feat(worker): add transaction saving to db

.github/workflows/deploy-pr.yaml

@@ -118,7 +118,8 @@ jobs:
             --set frontend_domain_scheme="$FRONTEND_DOMAIN_SCHEME" \
             --set image.digest="$DIGEST" \
             --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
-            --set-string database.password="$DB_PASSWORD"
+            --set-string database.password="$DB_PASSWORD" \
+            --set-string database.encryptionSecret="$PR"
 
       - name: Post preview URLs as PR comment
         uses: actions/github-script@v7

.github/workflows/deploy-prod.yaml

@@ -129,4 +129,5 @@ jobs:
             --set-string oauth.mojeid.clientSecret="$MOJEID_CLIENT_SECRET" \
             --set-string oauth.csas.clientId="$CSAS_CLIENT_ID" \
             --set-string oauth.csas.clientSecret="$CSAS_CLIENT_SECRET" \
-            --set-string sentry_dsn="$SENTRY_DSN" \
+            --set-string sentry_dsn="$SENTRY_DSN" \
+            --set-string database.encryptionSecret="${{ secrets.PROD_DB_ENCRYPTION_KEY }}"

.github/workflows/run-tests.yml

@@ -43,10 +43,15 @@ jobs:
 
       # Step 3: Install project dependencies
       # Runs shell commands to install the libraries listed in your requirements.txt.
+      - name: Add test dependencies to requirements
+        run: |
+          echo "pytest==8.4.2" >> ./7project/backend/requirements.txt
+          echo "pytest-asyncio==1.2.0" >> ./7project/backend/requirements.txt
+
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install -r requirements.txt
+          pip install -r ./7project/backend/requirements.txt
       
       # Step 4: Run your tests!
       # Executes the pytest command to run your test suite.

7project/backend/alembic/versions/2025_10_29_1326-46b9e702e83f_add_encrypted_type.py

@@ -0,0 +1,47 @@
+"""Add encrypted type
+
+Revision ID: 46b9e702e83f
+Revises: 1f2a3c4d5e6f
+Create Date: 2025-10-29 13:26:24.568523
+
+"""
+from typing import Sequence, Union
+
+import sqlalchemy_utils
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import mysql
+
+# revision identifiers, used by Alembic.
+revision: str = '46b9e702e83f'
+down_revision: Union[str, Sequence[str], None] = '1f2a3c4d5e6f'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column('transaction', 'amount',
+               existing_type=mysql.FLOAT(),
+               type_=sqlalchemy_utils.types.encrypted.encrypted_type.EncryptedType(),
+               existing_nullable=False)
+    op.alter_column('transaction', 'description',
+               existing_type=mysql.VARCHAR(length=255),
+               type_=sqlalchemy_utils.types.encrypted.encrypted_type.EncryptedType(),
+               existing_nullable=True)
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column('transaction', 'description',
+               existing_type=sqlalchemy_utils.types.encrypted.encrypted_type.EncryptedType(),
+               type_=mysql.VARCHAR(length=255),
+               existing_nullable=True)
+    op.alter_column('transaction', 'amount',
+               existing_type=sqlalchemy_utils.types.encrypted.encrypted_type.EncryptedType(),
+               type_=mysql.FLOAT(),
+               existing_nullable=False)
+    # ### end Alembic commands ###

7project/backend/app/app.py

@@ -105,10 +105,6 @@ async def root():
 async def authenticated_route(user: User = Depends(current_active_verified_user)):
     return {"message": f"Hello {user.email}!"}
 
-@fastApi.get("/sentry-debug")
-async def trigger_error():
-    division_by_zero = 1 / 0
-
 
 @fastApi.get("/debug/scrape/csas/all", tags=["debug"])
 async def debug_scrape_csas_all():

