: border-box; }
 html, body, #root { height: 100%; }
 body { background: var(--bg); margin: 0; display: block; }
 /* Dark theme variables */
 body[data-theme="dark"] {
  --bg: #161a2b;
  --panel: #283046;
  --text: #283046;
  --muted: #cbd5e1;
  --primary: #8b7bff;
  --primary-600: #7b69ff;
  --border: #283046;
 }
 /* Layout */
 .app-layout { display: grid; grid-template-columns: 260px 1fr; height: 100vh; }
 .sidebar { background: #15172a; color: #e5e7eb; display: flex; flex-direction: column; padding: 20px 12px; }
 .sidebar .logo { color: #fff; font-weight: 700; font-size: 18px; padding: 12px 14px; display: flex; align-items: center; gap: 10px; }
 .nav { margin-top: 12px; display: grid; gap: 4px; }
 .nav a, .nav button { color: #cbd5e1; text-align: left; background: transparent; border: 0; padding: 10px 12px; border-radius: 8px; cursor: pointer; }
 .nav a.active, .nav a:hover, .nav button:hover { background: rgba(255,255,255,0.08); color: #fff; }
 .content { display: flex; flex-direction: column; overflow-y: auto; }
 .topbar { height: 64px; display: flex; flex-shrink: 0; align-items: center; justify-content: space-between; padding: 0 24px; background: var(--panel); border-bottom: 1px solid var(--border); }
 .topbar .user { color: var(--muted); }
 .page { padding: 24px; }
 /* Cards */
 .card { background: var(--panel); border: 1px solid var(--border); border-radius: var(--radius); box-shadow: var(--shadow); padding: 16px; }
 .card h3 { margin: 0 0 12px; }
 /* Forms */
 .input, select, textarea {
  width: 100%;
  padding: 10px 12px;
  border-radius: 10px;
  border: 1px solid var(--border);
  background-color: var(--panel);
  color: var(--muted);
  /* Add these properties specifically for the select element */
  -webkit-appearance: none;
  -moz-appearance: none;
  appearance: none;
  padding-right: 32px; /* Add space for the custom arrow */
  background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' fill='none' viewBox='0 0 20 20'%3e%3cpath stroke='%236b7280' stroke-linecap='round' stroke-linejoin='round' stroke-width='1.5' d='M6 8l4 4 4-4'/%3e%3c/svg%3e");
  background-position: right 0.5rem center;
  background-repeat: no-repeat;
  background-size: 1.5em 1.5em;
  cursor: pointer;
 }
 .input:focus, select:focus, textarea:focus {
  outline: 2px solid var(--primary);
  outline-offset: 2px;
  border-color: var(--primary);
 }
 .form-row { display: grid; gap: 8px; grid-template-columns: repeat(4, minmax(0,1fr)); }
 .form-row > * { min-width: 140px; }
 .form-row > .btn {
  justify-self: start;
 }
 .actions { display: flex; align-items: center; gap: 8px; }
 /* Buttons */
 .btn { border: 1px solid var(--border); background: #fff; color: var(--text); padding: 10px 14px; border-radius: 10px; cursor: pointer; }
 .btn.primary { background: var(--primary); border-color: var(--primary); color: #fff; }
 .btn.primary:hover { background: var(--primary-600); }
 .btn.ghost { background: transparent; color: var(--muted); }
 .btn, .input, select, textarea, .nav a, .nav button, .segmented button {
  transition: all 0.2s ease-in-out;
 }
 .btn.small {
  padding: 4px 10px;
  font-size: 0.875rem; /* 14px */
 }
 /* Tables */
 .table { width: 100%; border-collapse: collapse; }
 .table th, .table td { padding: 10px; border-bottom: 1px solid var(--border); }
 .table th { text-align: left; color: var(--muted); font-weight: 600; }
 .table td.amount { text-align: right; font-variant-numeric: tabular-nums; }
 .table-controls {
  display: flex;
  justify-content: space-between;
  align-items: center;
