Potential fix for code scanning alert no. 9: Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

.github/workflows/build-image.yaml

@@ -0,0 +1,105 @@
+name: Build and Push Image
+
+on:
+  workflow_call:
+    inputs:
+      mode:
+        description: "Build mode: 'prod' or 'pr'"
+        required: true
+        type: string
+      image_repo:
+        description: "Docker image repository (e.g., user/app)"
+        required: false
+        default: "lukastrkan/cc-app-demo"
+        type: string
+      context:
+        description: "Docker build context path"
+        required: false
+        default: "7project/backend"
+        type: string
+      pr_number:
+        description: "PR number (required when mode=pr)"
+        required: false
+        type: string
+    secrets:
+      DOCKER_USER:
+        required: true
+      DOCKER_PASSWORD:
+        required: true
+    outputs:
+      digest:
+        description: "Built image digest"
+        value: ${{ jobs.build.outputs.digest }}
+      image_repo:
+        description: "Image repository used"
+        value: ${{ jobs.build.outputs.image_repo }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    outputs:
+      digest: ${{ steps.set.outputs.digest }}
+      image_repo: ${{ steps.set.outputs.image_repo }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Compute image repo and tags
+        id: meta
+        env:
+          MODE: ${{ inputs.mode }}
+          IMAGE_REPO: ${{ inputs.image_repo }}
+          PR: ${{ inputs.pr_number }}
+        run: |
+          set -euo pipefail
+          if [ -z "${IMAGE_REPO:-}" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi
+          echo "IMAGE_REPO=$IMAGE_REPO" >> $GITHUB_ENV
+          SHA_SHORT="${GITHUB_SHA::12}"
+          case "$MODE" in
+            prod)
+              TAG1="prod-$SHA_SHORT"
+              TAG2="latest"
+              ;;
+            pr)
+              if [ -z "${PR:-}" ]; then echo "pr_number input is required for mode=pr"; exit 1; fi
+              TAG1="pr-$PR"
+              TAG2="pr-$PR-$SHA_SHORT"
+              ;;
+            *)
+              echo "Unknown mode '$MODE' (expected 'prod' or 'pr')"; exit 1;
+              ;;
+          esac
+          echo "TAG1=$TAG1" >> $GITHUB_ENV
+          echo "TAG2=$TAG2" >> $GITHUB_ENV
+
+      - name: Build and push image
+        id: build
+        uses: docker/build-push-action@v5
+        with:
+          context: ${{ inputs.context }}
+          push: true
+          tags: |
+            ${{ env.IMAGE_REPO }}:${{ env.TAG1 }}
+            ${{ env.IMAGE_REPO }}:${{ env.TAG2 }}
+          platforms: linux/amd64
+
+      - name: Set outputs
+        id: set
+        env:
+          IMAGE_REPO: ${{ env.IMAGE_REPO }}
+        run: |
+          echo "digest=${{ steps.build.outputs.digest }}" >> $GITHUB_OUTPUT
+          echo "image_repo=$IMAGE_REPO" >> $GITHUB_OUTPUT

.github/workflows/deploy-pr.yaml

@@ -0,0 +1,151 @@
+name: Deploy Preview (PR)
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize, closed]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  build:
+    if: github.event.action != 'closed'
+    name: Build and push image (reusable)
+    uses: ./.github/workflows/build-image.yaml
+    with:
+      mode: pr
+      image_repo: lukastrkan/cc-app-demo
+      context: 7project/backend
+      pr_number: ${{ github.event.pull_request.number }}
+    secrets: inherit
+
+  get_urls:
+    if: github.event.action != 'closed'
+    name: Generate Preview URLs
+    uses: ./.github/workflows/url_generator.yml
+    with:
+      runner: vhs
+      mode: pr
+      pr_number: ${{ github.event.pull_request.number }}
+      base_domain: ${{ vars.DEV_BASE_DOMAIN }}
+    secrets: inherit
+
+  frontend:
+    if: github.event.action != 'closed'
+    name: Frontend - Build and Deploy to Cloudflare Pages (PR)
+    needs: [get_urls]
+    uses: ./.github/workflows/frontend-pages.yml
+    with:
+      mode: pr
+      pr_number: ${{ github.event.pull_request.number }}
+      backend_url_scheme: ${{ needs.get_urls.outputs.backend_url_scheme }}
+    secrets: inherit
+
+  deploy:
+    if: github.event.action != 'closed'
+    name: Helm upgrade/install (PR preview)
+    runs-on: vhs
+    concurrency:
+      group: pr-${{ github.event.pull_request.number }}
+      cancel-in-progress: false
+    needs: [build, frontend, get_urls]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Helm
+        uses: azure/setup-helm@v4
+
+      - name: Setup kubectl
+        uses: azure/setup-kubectl@v4
+
+      - name: Configure kubeconfig
+        env:
+          KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
+        run: |
+          mkdir -p ~/.kube
+          if [ -z "$KUBE_CONFIG" ]; then
+            echo "Secret KUBE_CONFIG is required (kubeconfig content)"; exit 1; fi
+          echo "$KUBE_CONFIG" > ~/.kube/config
+          chmod 600 ~/.kube/config
+
+      - name: Helm upgrade/install PR preview
+        env:
+          DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }}
+          RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }}
+          DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }}
+          DIGEST: ${{ needs.build.outputs.digest }}
+          DOMAIN: "${{ needs.get_urls.outputs.backend_url }}"
+          DOMAIN_SCHEME: "${{ needs.get_urls.outputs.backend_url_scheme }}"
+          FRONTEND_DOMAIN: "${{ needs.get_urls.outputs.frontend_url }}"
+          FRONTEND_DOMAIN_SCHEME: "${{ needs.get_urls.outputs.frontend_url_scheme }}"
+        run: |
+          PR=${{ github.event.pull_request.number }}
+          RELEASE=myapp-pr-$PR
+          NAMESPACE=pr-$PR
+          helm upgrade --install "$RELEASE" ./7project/charts/myapp-chart \
+            -n "$NAMESPACE" --create-namespace \
+            -f 7project/charts/myapp-chart/values-dev.yaml \
+            --set prNumber="$PR" \
+            --set deployment="pr-$PR" \
+            --set domain="$DOMAIN" \
+            --set domain_scheme="$DOMAIN_SCHEME" \
+            --set frontend_domain="$FRONTEND_DOMAIN" \
+            --set frontend_domain_scheme="$FRONTEND_DOMAIN_SCHEME" \
+            --set image.digest="$DIGEST" \
+            --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
+            --set-string database.password="$DB_PASSWORD"
+
+      - name: Post preview URLs as PR comment
+        uses: actions/github-script@v7
+        env:
+          BACKEND_URL: ${{ needs.get_urls.outputs.backend_url_scheme }}
+          FRONTEND_URL: ${{ needs.get_urls.outputs.frontend_url_scheme }}
+        with:
+          script: |
+            const pr = context.payload.pull_request;
+            if (!pr) { core.setFailed('No pull_request context'); return; }
+            const prNumber = pr.number;
+            const backendUrl = process.env.BACKEND_URL || '(not available)';
+            const frontendUrl = process.env.FRONTEND_URL || '(not available)';
+            const marker = '<!-- preview-comment-marker -->';
+            const body = `${marker}\nPreview environment is running\n- Frontend: ${frontendUrl}\n- Backend: ${backendUrl}\n`;