7project/backend/app/models/transaction.py

@@ -1,15 +1,21 @@
+import os
 from fastapi_users_db_sqlalchemy import GUID
 from sqlalchemy import Column, Integer, String, Float, ForeignKey, Date, func
 from sqlalchemy.orm import relationship
+from sqlalchemy_utils import EncryptedType
+from sqlalchemy_utils.types.encrypted.encrypted_type import FernetEngine
+
 from app.core.base import Base
 from app.models.categories import association_table
 
+SECRET_KEY = os.environ.get("DB_ENCRYPTION_KEY", "localdev")
+
 
 class Transaction(Base):
     __tablename__ = "transaction"
     id = Column(Integer, primary_key=True, autoincrement=True)
-    amount = Column(Float, nullable=False)
-    description = Column(String(length=255), nullable=True)
+    amount = Column(EncryptedType(Float, SECRET_KEY, engine=FernetEngine), nullable=False)
+    description = Column(EncryptedType(String(length=255), SECRET_KEY, engine=FernetEngine), nullable=True)
     date = Column(Date, nullable=False, server_default=func.current_date())
     user_id = Column(GUID, ForeignKey("user.id"), nullable=False)
 

7project/backend/app/services/bank_scraper.py

@@ -1,17 +1,18 @@
 import json
 import logging
 from os.path import dirname, join
+from time import strptime
 from uuid import UUID
 
 import httpx
 from sqlalchemy import select
 
 from app.core.db import async_session_maker
+from app.models.transaction import Transaction
 from app.models.user import User
 
 logger = logging.getLogger(__name__)
 
-# Reuse CSAS mTLS certs used by OAuth profile calls
 OAUTH_DIR = join(dirname(__file__), "..", "oauth")
 CERTS = (
     join(OAUTH_DIR, "public_key.pem"),
@@ -20,10 +21,6 @@ CERTS = (
 
 
 async def aload_ceska_sporitelna_transactions(user_id: str) -> None:
-    """
-    Async entry point to load Česká spořitelna transactions for a single user.
-    Validates the user_id and performs a minimal placeholder action.
-    """
     try:
         uid = UUID(str(user_id))
     except Exception:
@@ -34,9 +31,6 @@ async def aload_ceska_sporitelna_transactions(user_id: str) -> None:
 
 
 async def aload_all_ceska_sporitelna_transactions() -> None:
-    """
-    Async entry point to load Česká spořitelna transactions for all users.
-    """
     async with async_session_maker() as session:
         result = await session.execute(select(User))
         users = result.unique().scalars().all()
@@ -54,7 +48,7 @@ async def aload_all_ceska_sporitelna_transactions() -> None:
 
 
 async def _aload_ceska_sporitelna_transactions(user_id: UUID) -> None:
-    async with async_session_maker() as session:
+    async with (async_session_maker() as session):
         result = await session.execute(select(User).where(User.id == user_id))
         user: User = result.unique().scalar_one_or_none()
         if user is None:
@@ -106,16 +100,22 @@ async def _aload_ceska_sporitelna_transactions(user_id: UUID) -> None:
                 if response.status_code != httpx.codes.OK:
                     continue
 
-                # Placeholder: just print the account transactions
-
                 transactions = response.json()["transactions"]
-                pass
 
             for transaction in transactions:
-                #parse and store transaction to database
-                #create Transaction object and save to DB
-                #obj =
+                description = transaction.get("entryDetails", {}).get("transactionDetails", {}).get(
+                    "additionalRemittanceInformation")
+                date_str = transaction.get("bookingDate", {}).get("date")
+                date = strptime(date_str, "%Y-%m-%d") if date_str else None
 
+                obj = Transaction(
+                    amount=transaction['amount']['value'],
+                    description=description,
+                    date=date,
+                    user_id=user_id,
+                )
+                session.add(obj)
+                await session.commit()
 
                 pass
             pass

7project/backend/requirements.txt

@@ -54,6 +54,7 @@ sentry-sdk==2.42.0
 six==1.17.0
 sniffio==1.3.1
 SQLAlchemy==2.0.43
+SQLAlchemy-Utils==0.42.0
 starlette==0.48.0
 tomli==2.2.1
 typing-inspection==0.4.1