  margin-bottom: 12px; /* Adds some space above the table */
 }
 /* Segmented control */
 .segmented { display: inline-flex; background: #f1f5f9; border-radius: 10px; padding: 4px; border: 1px solid var(--border); }
 .segmented button { border: 0; background: transparent; padding: 8px 12px; border-radius: 8px; color: var(--muted); cursor: pointer; }
 .segmented button.active { background: #fff; color: var(--text); box-shadow: var(--shadow); }
 /* Auth layout */
 body.auth-page #root {
  display: flex;
  align-items: center;
  justify-content: center;
  min-height: 100vh;
  width: 100%;
 }
 /* Utility */
 .muted { color: var(--muted); }
 .space-y > * + * { margin-top: 12px; }
 /* Modal mock bank */
 .modal-overlay {
  position: fixed;
  top: 0;
  left: 0;
  right: 0;
  bottom: 0;
  background: rgba(0, 0, 0, 0.5);
  display: flex;
  align-items: center;
  justify-content: center;
  z-index: 1000;
 }
 .modal-content {
  background: var(--panel);
  padding: 24px;
  border-radius: var(--radius);
  box-shadow: var(--shadow);
  width: 100%;
  max-width: 400px;
 }
 .connection-row {
  display: flex;
  justify-content: space-between;
  align-items: center;
 }
--- a/7project/meetings/2025-10-16-meeting.md
+++ b/7project/meetings/2025-10-16-meeting.md
@@ -1,53 +0,0 @@
 # Weekly Meeting Notes
 - Group 8 - Personal finance tracker
 - Mentor: Jaychander
 Keep all meeting notes in the `meetings.md` file in your project folder.
 Just copy the template below for each weekly meeting and fill in the details.
 ## Administrative Info
 - Date: 2025-10-16
 - Attendees: Dejan Ribarovski, Lukas Trkan
 - Notetaker: Dejan Ribarovski
 ## Progress Update (Before Meeting)
 Summary of what has been accomplished since the last meeting in the following categories.
 ## Action Items from Last Week (During Meeting)
 - [x] start coding the app logic
 - [x] start writing the report so it matches the actual progress
 - [x] redo the system diagram so it includes a response flow
 ### Coding
 Implemented initial functioning version of the app, added OAuth with BankId and MojeID,
 added database snapshots.
 ### Documentation
 report.md is up to date
 ## Questions and Topics for Discussion (Before Meeting)
 Prepare 3-5 questions and topics you want to discuss with your mentor.
 1. What other functionality should be added to the app
 2. Priority for the next week (Testing maybe?)
 3. Question 3
 ## Discussion Notes (During Meeting)
 ## Action Items for Next Week (During Meeting)
 Last 3 minutes of the meeting, summarize action items.
 - [x] OAuth
 - [x] CI/CD fix
 - [ ] Database local (multiple bank accounts)
 - [ ] Add tests and set up github pipeline
 - [ ] Frontend imporvment - user experience
 - [ ] make the report more clear
 ---
--- a/7project/meetings/2025-10-23-meeting.md
+++ b/7project/meetings/2025-10-23-meeting.md
@@ -1,54 +0,0 @@
 # Weekly Meeting Notes
 - Group 8 - Personal finance tracker
 - Mentor: Jaychander
 Keep all meeting notes in the `meetings.md` file in your project folder.
 Just copy the template below for each weekly meeting and fill in the details.
 ## Administrative Info
 - Date: 2025-10-23
 - Attendees: Dejan
 - Notetaker: Dejan
 ## Progress Update (Before Meeting)
 Last 3 minutes of the meeting, summarize action items.
 - [x] OAuth (BankID)
 - [x] CI/CD fix
 - [X] Database local (multiple bank accounts)
 - [X] Add tests and set up github pipeline
 - [X] Frontend imporvment - user experience
 - [ ] make the report more clear - partly
 Summary of what has been accomplished since the last meeting in the following categories.