+            const { owner, repo } = context.repo;
+            const { data: comments } = await github.rest.issues.listComments({ owner, repo, issue_number: prNumber, per_page: 100 });
+            const existing = comments.find(c => c.body && c.body.includes(marker));
+            if (existing) {
+              await github.rest.issues.updateComment({ owner, repo, comment_id: existing.id, body });
+            } else {
+              await github.rest.issues.createComment({ owner, repo, issue_number: prNumber, body });
+            }
+
+  uninstall:
+    if: github.event.action == 'closed'
+    name: Helm uninstall (PR preview)
+    runs-on: vhs
+    steps:
+      - name: Setup Helm
+        uses: azure/setup-helm@v4
+
+      - name: Setup kubectl
+        uses: azure/setup-kubectl@v4
+
+      - name: Configure kubeconfig
+        env:
+          KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
+        run: |
+          mkdir -p ~/.kube
+          if [ -z "$KUBE_CONFIG" ]; then
+            echo "Secret KUBE_CONFIG is required (kubeconfig content)"; exit 1; fi
+          echo "$KUBE_CONFIG" > ~/.kube/config
+          chmod 600 ~/.kube/config
+
+      - name: Helm uninstall release and cleanup namespace
+        run: |
+          PR=${{ github.event.pull_request.number }}
+          RELEASE=myapp-pr-$PR
+          NAMESPACE=pr-$PR
+          helm uninstall "$RELEASE" -n "$NAMESPACE" || true
+          # Optionally delete the namespace if empty
+          kubectl delete namespace "$NAMESPACE" --ignore-not-found=true || true

.github/workflows/deploy-prod.yaml

@@ -0,0 +1,104 @@
+name: Deploy Prod
+
+on:
+  push:
+    branches: [ "main" ]
+    paths:
+      - 7project/backend/**
+      - 7project/frontend/**
+      - 7project/charts/myapp-chart/**
+      - .github/workflows/deploy-prod.yaml
+      - .github/workflows/build-image.yaml
+      - .github/workflows/frontend-pages.yml
+  workflow_dispatch:
+
+
+permissions:
+  contents: read
+
+concurrency:
+  group: deploy-prod
+  cancel-in-progress: false
+
+jobs:
+  build:
+    name: Build and push image (reusable)
+    uses: ./.github/workflows/build-image.yaml
+    with:
+      mode: prod
+      image_repo: lukastrkan/cc-app-demo
+      context: 7project/backend
+    secrets: inherit
+
+  get_urls:
+    name: Generate Production URLs
+    uses: ./.github/workflows/url_generator.yml
+    with:
+      mode: prod
+      runner: vhs
+      base_domain: ${{ vars.PROD_DOMAIN }}
+    secrets: inherit
+
+  frontend:
+    name: Frontend - Build and Deploy to Cloudflare Pages (prod)
+    needs: [get_urls]
+    uses: ./.github/workflows/frontend-pages.yml
+    with:
+      mode: prod
+      backend_url_scheme: ${{ needs.get_urls.outputs.backend_url_scheme }}
+    secrets: inherit
+
+  deploy:
+    name: Helm upgrade/install (prod)
+    runs-on: vhs
+    needs: [build, frontend, get_urls]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Helm
+        uses: azure/setup-helm@v4
+
+      - name: Setup kubectl
+        uses: azure/setup-kubectl@v4
+
+      - name: Configure kubeconfig
+        env:
+          KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
+        run: |
+          mkdir -p ~/.kube
+          if [ -z "$KUBE_CONFIG" ]; then
+            echo "Secret KUBE_CONFIG is required (kubeconfig content)"; exit 1; fi
+          echo "$KUBE_CONFIG" > ~/.kube/config
+          chmod 600 ~/.kube/config
+
+      - name: Helm upgrade/install prod
+        env:
+          DOMAIN: ${{ needs.get_urls.outputs.backend_url }}
+          DOMAIN_SCHEME: ${{ needs.get_urls.outputs.backend_url_scheme }}
+          FRONTEND_DOMAIN: ${{ needs.get_urls.outputs.frontend_url }}
+          FRONTEND_DOMAIN_SCHEME: ${{ needs.get_urls.outputs.frontend_url_scheme }}
+          RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }}
+          DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }}
+          DIGEST: ${{ needs.build.outputs.digest }}
+          BANKID_CLIENT_ID: ${{ secrets.BANKID_CLIENT_ID }}
+          BANKID_CLIENT_SECRET: ${{ secrets.BANKID_CLIENT_SECRET }}
+          MOJEID_CLIENT_ID: ${{ secrets.MOJEID_CLIENT_ID }}
+          MOJEID_CLIENT_SECRET: ${{ secrets.MOJEID_CLIENT_SECRET }}
+
+        run: |
+          helm upgrade --install myapp ./7project/charts/myapp-chart \
+            -n prod --create-namespace \
+            -f 7project/charts/myapp-chart/values-prod.yaml \
+            --set deployment="prod" \
+            --set domain="$DOMAIN" \
+            --set domain_scheme="$DOMAIN_SCHEME" \
+            --set frontend_domain="$FRONTEND_DOMAIN" \
+            --set frontend_domain_scheme="$FRONTEND_DOMAIN_SCHEME" \
+            --set image.digest="$DIGEST" \
+            --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
+            --set-string database.password="$DB_PASSWORD"
+            --set-string oauth.bankid.clientId="$BANKID_CLIENT_ID" \
+            --set-string oauth.bankid.clientSecret="$BANKID_CLIENT_SECRET" \
+            --set-string oauth.mojeid.clientId="$MOJEID_CLIENT_ID" \
+            --set-string oauth.mojeid.clientSecret="$MOJEID_CLIENT_SECRET"

.github/workflows/frontend-pages.yml

@@ -0,0 +1,135 @@
+name: Frontend - Build and Deploy to Cloudflare Pages
+
+on:
+  workflow_call:
+    inputs:
+      mode:
+        description: "Build mode: 'prod' or 'pr'"
+        required: true
+        type: string
+      pr_number:
+        description: 'PR number (required when mode=pr)'
+        required: false
+        type: string
+      project_name:
+        description: 'Cloudflare Pages project name (overrides default)'
+        required: false
+        type: string
+      backend_url_scheme:
+        description: 'The full scheme URL for the backend (e.g., https://api.example.com)'
+        required: true
+        type: string
+    secrets:
+      CLOUDFLARE_API_TOKEN:
+        required: true
+      CLOUDFLARE_ACCOUNT_ID:
+        required: true
+    outputs:
+      deployed_url:
+        description: 'URL of deployed frontend'
+        value: ${{ jobs.deploy.outputs.deployed_url }}
+
+jobs:
+  build:
+    name: Build frontend
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: 7project/frontend
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Use Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+          cache-dependency-path: 7project/frontend/package-lock.json
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Set backend URL from workflow input
+        run: |
+          echo "VITE_BACKEND_URL=${{ inputs.backend_url_scheme }}" >> $GITHUB_ENV
+
+      - name: Build
+        run: npm run build
+
+      - name: Upload build artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: frontend-dist
+          path: 7project/frontend/dist
+
+  deploy:
+    name: Deploy to Cloudflare Pages
+    needs: build
+    runs-on: ubuntu-latest
+    outputs:
+      deployed_url: ${{ steps.out.outputs.deployed_url }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Download build artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: frontend-dist