7project/charts/myapp-chart/templates/app-deployment.yaml

@@ -101,6 +101,11 @@ spec:
                 secretKeyRef:
                   name: prod
                   key: SENTRY_DSN
+            - name: DB_ENCRYPTION_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: prod
+                  key: DB_ENCRYPTION_KEY
           livenessProbe:
             httpGet:
               path: /

7project/charts/myapp-chart/templates/prod.yaml

@@ -18,3 +18,4 @@ stringData:
   RABBITMQ_PASSWORD: {{ .Values.rabbitmq.password | default "" | quote }}
   RABBITMQ_USERNAME: {{ .Values.rabbitmq.username | quote }}
   SENTRY_DSN: {{ .Values.sentry_dsn | quote }}
+  DB_ENCRYPTION_KEY: {{ required "Set .Values.database.encryptionSecret" .Values.database.encryptionSecret | quote }}

7project/charts/myapp-chart/templates/worker-deployment.yaml

@@ -20,7 +20,7 @@ spec:
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
-              drop: ["ALL"]
+              drop: [ "ALL" ]
           command:
             - celery
             - -A
@@ -80,3 +80,8 @@ spec:
                 secretKeyRef:
                   name: prod
                   key: CSAS_CLIENT_SECRET
+            - name: DB_ENCRYPTION_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: prod
+                  key: DB_ENCRYPTION_KEY

7project/charts/myapp-chart/values.yaml

@@ -75,3 +75,4 @@ database:
   userName: app-demo-user
   secretName: app-demo-database-secret
   password: ""
+  encryptionSecret: ""

requirements.txt

@@ -1,72 +0,0 @@
-aio-pika==9.5.6
-aiormq==6.8.1
-aiosqlite==0.21.0
-alembic==1.16.5
-amqp==5.3.1
-annotated-types==0.7.0
-anyio==4.11.0
-argon2-cffi==23.1.0
-argon2-cffi-bindings==25.1.0
-asyncmy==0.2.9
-bcrypt==4.3.0
-billiard==4.2.2
-celery==5.5.3
-certifi==2025.10.5
-cffi==2.0.0
-click==8.1.8
-click-didyoumean==0.3.1
-click-plugins==1.1.1.2
-click-repl==0.3.0
-cryptography==46.0.1
-dnspython==2.7.0
-email_validator==2.2.0
-exceptiongroup==1.3.0
-fastapi==0.117.1
-fastapi-users==14.0.1
-fastapi-users-db-sqlalchemy==7.0.0
-greenlet==3.2.4
-h11==0.16.0
-httpcore==1.0.9
-httptools==0.6.4
-httpx==0.28.1
-httpx-oauth==0.16.1
-idna==3.10
-iniconfig==2.3.0
-kombu==5.5.4
-makefun==1.16.0
-Mako==1.3.10
-MarkupSafe==3.0.2
-multidict==6.6.4
-packaging==25.0
-pamqp==3.3.0
-pluggy==1.6.0
-prompt_toolkit==3.0.52
-propcache==0.3.2
-pwdlib==0.2.1
-pycparser==2.23
-pydantic==2.11.9
-pydantic_core==2.33.2
-Pygments==2.19.2
-PyJWT==2.10.1
-PyMySQL==1.1.2
-pytest==8.4.2
-pytest-asyncio==1.2.0
-python-dateutil==2.9.0.post0
-python-dotenv==1.1.1
-python-multipart==0.0.20
-PyYAML==6.0.2
-six==1.17.0
-sniffio==1.3.1
-SQLAlchemy==2.0.43
-starlette==0.48.0
-tomli==2.2.1
-typing-inspection==0.4.1
-typing_extensions==4.15.0
-tzdata==2025.2
-uvicorn==0.37.0
-uvloop==0.21.0
-vine==5.1.0
-watchfiles==1.1.0
-wcwidth==0.2.14
-websockets==15.0.1
-yarl==1.20.1