 ### Coding
 Improved Frontend, added Mock Bank, fixed deployment, fixed OAuth(BankID) on production, added basic tests
 ### Documentation
 Not much - just updated the work done
 ## Questions and Topics for Discussion (Before Meeting)
 This was not prepared, I planned to do it right before meeting, but Jaychander needed to go somewhere earlier.
 1. Question 1
 2. Question 2
 3. Question 3
 ## Discussion Notes (During Meeting)
 The tracker should not store the transactions in the database - security vulnerability.
 ## Action Items for Next Week (During Meeting)
 Last 3 minutes of the meeting, summarize action items.
 - [ ] Dont store data in database (security) - Load it on login (from CSAS API and local database), load automatically with email
 - [ ] Go through the checklist
 - [ ] Look for possible APIs (like stocks or financial details whatever)
 - [ ] Report
 ---
--- a/7project/meetings/2025-10-9-meeting.md
+++ b/7project/meetings/2025-10-9-meeting.md
--- a/7project/report.md
+++ b/7project/report.md
@@ -1,4 +1,4 @@
-# Personal finance tracker
+# Project Report
 > **Instructions**:
 > This template provides the structure for your project report.
@@ -7,211 +7,126 @@
 ## Project Overview
-**Project Name**: Personal Finance Tracker
+**Project Name**: [Your project name]
 **Group Members**:
- 289229, Lukáš Trkan, lukastrkan
+- Student number, Name, GitHub username
- 289258, Dejan Ribarovski, derib2613, ribardej
+- Student number, Name, GitHub username
 - Student number, Name, GitHub username
-**Brief Description**: (něco spíš jako abstract, introuction, story behind)
+**Brief Description**:
-Our application is a finance tracker, so a person can easily track his cash flow
+[2-3 sentences describing what your application does and its main purpose]
 through multiple bank accounts. Person can label transactions with custom categories
 and later filter by them.
 ## Architecture Overview
 Our system is a full‑stack web application composed of a React frontend, a FastAPI backend, a PostgreSQL database, and asynchronous background workers powered by Celery with RabbitMQ. Redis is available for caching/kv and may be used by Celery as a result backend. The backend exposes REST endpoints for authentication (email/password and OAuth), users, categories, and transactions. A thin controller layer (FastAPI routers) lives under app/api. Infrastructure for Kubernetes is provided via OpenTofu (Terraform‑compatible) modules and the application is packaged via a Helm chart.
 ### High-Level Architecture
 [Describe the overall system architecture. Consider including a diagram using mermaid or linking to an image]
 ```mermaid
-flowchart LR
+graph TD
-    proc_queue[Message Queue] --> proc_queue_worker[Worker Service]
+    A[Component A] --> B[Component B]
-    proc_queue_worker --> ext_mail[(Email Service)]
+    B --> C[Component C]
    proc_cron[Task planner] --> proc_queue
    proc_queue_worker --> ext_bank[(Bank API)]
    proc_queue_worker --> db
    client[Client/Frontend] <--> svc[Backend API]
    svc --> proc_queue
    svc <--> db[(Database)]
    svc <--> cache[(Cache)]
 ```
 ### Components
- Frontend (frontend/): React + TypeScript app built with Vite. Talks to the backend via REST, handles login/registration, shows latest transactions, filtering, and allows adding transactions.
+- **Component 1**: [Description of what this component does]
- Backend API (backend/app): FastAPI app with routers under app/api for auth, categories, and transactions. Uses FastAPI Users for auth (JWT + OAuth), SQLAlchemy ORM, and Pydantic v2 schemas.
+- **Component 2**: [Description of what this component does]
- Worker service (backend/app/workers): Celery worker handling asynchronous tasks (e.g., sending verification emails, future background processing).
+- **Component 3**: [Description of what this component does]
 - Database (PostgreSQL): Persists users, categories, transactions; schema managed by Alembic migrations.
 - Message Queue (RabbitMQ): Transports background jobs from the API to the worker.
 - Cache/Result Store (Redis): Available for caching or Celery result backend.
 - Infrastructure as Code (tofu/): OpenTofu modules provisioning cluster services (RabbitMQ, Redis, Argo CD, cert-manager, Cloudflare tunnel, etc.).