+          path: dist
+
+      - name: Determine project name and branch
+        id: pname
+        env:
+          INPUT_MODE: ${{ inputs.mode }}
+          INPUT_PR: ${{ inputs.pr_number }}
+        run: |
+          set -euo pipefail
+          # Prefer manual input, then repo variable, fallback to repo-name
+          INPUT_NAME='${{ inputs.project_name }}'
+          VAR_NAME='${{ vars.CF_PAGES_PROJECT_NAME }}'
+          if [ -n "$INPUT_NAME" ]; then PNAME_RAW="$INPUT_NAME"; 
+          elif [ -n "$VAR_NAME" ]; then PNAME_RAW="$VAR_NAME"; 
+          else PNAME_RAW="${GITHUB_REPOSITORY##*/}-frontend"; fi
+          # Normalize project name to lowercase to satisfy Cloudflare Pages naming
+          PNAME="${PNAME_RAW,,}"
+          # Determine branch for Pages
+          if [ "${INPUT_MODE}" = "pr" ]; then
+            if [ -z "${INPUT_PR}" ]; then echo "pr_number is required when mode=pr"; exit 1; fi
+            PBRANCH="pr-${INPUT_PR}"
+          else
+            PBRANCH="main"
+          fi
+          echo "project_name=$PNAME" >> $GITHUB_OUTPUT
+          echo "branch=$PBRANCH" >> $GITHUB_OUTPUT
+
+      - name: Ensure Cloudflare Pages project exists
+        env:
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+          PNAME: ${{ steps.pname.outputs.project_name }}
+        run: |
+          set -euo pipefail
+          npx wrangler pages project create "$PNAME" --production-branch=main || true
+
+      - name: Deploy using Cloudflare Wrangler
+        uses: cloudflare/wrangler-action@v3
+        with:
+          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+          command: pages deploy dist --project-name=${{ steps.pname.outputs.project_name }} --branch=${{ steps.pname.outputs.branch }}
+
+      - name: Compute deployed URL
+        id: out
+        env:
+          PNAME: ${{ steps.pname.outputs.project_name }}
+          PBRANCH: ${{ steps.pname.outputs.branch }}
+        run: |
+          set -euo pipefail
+          if [ "$PBRANCH" = "main" ]; then
+            URL="https://${PNAME}.pages.dev"
+          else
+            URL="https://${PBRANCH}.${PNAME}.pages.dev"
+          fi
+          echo "deployed_url=$URL" >> $GITHUB_OUTPUT

.github/workflows/url_generator.yml

@@ -0,0 +1,74 @@
+name: Generate Preview or Production URLs
+
+on:
+  workflow_call:
+    inputs:
+      mode:
+        description: "Build mode: 'prod' or 'pr'"
+        required: true
+        type: string
+      pr_number:
+        description: 'PR number (required when mode=pr)'
+        required: false
+        type: string
+      runner:
+        description: 'The runner to use for this job'
+        required: false
+        type: string
+        default: 'ubuntu-latest'
+      base_domain:
+        description: 'The base domain for production URLs (e.g., example.com)'
+        required: true
+        type: string
+
+    outputs:
+      backend_url:
+        description: "The backend URL without scheme (e.g., api.example.com)"
+        value: ${{ jobs.generate-urls.outputs.backend_url }}
+      frontend_url:
+        description: "The frontend URL without scheme (e.g., app.example.com)"
+        value: ${{ jobs.generate-urls.outputs.frontend_url }}
+      backend_url_scheme:
+        description: "The backend URL with scheme (e.g., https://api.example.com)"
+        value: ${{ jobs.generate-urls.outputs.backend_url_scheme }}
+      frontend_url_scheme:
+        description: "The frontend URL with scheme (e.g., https://app.example.com)"
+        value: ${{ jobs.generate-urls.outputs.frontend_url_scheme }}
+
+jobs:
+  generate-urls:
+    permissions:
+      contents: none
+    runs-on: ${{ inputs.runner }}
+
+    outputs:
+      backend_url: ${{ steps.set_urls.outputs.backend_url }}
+      frontend_url: ${{ steps.set_urls.outputs.frontend_url }}
+      backend_url_scheme: ${{ steps.set_urls.outputs.backend_url_scheme }}
+      frontend_url_scheme: ${{ steps.set_urls.outputs.frontend_url_scheme }}
+
+    steps:
+      - name: Generate URLs
+        id: set_urls
+        env:
+          BASE_DOMAIN: ${{ inputs.base_domain }}
+        run: |
+          set -euo pipefail
+          
+          if [ "${{ inputs.mode }}" = "prod" ]; then
+            BACKEND_URL="api.${BASE_DOMAIN}"
+            FRONTEND_URL="finance.${BASE_DOMAIN}"
+          else
+            # This is your current logic
+            FRONTEND_URL="pr-${{ inputs.pr_number }}.group-8-frontend.pages.dev"
+            BACKEND_URL="api-pr-${{ inputs.pr_number }}.${BASE_DOMAIN}"
+          fi
+
+          FRONTEND_URL_SCHEME="https://$FRONTEND_URL"
+          BACKEND_URL_SCHEME="https://$BACKEND_URL"
+          
+          # This part correctly writes to GITHUB_OUTPUT for the step
+          echo "backend_url_scheme=$BACKEND_URL_SCHEME" >> $GITHUB_OUTPUT
+          echo "frontend_url_scheme=$FRONTEND_URL_SCHEME" >> $GITHUB_OUTPUT
+          echo "backend_url=$BACKEND_URL" >> $GITHUB_OUTPUT
+          echo "frontend_url=$FRONTEND_URL" >> $GITHUB_OUTPUT

.github/workflows/workflow.yml

@@ -1,54 +0,0 @@
-name: Build, Push and Update Image in Manifest
-
-on:
-  push:
-    branches: [ "main" ]
-    paths:
-      - 'backend/**'
-  workflow_dispatch:
-
-jobs:
-  build-and-update:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      packages: write
-
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKER_USER }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Build and push Docker image
-        id: build
-        uses: docker/build-push-action@v5
-        with:
-          context: ./backend
-          push: true
-          tags: ${{ secrets.DOCKER_USER }}/cc-app-demo:latest
-
-      - name: Get image digest
-        run: echo "IMAGE_DIGEST=${{ steps.build.outputs.digest }}" >> $GITHUB_ENV
-
-      - name: Update manifests with new image digest
-        uses: OpsVerseIO/image-updater-action@0.1.0
-        with:
-          branch: main
-          targetBranch: main
-          createPR: 'false'
-          message: "${{ github.event.head_commit.message }}"
-          token: ${{ secrets.GITHUB_TOKEN }}
-          changes: |
-            {
-              "deployment/app-demo-deployment.yaml": {
-                "spec.template.spec.containers[0].image": "${{ secrets.DOCKER_USER }}/cc-app-demo@${{ env.IMAGE_DIGEST }}"
-              },
-              "deployment/app-demo-worker-deployment.yaml": {
-                "spec.template.spec.containers[0].image": "${{ secrets.DOCKER_USER }}/cc-app-demo@${{ env.IMAGE_DIGEST }}"
-              }
-            }

6design/design.md

@@ -45,11 +45,11 @@ flowchart LR
     proc_cron[Task planner] --> proc_queue
     proc_queue_worker --> ext_bank[(Bank API)]
     proc_queue_worker --> db
-    client[Client/UI] --> api[API Gateway / Web Server]
-    api --> svc[Web API]
+    client[Client/UI] <--> api[API Gateway / Web Server]
+    api <--> svc[Web API]
     svc --> proc_queue
-    svc --> db[(Database)]
-    svc --> cache[(Cache)]
+    svc <--> db[(Database)]
+    svc <--> cache[(Cache)]
 ```
 
 - Components and responsibilities: What does each box do?