 - Deployment Chart (charts/myapp-chart/): Helm chart to deploy the application to Kubernetes.
 ### Technologies Used
- Backend: Python, FastAPI, FastAPI Users, SQLAlchemy, Pydantic, Alembic, Celery
+- **Backend**: [e.g., Go, Node.js, Python]
- Frontend: React, TypeScript, Vite
+- **Database**: [e.g., PostgreSQL, MongoDB, Redis]
- Database: PostgreSQL
+- **Cloud Services**: [e.g., AWS EC2, Google Cloud Run, Azure Functions]
- Messaging: RabbitMQ 
+- **Container Orchestration**: [e.g., Docker, Kubernetes]
- Cache: Redis
+- **Other**: [List other significant technologies]
 - Containerization/Orchestration: Docker, Docker Compose (dev), Kubernetes, Helm
 - IaC/Platform: OpenTofu (Terraform), Argo CD, cert-manager, MetalLB, Cloudflare Tunnel, Prometheus
 ## Prerequisites
 ### System Requirements
- Operating System: Linux, macOS, or Windows
+- Operating System: [e.g., Linux, macOS, Windows]
- Minimum RAM: 4 GB (8 GB recommended for running backend, frontend, and database together)
+- Minimum RAM: [e.g., 8GB]
- Storage: 2 GB free (Docker images may require additional space)
+- Storage: [e.g., 10GB free space]
 ### Required Software
- Docker Desktop or Docker Engine 24+
+- [Software 1] (version X.X or higher)
- Docker Compose v2+
+- [Software 2] (version X.X or higher)
- Node.js 20+ and npm 10+ (for local frontend dev/build)
+- [etc.]
 - Python 3.12+ (for local backend dev outside Docker)
 - PostgreSQL 15+ (optional if running DB outside Docker)
 - Helm 3.12+ and kubectl 1.29+ (for Kubernetes deployment)
 - OpenTofu 1.7+ (for infrastructure provisioning)
-### Environment Variables (common)
+### Dependencies
- Backend: SECRET, FRONTEND_URL, BACKEND_URL, DATABASE_URL, RABBITMQ_URL, REDIS_URL 
+```bash
- OAuth vars (Backend): MOJEID_CLIENT_ID/SECRET, BANKID_CLIENT_ID/SECRET (optional)
+# List key dependencies that need to be installed
- Frontend: VITE_BACKEND_URL
+# For example:
-
+# Docker Engine 20.10+
-### Dependencies (key libraries)
+# Node.js 18+
-I am not sure what is meant by "key libraries"
+# Go 1.25+
-
+```
 Backend: FastAPI, fastapi-users, SQLAlchemy, pydantic v2, Alembic, Celery  
 Frontend: React, TypeScript, Vite  
 Services: PostgreSQL, RabbitMQ, Redis
 ## Build Instructions
-You can run the project with Docker Compose (recommended for local development) or run services manually.
+### 1. Clone the Repository
 ### 1) Clone the Repository
 ```bash
-git clone https://github.com/dat515-2025/Group-8.git
+git clone [your-repository-url]
-cd 7project
+cd [repository-name]
 ```
-### 2) Install dependencies
+### 2. Install Dependencies
-Backend
+
 ```bash
-# In 7project/backend
+# Provide step-by-step commands
-python3.12 -m venv .venv
+# For example:
-source .venv/bin/activate  # Windows: .venv\Scripts\activate
+# npm install
-pip install -r requirements.txt
+# go mod download
 ```
-Frontend
+
 ### 3. Build the Application
 ```bash
-# In 7project/frontend
+# Provide exact build commands
-npm install
+# For example:
 # make build
 # docker build -t myapp .
 ```
-### 3) Manual Local Run
+### 4. Configuration
 Backend
 ```bash
-# From the 7project/ directory
+# Any configuration steps needed
-docker compose up --build
+# Environment variables to set
-# This starts: PostgreSQL, RabbitMQ/Redis (if defined)
+# Configuration files to create
 # Set environment variables (or create .env file)
 export SECRET=CHANGE_ME_SECRET
 export BACKEND_URL=http://127.0.0.1:8000
 export FRONTEND_URL=http://localhost:5173
 export DATABASE_URL=postgresql+asyncpg://user:password@127.0.0.1:5432/app
 export RABBITMQ_URL=amqp://guest:guest@127.0.0.1:5672/
 export REDIS_URL=redis://127.0.0.1:6379/0
 # Apply DB migrations (Alembic)
 # From 7project/backend
 alembic upgrade head
 # Run API
 uvicorn app.app:fastApi --reload --host 0.0.0.0 --port 8000
 # Run Celery worker (optional, for emails/background tasks)
 celery -A app.celery_app.celery_app worker -l info
 ```
 Frontend
 ```bash
 # Configure backend URL for dev
 echo 'VITE_BACKEND_URL=http://127.0.0.1:8000' > .env
 npm run dev
 # Open http://localhost:5173
 ```
 - Backend default: http://127.0.0.1:8000 (OpenAPI at /docs)
 - Frontend default: http://localhost:5173
 If needed, adjust compose services/ports in compose.yml.
 ## Deployment Instructions
-### Local (Docker Compose)
+### Local Deployment
 Described in the previous section (Manual Local Run)
 ### Kubernetes (via OpenTofu + Helm)
 1) Provision platform services (RabbitMQ/Redis/ingress/tunnel/etc.) with OpenTofu
 ```bash
-cd tofu
+# Step-by-step commands for local deployment
-# copy and edit variables
+# For example:
-cp terraform.tfvars.example terraform.tfvars
+# docker-compose up -d
-# authenticate to your cluster/cloud as needed, then:
+# kubectl apply -f manifests/
 tofu init
 tofu plan
 tofu apply
 ```
-2) Deploy the app using Helm
+### Cloud Deployment
 ```bash
 # Set the namespace
 kubectl create namespace myapp || true
 # Install/upgrade the chart with required values
 helm upgrade --install myapp charts/myapp-chart \
  -n myapp \
  -f charts/myapp-chart/values.yaml \
  --set image.backend.repository=myorg/myapp-backend \
  --set image.backend.tag=latest \
  --set env.BACKEND_URL="https://myapp.example.com" \
  --set env.FRONTEND_URL="https://myapp.example.com" \
  --set env.SECRET="CHANGE_ME_SECRET"
 ```
 Adjust values to your registry and domain. The chart’s NOTES.txt includes additional examples.
 3) Expose and access
 - If using Cloudflare Tunnel or an ingress, configure DNS accordingly (see tofu/modules/cloudflare and deployment/tunnel.yaml).
 - For quick testing without ingress:
 ```bash
-kubectl -n myapp port-forward deploy/myapp-backend 8000:8000
+# Commands for cloud deployment
-kubectl -n myapp port-forward deploy/myapp-frontend 5173:80
+# Include any cloud-specific setup
 ```
 ### Verification
 ```bash
-# Check pods
+# Commands to verify deployment worked
-kubectl -n myapp get pods
+# How to check if services are running
-
+# Example health check endpoints
 # Backend health
 curl -i http://127.0.0.1:8000/
 # OpenAPI
 open http://127.0.0.1:8000/docs
 # Frontend (if port-forwarded)
 open http://localhost:5173
 ```
 ## Testing Instructions
@@ -241,38 +156,19 @@ open http://localhost:5173
 ## Usage Examples
-All endpoints are documented at OpenAPI: http://127.0.0.1:8000/docs
+### Basic Usage
 ### Auth: Register and Login (JWT)
 ```bash
-# Register
+# Examples of how to use the application
-curl -X POST http://127.0.0.1:8000/auth/register \
+# Common commands or API calls
-  -H 'Content-Type: application/json' \
+# Sample data or test scenarios
  -d '{
    "email": "user@example.com",
    "password": "StrongPassw0rd",
    "first_name": "Jane",
    "last_name": "Doe"
  }'
 # Login (JWT)
 TOKEN=$(curl -s -X POST http://127.0.0.1:8000/auth/jwt/login \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'username=user@example.com&password=StrongPassw0rd' | jq -r .access_token)
 echo $TOKEN
 # Call a protected route
 curl -H "Authorization: Bearer $TOKEN" http://127.0.0.1:8000/authenticated-route
 ```
-### Frontend
+### Advanced Features
- Start with: npm run dev in 7project/frontend
+```bash
- Ensure VITE_BACKEND_URL is set to the backend URL (e.g., http://127.0.0.1:8000)
+# Examples showcasing advanced functionality
- Open http://localhost:5173
+```
 - Login, view latest transactions, filter, and add new transactions from the UI.