7project/backend/Dockerfile

@@ -1,7 +1,8 @@
 FROM python:3.11-slim
+
 WORKDIR /app
 COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
 COPY . .
 EXPOSE 8000
-CMD alembic upgrade head && uvicorn app.app:app --host 0.0.0.0 --port 8000
+CMD alembic upgrade head && uvicorn app.app:fastApi --host 0.0.0.0 --port 8000

7project/backend/alembic.ini

@@ -11,7 +11,7 @@ script_location = %(here)s/alembic
 # Uncomment the line below if you want the files to be prepended with date and time
 # see https://alembic.sqlalchemy.org/en/latest/tutorial.html#editing-the-ini-file
 # for all available tokens
-# file_template = %%(year)d_%%(month).2d_%%(day).2d_%%(hour).2d%%(minute).2d-%%(rev)s_%%(slug)s
+file_template = %%(year)d_%%(month).2d_%%(day).2d_%%(hour).2d%%(minute).2d-%%(rev)s_%%(slug)s
 
 # sys.path path, will be prepended to sys.path if present.
 # defaults to the current working directory.  for multiple paths, the path separator

7project/backend/alembic/env.py

@@ -23,9 +23,10 @@ if not DATABASE_URL:
     mariadb_password = os.getenv("MARIADB_PASSWORD", "strongpassword")
     DATABASE_URL = f"mysql+pymysql://{mariadb_user}:{mariadb_password}@{mariadb_host}:{mariadb_port}/{mariadb_db}"
 
-# Use synchronous driver for Alembic migrations
 SYNC_DATABASE_URL = DATABASE_URL.replace("+asyncmy", "+pymysql")
 
+ssl_enabled = os.getenv("MARIADB_HOST", "localhost") != "localhost"
+connect_args = {"ssl": {"ssl": True}} if ssl_enabled else {}
 
 def run_migrations_offline() -> None:
     context.configure(
@@ -39,7 +40,7 @@ def run_migrations_offline() -> None:
 
 
 def run_migrations_online() -> None:
-    connectable = create_engine(SYNC_DATABASE_URL, poolclass=pool.NullPool)
+    connectable = create_engine(SYNC_DATABASE_URL, poolclass=pool.NullPool, connect_args=connect_args)
     with connectable.connect() as connection:
         context.configure(
             connection=connection,

7project/backend/alembic/versions/2025_10_09_1456-63e072f09836_add_categories.py

@@ -1,8 +1,8 @@
-"""Init migration
+"""add categories
 
-Revision ID: 81f275275556
+Revision ID: 63e072f09836
 Revises: 
-Create Date: 2025-09-24 17:39:25.346690
+Create Date: 2025-10-09 14:56:14.653249
 
 """
 from typing import Sequence, Union
@@ -13,7 +13,7 @@ import sqlalchemy as sa
 
 
 # revision identifiers, used by Alembic.
-revision: str = '81f275275556'
+revision: str = '63e072f09836'
 down_revision: Union[str, Sequence[str], None] = None
 branch_labels: Union[str, Sequence[str], None] = None
 depends_on: Union[str, Sequence[str], None] = None
@@ -22,12 +22,6 @@ depends_on: Union[str, Sequence[str], None] = None
 def upgrade() -> None:
     """Upgrade schema."""
     # ### commands auto generated by Alembic - please adjust! ###
-    op.create_table('transaction',
-    sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
-    sa.Column('amount', sa.Float(), nullable=False),
-    sa.Column('description', sa.String(length=255), nullable=True),
-    sa.PrimaryKeyConstraint('id')
-    )
     op.create_table('user',
     sa.Column('first_name', sa.String(length=100), nullable=True),
     sa.Column('last_name', sa.String(length=100), nullable=True),
@@ -40,13 +34,38 @@ def upgrade() -> None:
     sa.PrimaryKeyConstraint('id')
     )
     op.create_index(op.f('ix_user_email'), 'user', ['email'], unique=True)
+    op.create_table('categories',
+    sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
+    sa.Column('name', sa.String(length=100), nullable=False),
+    sa.Column('description', sa.String(length=255), nullable=True),
+    sa.Column('user_id', fastapi_users_db_sqlalchemy.generics.GUID(), nullable=False),
+    sa.ForeignKeyConstraint(['user_id'], ['user.id'], ),
+    sa.PrimaryKeyConstraint('id'),
+    sa.UniqueConstraint('name')
+    )
+    op.create_table('transaction',
+    sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
+    sa.Column('amount', sa.Float(), nullable=False),
+    sa.Column('description', sa.String(length=255), nullable=True),
+    sa.Column('user_id', fastapi_users_db_sqlalchemy.generics.GUID(), nullable=False),
+    sa.ForeignKeyConstraint(['user_id'], ['user.id'], ),
+    sa.PrimaryKeyConstraint('id')
+    )
+    op.create_table('category_transaction',
+    sa.Column('id_category', sa.Integer(), nullable=True),
+    sa.Column('id_transaction', sa.Integer(), nullable=True),
+    sa.ForeignKeyConstraint(['id_category'], ['categories.id'], ),
+    sa.ForeignKeyConstraint(['id_transaction'], ['transaction.id'], )
+    )
     # ### end Alembic commands ###
 
 
 def downgrade() -> None:
     """Downgrade schema."""
     # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_table('category_transaction')
+    op.drop_table('transaction')
+    op.drop_table('categories')
     op.drop_index(op.f('ix_user_email'), table_name='user')
     op.drop_table('user')
-    op.drop_table('transaction')
     # ### end Alembic commands ###

7project/backend/alembic/versions/2025_10_09_1514-390041bd839e_update_categories_unique.py

@@ -0,0 +1,34 @@
+"""update categories unique
+
+Revision ID: 390041bd839e
+Revises: 63e072f09836
+Create Date: 2025-10-09 15:14:31.557686
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision: str = '390041bd839e'
+down_revision: Union[str, Sequence[str], None] = '63e072f09836'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_index(op.f('name'), table_name='categories')
+    op.create_unique_constraint('uix_name_user_id', 'categories', ['name', 'user_id'])
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_constraint('uix_name_user_id', 'categories', type_='unique')
+    op.create_index(op.f('name'), 'categories', ['name'], unique=True)
+    # ### end Alembic commands ###

7project/backend/alembic/versions/2025_10_10_1405-7af8f296d089_add_user_oauth.py

@@ -0,0 +1,48 @@
+"""add user oauth
+
+Revision ID: 7af8f296d089
+Revises: 390041bd839e
+Create Date: 2025-10-10 14:05:00.153376
+
+"""
+from typing import Sequence, Union
+
+import fastapi_users_db_sqlalchemy
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision: str = '7af8f296d089'
+down_revision: Union[str, Sequence[str], None] = '390041bd839e'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('oauth_account',
+    sa.Column('id', fastapi_users_db_sqlalchemy.generics.GUID(), nullable=False),
+    sa.Column('user_id', fastapi_users_db_sqlalchemy.generics.GUID(), nullable=False),
+    sa.Column('oauth_name', sa.String(length=100), nullable=False),
+    sa.Column('access_token', sa.String(length=1024), nullable=False),
+    sa.Column('expires_at', sa.Integer(), nullable=True),
+    sa.Column('refresh_token', sa.String(length=1024), nullable=True),
+    sa.Column('account_id', sa.String(length=320), nullable=False),
+    sa.Column('account_email', sa.String(length=320), nullable=False),
+    sa.ForeignKeyConstraint(['user_id'], ['user.id'], ondelete='cascade'),
+    sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_oauth_account_account_id'), 'oauth_account', ['account_id'], unique=False)
+    op.create_index(op.f('ix_oauth_account_oauth_name'), 'oauth_account', ['oauth_name'], unique=False)
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_index(op.f('ix_oauth_account_oauth_name'), table_name='oauth_account')
+    op.drop_index(op.f('ix_oauth_account_account_id'), table_name='oauth_account')
+    op.drop_table('oauth_account')
+    # ### end Alembic commands ###

7project/backend/alembic/versions/2025_10_11_2107-5ab2e654c96e_change_token_lenght.py

@@ -0,0 +1,38 @@
+"""change token length
+
+Revision ID: 5ab2e654c96e
+Revises: 7af8f296d089
+Create Date: 2025-10-11 21:07:41.930470
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import mysql
+
+# revision identifiers, used by Alembic.
+revision: str = '5ab2e654c96e'
+down_revision: Union[str, Sequence[str], None] = '7af8f296d089'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column('oauth_account', 'access_token',
+               existing_type=mysql.VARCHAR(length=1024),
+               type_=sa.String(length=4096),
+               existing_nullable=False)
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column('oauth_account', 'access_token',
+               existing_type=sa.String(length=4096),
+               type_=mysql.VARCHAR(length=1024),
+               existing_nullable=False)
+    # ### end Alembic commands ###

7project/backend/app/api/auth.py

@@ -0,0 +1,31 @@
+from fastapi import APIRouter
+
+from app.schemas.user import UserCreate, UserRead, UserUpdate
+from app.services.user_service import auth_backend, fastapi_users
+
+router = APIRouter()
+
+# Keep existing paths as-is under /auth/* and /users/*
+router.include_router(
+    fastapi_users.get_auth_router(auth_backend), prefix="/auth/jwt", tags=["auth"]
+)
+router.include_router(
+    fastapi_users.get_register_router(UserRead, UserCreate),
+    prefix="/auth",
+    tags=["auth"],
+)
+router.include_router(
+    fastapi_users.get_reset_password_router(),
+    prefix="/auth",
+    tags=["auth"],
+)
+router.include_router(
+    fastapi_users.get_verify_router(UserRead),
+    prefix="/auth",
+    tags=["auth"],
+)
+router.include_router(
+    fastapi_users.get_users_router(UserRead, UserUpdate),
+    prefix="/users",
+    tags=["users"],
+)

7project/backend/app/api/categories.py

@@ -0,0 +1,77 @@
+from typing import List
+
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlalchemy import select, delete
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.models.categories import Category
+from app.schemas.category import CategoryCreate, CategoryRead
+from app.services.db import get_async_session
+from app.services.user_service import current_active_user
+from app.models.user import User
+
+router = APIRouter(prefix="/categories", tags=["categories"])
+
+
+@router.post("/create", response_model=CategoryRead, status_code=status.HTTP_201_CREATED)
+async def create_category(
+    payload: CategoryCreate,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    # Enforce per-user unique name via query to provide 409 feedback
+    res = await session.execute(
+        select(Category).where(Category.user_id == user.id, Category.name == payload.name)
+    )
+    existing = res.scalar_one_or_none()
+    if existing:
+        raise HTTPException(status_code=409, detail="Category with this name already exists")
+
+    category = Category(name=payload.name, description=payload.description, user_id=user.id)
+    session.add(category)
+    await session.commit()
+    await session.refresh(category)
+    return category
+
+
+@router.get("/", response_model=List[CategoryRead])
+async def list_categories(
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    res = await session.execute(select(Category).where(Category.user_id == user.id))
+    return list(res.scalars())
+
+
+@router.get("/{category_id}", response_model=CategoryRead)
+async def get_category(
+    category_id: int,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    res = await session.execute(
+        select(Category).where(Category.id == category_id, Category.user_id == user.id)
+    )
+    category = res.scalar_one_or_none()
+    if not category:
+        raise HTTPException(status_code=404, detail="Category not found")
+    return category
+
+
+@router.delete("/{category_id}", status_code=status.HTTP_204_NO_CONTENT)
+async def delete_category(
+    category_id: int,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    res = await session.execute(
+        select(Category.id).where(Category.id == category_id, Category.user_id == user.id)
+    )
+    if res.scalar_one_or_none() is None:
+        raise HTTPException(status_code=404, detail="Category not found")
+
+    await session.execute(
+        delete(Category).where(Category.id == category_id, Category.user_id == user.id)
+    )
+    await session.commit()
+    return None

7project/backend/app/api/transactions.py

@@ -0,0 +1,219 @@
+from typing import List, Optional
+
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlalchemy import select
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.models.transaction import Transaction
+from app.models.categories import Category
+from app.schemas.transaction import (
+    TransactionCreate,
+    TransactionRead,
+    TransactionUpdate,
+)
+from app.services.db import get_async_session
+from app.services.user_service import current_active_user
+from app.models.user import User
+
+router = APIRouter(prefix="/transactions", tags=["transactions"])
+
+
+def _to_read_model(tx: Transaction) -> TransactionRead:
+    return TransactionRead(
+        id=tx.id,
+        amount=tx.amount,
+        description=tx.description,
+        category_ids=[c.id for c in (tx.categories or [])],
+    )
+
+
+@router.post("/create", response_model=TransactionRead, status_code=status.HTTP_201_CREATED)
+async def create_transaction(
+    payload: TransactionCreate,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    tx = Transaction(amount=payload.amount, description=payload.description, user_id=user.id)
+
+    # Attach categories if provided (and owned by user)
+    if payload.category_ids:
+        res = await session.execute(
+            select(Category).where(
+                Category.user_id == user.id, Category.id.in_(payload.category_ids)
+            )
+        )
+        categories = list(res.scalars())
+        if len(categories) != len(set(payload.category_ids)):
+            raise HTTPException(
+                status_code=400,
+                detail="Duplicate category IDs provided or one or more categories not found"
+            )
+        tx.categories = categories
+
+    session.add(tx)
+    await session.commit()
+    await session.refresh(tx)
+    # Ensure categories are loaded
+    await session.refresh(tx, attribute_names=["categories"])
+    return _to_read_model(tx)
+
+
+@router.get("/", response_model=List[TransactionRead])
+async def list_transactions(
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    res = await session.execute(
+        select(Transaction).where(Transaction.user_id == user.id).order_by(Transaction.id)
+    )
+    txs = list(res.scalars())
+    # Eagerly load categories for each transaction
+    for tx in txs:
+        await session.refresh(tx, attribute_names=["categories"])
+    return [_to_read_model(tx) for tx in txs]
+
+
+@router.get("/{transaction_id}", response_model=TransactionRead)
+async def get_transaction(
+    transaction_id: int,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    res = await session.execute(
+        select(Transaction).where(
+            Transaction.id == transaction_id, Transaction.user_id == user.id
+        )
+    )
+    tx: Optional[Transaction] = res.scalar_one_or_none()
+    if not tx:
+        raise HTTPException(status_code=404, detail="Transaction not found")
+    await session.refresh(tx, attribute_names=["categories"])
+    return _to_read_model(tx)
+
+
+@router.patch("/{transaction_id}/edit", response_model=TransactionRead)
+async def update_transaction(
+    transaction_id: int,
+    payload: TransactionUpdate,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    res = await session.execute(
+        select(Transaction).where(
+            Transaction.id == transaction_id, Transaction.user_id == user.id
+        )
+    )
+    tx: Optional[Transaction] = res.scalar_one_or_none()
+    if not tx:
+        raise HTTPException(status_code=404, detail="Transaction not found")
+
+    if payload.amount is not None:
+        tx.amount = payload.amount
+    if payload.description is not None:
+        tx.description = payload.description
+
+    if payload.category_ids is not None:
+        # Preload categories to avoid async lazy-load during assignment
+        await session.refresh(tx, attribute_names=["categories"])
+        if payload.category_ids:
+            # Check for duplicate category IDs in the payload
+            if len(payload.category_ids) != len(set(payload.category_ids)):
+                raise HTTPException(status_code=400, detail="Duplicate category IDs in payload")
+            res = await session.execute(
+                select(Category).where(
+                    Category.user_id == user.id, Category.id.in_(payload.category_ids)
+                )
+            )
+            categories = list(res.scalars())
+            if len(categories) != len(payload.category_ids):
+                raise HTTPException(status_code=400, detail="One or more categories not found")
+            tx.categories = categories
+        else:
+            tx.categories = []
+
+    await session.commit()
+    await session.refresh(tx, attribute_names=["categories"])
+    return _to_read_model(tx)
+
+
+@router.delete("/{transaction_id}/delete", status_code=status.HTTP_204_NO_CONTENT)
+async def delete_transaction(
+    transaction_id: int,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    res = await session.execute(
+        select(Transaction).where(
+            Transaction.id == transaction_id, Transaction.user_id == user.id
+        )
+    )
+    tx = res.scalar_one_or_none()
+    if not tx:
+        raise HTTPException(status_code=404, detail="Transaction not found")
+
+    await session.delete(tx)
+    await session.commit()
+    return None
+
+
+@router.post("/{transaction_id}/categories/{category_id}", response_model=TransactionRead)
+async def assign_category(
+    transaction_id: int,
+    category_id: int,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    # Load transaction and category ensuring ownership
+    res_tx = await session.execute(
+        select(Transaction).where(
+            Transaction.id == transaction_id, Transaction.user_id == user.id
+        )
+    )
+    tx: Optional[Transaction] = res_tx.scalar_one_or_none()
+    if not tx:
+        raise HTTPException(status_code=404, detail="Transaction not found")
+
+    res_cat = await session.execute(
+        select(Category).where(Category.id == category_id, Category.user_id == user.id)
+    )
+    cat: Optional[Category] = res_cat.scalar_one_or_none()
+    if not cat:
+        raise HTTPException(status_code=404, detail="Category not found")
+
+    await session.refresh(tx, attribute_names=["categories"])
+    if cat not in tx.categories:
+        tx.categories.append(cat)
+        await session.commit()
+        await session.refresh(tx, attribute_names=["categories"])
+    return _to_read_model(tx)
+
+
+@router.delete("/{transaction_id}/categories/{category_id}", response_model=TransactionRead)
+async def unassign_category(
+    transaction_id: int,
+    category_id: int,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    res_tx = await session.execute(
+        select(Transaction).where(
+            Transaction.id == transaction_id, Transaction.user_id == user.id
+        )
+    )
+    tx: Optional[Transaction] = res_tx.scalar_one_or_none()
+    if not tx:
+        raise HTTPException(status_code=404, detail="Transaction not found")
+
+    res_cat = await session.execute(
+        select(Category).where(Category.id == category_id, Category.user_id == user.id)
+    )
+    cat: Optional[Category] = res_cat.scalar_one_or_none()
+    if not cat:
+        raise HTTPException(status_code=404, detail="Category not found")
+
+    await session.refresh(tx, attribute_names=["categories"])
+    if cat in tx.categories:
+        tx.categories.remove(cat)
+        await session.commit()
+        await session.refresh(tx, attribute_names=["categories"])
+    return _to_read_model(tx)

7project/backend/app/app.py

@@ -0,0 +1,61 @@
+from fastapi import Depends, FastAPI
+from fastapi.middleware.cors import CORSMiddleware
+
+from app.models.user import User
+
+from app.services.user_service import current_active_verified_user
+from app.api.auth import router as auth_router
+from app.api.categories import router as categories_router
+from app.api.transactions import router as transactions_router
+from app.services.user_service import auth_backend, current_active_verified_user, fastapi_users, get_oauth_provider
+
+fastApi = FastAPI()
+
+# CORS for frontend dev server
+fastApi.add_middleware(
+    CORSMiddleware,
+    allow_origins=[
+        "http://localhost:5173",
+        "http://127.0.0.1:5173",
+    ],
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+fastApi.include_router(auth_router)
+fastApi.include_router(categories_router)
+fastApi.include_router(transactions_router)