 ---
@@ -320,17 +216,17 @@ curl -H "Authorization: Bearer $TOKEN" http://127.0.0.1:8000/authenticated-route
 > Link to the specific commit on GitHub for each contribution.
 | Task/Component                                                      | Assigned To | Status        | Time Spent | Difficulty | Notes       |
-|-----------------------------------------------------------------------|-------------| ------------- |----------------|------------| ----------- |
+| ------------------------------------------------------------------- | ----------- | ------------- | ---------- | ---------- | ----------- |
-| [Project Setup & Repository](https://github.com/dat515-2025/Group-8#) | Lukas       | ✅ Complete    | [X hours]      | Medium     | [Any notes] |
+| Project Setup & Repository                                          | [Name]      | ✅ Complete    | [X hours]  | Medium     | [Any notes] |
-| [Design Document](https://github.com/dat515-2025/Group-8/blob/main/6design/design.md)          | Both        | ✅ Complete    | 2 Hours        | Easy       | [Any notes] |
+| [Design Document](https://github.com/dat515-2025/group-name)         | [Name]      | ✅ Complete    | [X hours]  | Easy       | [Any notes] |
-| [Backend API Development](https://github.com/dat515-2025/Group-8/tree/main/7project/backend/app/api)  | Dejan       | ✅ Complete    | 10 hours       | Medium     | [Any notes] |
+| [Backend API Development](https://github.com/dat515-2025/group-name) | [Name]      | ✅ Complete    | [X hours]  | Hard       | [Any notes] |
-| [Database Setup & Models](https://github.com/dat515-2025/Group-8/tree/main/7project/backend/app/models)  | Lukas       | ✅ Complete    | [X hours]      | Medium     | [Any notes] |
+| [Database Setup & Models](https://github.com/dat515-2025/group-name) | [Name]      | ✅ Complete    | [X hours]  | Medium     | [Any notes] |
-| [Frontend Development](https://github.com/dat515-2025/Group-8/tree/main/7project/frontend)     | Dejan       | 🔄 In Progress | 7 hours so far | Medium     | [Any notes] |
+| [Frontend Development](https://github.com/dat515-2025/group-name)    | [Name]      | 🔄 In Progress | [X hours]  | Medium     | [Any notes] |
-| [Docker Configuration](https://github.com/dat515-2025/Group-8/blob/main/7project/compose.yml)     | Lukas       | ✅ Complete    | [X hours]      | Easy       | [Any notes] |
+| [Docker Configuration](https://github.com/dat515-2025/group-name)    | [Name]      | ✅ Complete    | [X hours]  | Easy       | [Any notes] |
-| [Cloud Deployment](https://github.com/dat515-2025/Group-8/blob/main/7project/deployment/app-demo-deployment.yaml)         | Lukas       | ✅ Complete    | [X hours]      | Hard       | [Any notes] |
+| [Cloud Deployment](https://github.com/dat515-2025/group-name)        | [Name]      | ✅ Complete    | [X hours]  | Hard       | [Any notes] |
-| [Testing Implementation](https://github.com/dat515-2025/group-name)   | Dejan       | ❌ Not Started     | [X hours]      | Medium     | [Any notes] |
+| [Testing Implementation](https://github.com/dat515-2025/group-name)  | [Name]      | ⏳ Pending     | [X hours]  | Medium     | [Any notes] |
-| [Documentation](https://github.com/dat515-2025/group-name)            | Both        | ❌ Not Started   | [X hours]      | Easy       | [Any notes] |
+| [Documentation](https://github.com/dat515-2025/group-name)           | [Name]      | ✅ Complete    | [X hours]  | Easy       | [Any notes] |
-| [Presentation Video](https://github.com/dat515-2025/group-name)       | Both        | ❌ Not Started     | [X hours]      | Medium     | [Any notes] |
+| [Presentation Video](https://github.com/dat515-2025/group-name)      | [Name]      | ✅ Complete    | [X hours]  | Medium     | [Any notes] |
 **Legend**: ✅ Complete | 🔄 In Progress | ⏳ Pending | ❌ Not Started
@@ -338,27 +234,35 @@ curl -H "Authorization: Bearer $TOKEN" http://127.0.0.1:8000/authenticated-route
 > Link to the specific commit on GitHub for each contribution.