+
+fastApi.include_router(
+    fastapi_users.get_oauth_router(
+        get_oauth_provider("MojeID"),
+        auth_backend,
+        "SECRET",
+        associate_by_email=True,
+    ),
+    prefix="/auth/mojeid",
+    tags=["auth"],
+)
+
+fastApi.include_router(
+    fastapi_users.get_oauth_router(
+        get_oauth_provider("BankID"),
+        auth_backend,
+        "SECRET",
+        associate_by_email=True,
+    ),
+    prefix="/auth/bankid",
+    tags=["auth"],
+)
+
+
+# Liveness/root endpoint
+@fastApi.get("/", include_in_schema=False)
+async def root():
+    return {"status": "ok"}
+
+
+@fastApi.get("/authenticated-route")
+async def authenticated_route(user: User = Depends(current_active_verified_user)):
+    return {"message": f"Hello {user.email}!"}

7project/backend/app/core/db.py

@@ -17,6 +17,7 @@ if not DATABASE_URL:
 # Load all models to register them
 from app.models.user import User
 from app.models.transaction import Transaction
+from app.models.categories import Category
 
 ssl_enabled = os.getenv("MARIADB_HOST", "localhost") != "localhost"
 connect_args = {"ssl": {"ssl": True}} if ssl_enabled else {}

7project/backend/app/models/categories.py

@@ -0,0 +1,25 @@
+from fastapi_users_db_sqlalchemy import GUID
+from sqlalchemy import Column, Integer, String, ForeignKey, Table, UniqueConstraint
+from sqlalchemy.orm import relationship
+
+from app.core.base import Base
+
+association_table = Table(
+    "category_transaction",
+    Base.metadata,
+    Column("id_category", Integer, ForeignKey("categories.id")),
+    Column("id_transaction", Integer, ForeignKey("transaction.id"))
+)
+
+
+class Category(Base):
+    __tablename__ = "categories"
+    __table_args__ = (
+        UniqueConstraint("name", "user_id", name="uix_name_user_id"),
+    )
+    id = Column(Integer, primary_key=True, autoincrement=True)
+    name = Column(String(length=100), nullable=False)
+    description = Column(String(length=255), nullable=True)
+    user_id = Column(GUID, ForeignKey("user.id"), nullable=False)
+    user = relationship("User", back_populates="categories")
+    transactions = relationship("Transaction", secondary=association_table, back_populates="categories")

7project/backend/app/models/transaction.py

@@ -0,0 +1,17 @@
+from fastapi_users_db_sqlalchemy import GUID
+from sqlalchemy import Column, Integer, String, Float, ForeignKey
+from sqlalchemy.orm import relationship
+from app.core.base import Base
+from app.models.categories import association_table
+
+
+class Transaction(Base):
+    __tablename__ = "transaction"
+    id = Column(Integer, primary_key=True, autoincrement=True)
+    amount = Column(Float, nullable=False)
+    description = Column(String(length=255), nullable=True)
+    user_id = Column(GUID, ForeignKey("user.id"), nullable=False)
+
+    # Relationship
+    user = relationship("User", back_populates="transactions")
+    categories = relationship("Category", secondary=association_table, back_populates="transactions")

7project/backend/app/models/user.py

@@ -0,0 +1,19 @@
+from sqlalchemy import Column, String
+from sqlalchemy.orm import relationship, mapped_column, Mapped
+from fastapi_users.db import SQLAlchemyBaseUserTableUUID, SQLAlchemyBaseOAuthAccountTableUUID
+from app.core.base import Base
+
+
+class OAuthAccount(SQLAlchemyBaseOAuthAccountTableUUID, Base):
+    # BankID token is longer than default
+    access_token: Mapped[str] = mapped_column(String(length=4096), nullable=False)
+
+
+class User(SQLAlchemyBaseUserTableUUID, Base):
+    first_name = Column(String(length=100), nullable=True)
+    last_name = Column(String(length=100), nullable=True)
+    oauth_accounts = relationship("OAuthAccount", lazy="joined")
+
+    # Relationship
+    transactions = relationship("Transaction", back_populates="user")
+    categories = relationship("Category", back_populates="user")

7project/backend/app/oauth/bank_id.py

@@ -0,0 +1,50 @@
+import secrets
+from typing import Optional, Literal
+
+from httpx_oauth.oauth2 import T
+
+from app.oauth.custom_openid import CustomOpenID
+
+
+class BankID(CustomOpenID):
+    def __init__(self, client_id: str, client_secret: str):
+        super().__init__(
+            client_id,
+            client_secret,
+            "https://oidc.sandbox.bankid.cz/.well-known/openid-configuration",
+            "BankID",
+            base_scopes=["openid", "profile.email", "profile.name"],
+        )
+
+    async def get_user_info(self, token: str) -> dict:
+        info = await self.get_profile(token)
+
+        return {
+            "first_name": info.get("given_name"),
+            "last_name": info.get("family_name"),
+        }
+
+    async def get_authorization_url(
+            self,
+            redirect_uri: str,
+            state: Optional[str] = None,
+            scope: Optional[list[str]] = None,
+            code_challenge: Optional[str] = None,
+            code_challenge_method: Optional[Literal["plain", "S256"]] = None,
+            extras_params: Optional[T] = None,
+    ) -> str:
+        if extras_params is None:
+            extras_params = {}
+
+        # BankID requires random nonce parameter for security
+        # https://developer.bankid.cz/docs/security_sep
+        extras_params["nonce"] = secrets.token_urlsafe()
+
+        return await super().get_authorization_url(
+            redirect_uri,
+            state,
+            scope,
+            code_challenge,
+            code_challenge_method,
+            extras_params,
+        )

7project/backend/app/oauth/custom_openid.py

@@ -0,0 +1,6 @@
+from httpx_oauth.clients.openid import OpenID
+
+
+class CustomOpenID(OpenID):
+    async def get_user_info(self, token: str) -> dict:
+        raise NotImplementedError()

7project/backend/app/oauth/moje_id.py

@@ -0,0 +1,56 @@
+import json
+from typing import Optional, Literal, Any
+
+from httpx_oauth.oauth2 import T
+
+from app.oauth.custom_openid import CustomOpenID
+
+
+class MojeIDOAuth(CustomOpenID):
+    def __init__(self, client_id: str, client_secret: str):
+        super().__init__(
+            client_id,
+            client_secret,
+            "https://mojeid.regtest.nic.cz/.well-known/openid-configuration/",
+            "MojeID",
+            base_scopes=["openid", "email", "profile"],
+        )
+
+    async def get_user_info(self, token: str) -> Optional[Any]:
+        info = await self.get_profile(token)
+
+        return {
+            "first_name": info.get("given_name"),
+            "last_name": info.get("family_name"),
+        }
+
+    async def get_authorization_url(
+            self,
+            redirect_uri: str,
+            state: Optional[str] = None,
+            scope: Optional[list[str]] = None,
+            code_challenge: Optional[str] = None,
+            code_challenge_method: Optional[Literal["plain", "S256"]] = None,
+            extras_params: Optional[T] = None,
+    ) -> str:
+        required_fields = {
+            'id_token': {
+                'name': {'essential': True},
+                'given_name': {'essential': True},
+                'family_name': {'essential': True},
+                'email': {'essential': True},
+                'mojeid_valid': {'essential': True},
+            }}
+
+        if extras_params is None:
+            extras_params = {}
+        extras_params["claims"] = json.dumps(required_fields)
+
+        return await super().get_authorization_url(
+            redirect_uri,
+            state,
+            scope,
+            code_challenge,
+            code_challenge_method,
+            extras_params,
+        )

7project/backend/app/schemas/category.py

@@ -0,0 +1,16 @@
+from typing import Optional
+from pydantic import BaseModel, ConfigDict
+
+
+class CategoryBase(BaseModel):
+    name: str
+    description: Optional[str] = None
+
+
+class CategoryCreate(CategoryBase):
+    pass
+
+
+class CategoryRead(CategoryBase):