-### [Lukáš]
+### [Team Member 1 Name]
 | Date      | Activity            | Hours      | Description                         |
-|----------------|---------------------|------------|----------------------------------------------------|
+| --------- | ------------------- | ---------- | ----------------------------------- |
-| 4.10 to 10.10  | Initial Setup       | 40         | Repository setup, project structure, cluster setup |
+| [Date]    | Initial Setup       | [X.X]      | Repository setup, project structure |
-| 14.10 to 16.10 | Backend Development | 12         | Implemented user authentication - oauth            |
+| [Date]    | Backend Development | [X.X]      | Implemented user authentication     |
 | 8.10 to 12.10  | CI/CD               | 10         | Created database schema and models                 |
 | [Date]    | Testing             | [X.X]      | Unit tests for API endpoints        |
 | [Date]    | Documentation       | [X.X]      | Updated README and design doc       |
 | **Total** |                     | **[XX.X]** |                                     |
-### Dejan
+### [Team Member 2 Name]
 | Date      | Activity             | Hours      | Description                               |
-|-------------|----------------------|--------|--------------------------------|
+| --------- | -------------------- | ---------- | ----------------------------------------- |
-| 25.9.       | Design               | 1.5    | 6design                        |
+| [Date]    | Frontend Development | [X.X]      | Created user interface mockups            |
-| 9-11.10.    | Backend APIs         | 10     | Implemented Backend APIs       |
+| [Date]    | Integration          | [X.X]      | Connected frontend to backend API         |
-| 13-15.10.   | Frontend Development | 6.5    | Created user interface mockups |
+| [Date]    | Deployment           | [X.X]      | Docker configuration and cloud deployment |
-| Continually | Documantation        | 3      | Documenting the dev process    |
+| [Date]    | Testing              | [X.X]      | End-to-end testing                        |
-| **Total**   |                      | **21** |                                |
+| **Total** |                      | **[XX.X]** |                                           |
 ### [Team Member 3 Name] (if applicable)
 | Date      | Activity                 | Hours      | Description                      |
 | --------- | ------------------------ | ---------- | -------------------------------- |
 | [Date]    | Database Design          | [X.X]      | Schema design and implementation |
 | [Date]    | Cloud Configuration      | [X.X]      | AWS/GCP setup and configuration  |
 | [Date]    | Performance Optimization | [X.X]      | Caching and query optimization   |
 | [Date]    | Monitoring               | [X.X]      | Logging and monitoring setup     |
 | **Total** |                          | **[XX.X]** |                                  |
 ### Group Total: [XXX.X] hours
@@ -388,8 +292,11 @@ curl -H "Authorization: Bearer $TOKEN" http://127.0.0.1:8000/authenticated-route
 [Personal reflection on growth, challenges, and learning]
 #### [Team Member 3 Name] (if applicable)
 [Personal reflection on growth, challenges, and learning]
 ---
 **Report Completion Date**: [Date]
-**Last Updated**: 15.10.2025
+**Last Updated**: [Date]