+    id: int
+    model_config = ConfigDict(from_attributes=True)

7project/backend/app/schemas/transaction.py

@@ -0,0 +1,21 @@
+from typing import List, Optional
+from pydantic import BaseModel, Field, ConfigDict
+
+
+class TransactionBase(BaseModel):
+    amount: float = Field(..., gt=-1e18, lt=1e18)
+    description: Optional[str] = None
+
+class TransactionCreate(TransactionBase):
+    category_ids: Optional[List[int]] = None
+
+class TransactionUpdate(BaseModel):
+    amount: Optional[float] = Field(None, gt=-1e18, lt=1e18)
+    description: Optional[str] = None
+    category_ids: Optional[List[int]] = None
+
+class TransactionRead(TransactionBase):
+    id: int
+    category_ids: List[int] = []
+
+    model_config = ConfigDict(from_attributes=True)

7project/backend/app/schemas/user.py

@@ -4,13 +4,13 @@ from fastapi_users import schemas
 
 class UserRead(schemas.BaseUser[uuid.UUID]):
     first_name: Optional[str] = None
-    surname: Optional[str] = None
+    last_name: Optional[str] = None
 
 class UserCreate(schemas.BaseUserCreate):
     first_name: Optional[str] = None
-    surname: Optional[str] = None
+    last_name: Optional[str] = None
 
 class UserUpdate(schemas.BaseUserUpdate):
     first_name: Optional[str] = None
-    surname: Optional[str] = None
+    last_name: Optional[str] = None
 

7project/backend/app/services/db.py

@@ -4,11 +4,13 @@ from sqlalchemy.ext.asyncio import AsyncSession
 from fastapi_users.db import SQLAlchemyUserDatabase
 
 from ..core.db import async_session_maker
-from ..models.user import User
+from ..models.user import User, OAuthAccount
+
 
 async def get_async_session() -> AsyncGenerator[AsyncSession, None]:
     async with async_session_maker() as session:
         yield session
 
+
 async def get_user_db(session: AsyncSession = Depends(get_async_session)):
-    yield SQLAlchemyUserDatabase(session, User)
+    yield SQLAlchemyUserDatabase(session, User, OAuthAccount)

7project/backend/app/services/user_service.py

@@ -3,26 +3,66 @@ import uuid
 from typing import Optional
 
 from fastapi import Depends, Request
-from fastapi_users import BaseUserManager, FastAPIUsers, UUIDIDMixin
+from fastapi_users import BaseUserManager, FastAPIUsers, UUIDIDMixin, models
 from fastapi_users.authentication import (
     AuthenticationBackend,
     BearerTransport,
 )
 from fastapi_users.authentication.strategy.jwt import JWTStrategy
 from fastapi_users.db import SQLAlchemyUserDatabase
+from httpx_oauth.oauth2 import BaseOAuth2
 
 from app.models.user import User
+from app.oauth.bank_id import BankID
+from app.oauth.custom_openid import CustomOpenID
+from app.oauth.moje_id import MojeIDOAuth
 from app.services.db import get_user_db
 from app.core.queue import enqueue_email
 
 SECRET = os.getenv("SECRET", "CHANGE_ME_SECRET")
+
 FRONTEND_URL = os.getenv("FRONTEND_URL", "http://localhost:5173")
 BACKEND_URL = os.getenv("BACKEND_URL", "http://localhost:8000")
 
+providers = {
+    "MojeID": MojeIDOAuth(
+        os.getenv("MOJEID_CLIENT_ID", "CHANGE_ME_CLIENT_ID"),
+        os.getenv("MOJEID_CLIENT_SECRET", "CHANGE_ME_CLIENT_SECRET"),
+    ),
+    "BankID": BankID(
+        os.getenv("BANKID_CLIENT_ID", "CHANGE_ME_CLIENT_ID"),
+        os.getenv("BANKID_CLIENT_SECRET", "CHANGE_ME_CLIENT_SECRET"),
+    )
+}
+
+
+def get_oauth_provider(name: str) -> Optional[BaseOAuth2]:
+    if name not in providers:
+        return None
+    return providers[name]
+
+
 class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
     reset_password_token_secret = SECRET
     verification_token_secret = SECRET
 
+    async def oauth_callback(self: "BaseUserManager[models.UOAP, models.ID]", oauth_name: str, access_token: str,
+                             account_id: str, account_email: str, expires_at: Optional[int] = None,
+                             refresh_token: Optional[str] = None, request: Optional[Request] = None, *,
+                             associate_by_email: bool = False, is_verified_by_default: bool = False) -> models.UOAP:
+
+        user = await super().oauth_callback(oauth_name, access_token, account_id, account_email, expires_at,
+                                            refresh_token, request, associate_by_email=associate_by_email,
+                                            is_verified_by_default=is_verified_by_default)
+
+        # set additional user info from the OAuth provider
+        provider = get_oauth_provider(oauth_name)
+        if provider is not None and isinstance(provider, CustomOpenID):
+            update_dict = await provider.get_user_info(access_token)
+            await self.user_db.update(user, update_dict)
+
+        return user
+
     async def on_after_register(self, user: User, request: Optional[Request] = None):
         await self.request_verify(user, request)
 
@@ -52,14 +92,18 @@ class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
             print("[Email Fallback] Subject:", subject)
             print("[Email Fallback] Body:\n", body)
 
+
 async def get_user_manager(user_db: SQLAlchemyUserDatabase = Depends(get_user_db)):
     yield UserManager(user_db)
 
+
 bearer_transport = BearerTransport(tokenUrl="auth/jwt/login")
 
+
 def get_jwt_strategy() -> JWTStrategy:
     return JWTStrategy(secret=SECRET, lifetime_seconds=3600)
 
+
 auth_backend = AuthenticationBackend(
     name="jwt",
     transport=bearer_transport,
@@ -70,4 +114,3 @@ fastapi_users = FastAPIUsers[User, uuid.UUID](get_user_manager, [auth_backend])
 
 current_active_user = fastapi_users.current_user(active=True)
 current_active_verified_user = fastapi_users.current_user(active=True, verified=True)
-

7project/backend/requirements.txt

@@ -11,6 +11,7 @@ asyncmy==0.2.9
 bcrypt==4.3.0
 billiard==4.2.2
 celery==5.5.3
+certifi==2025.10.5
 cffi==2.0.0
 click==8.1.8
 click-didyoumean==0.3.1
@@ -25,7 +26,10 @@ fastapi-users==14.0.1
 fastapi-users-db-sqlalchemy==7.0.0
 greenlet==3.2.4
 h11==0.16.0
+httpcore==1.0.9
 httptools==0.6.4
+httpx==0.28.1
+httpx-oauth==0.16.1
 idna==3.10
 kombu==5.5.4
 makefun==1.16.0

7project/charts/myapp-chart/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: myapp-chart
+version: 0.1.0
+description: Helm chart for my app with MariaDB Database CR
+appVersion: "1.0.0"
+type: application

7project/charts/myapp-chart/templates/app-deployment.yaml

@@ -0,0 +1,84 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.app.name }}
+spec:
+  replicas: {{ .Values.app.replicas }}
+  revisionHistoryLimit: 3
+  selector:
+    matchLabels:
+      app: {{ .Values.app.name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.app.name }}
+    spec:
+      containers:
+        - name: {{ .Values.app.name }}
+          image: "{{- if .Values.image.digest -}}{{ .Values.image.repository }}@{{ .Values.image.digest }}{{- else -}}{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}{{- end -}}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+          ports:
+            - containerPort: {{ .Values.app.port }}
+          env:
+            - name: MARIADB_HOST
+              value: "mariadb-repl-maxscale-internal.mariadb-operator.svc.cluster.local"
+            - name: MARIADB_PORT
+              value: '3306'
+            - name: MARIADB_DB
+              value: {{ required "Set .Values.deployment" .Values.deployment | quote }}
+            - name: MARIADB_USER
+              value: {{ required "Set .Values.deployment" .Values.deployment | quote }}
+            - name: MARIADB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ required "Set .Values.database.secretName" .Values.database.secretName }}
+                  key: password
+            - name: RABBITMQ_USERNAME
+              value: {{ .Values.rabbitmq.username | quote }}
+            - name: RABBITMQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
+                  key: password
+            - name: RABBITMQ_HOST
+              value: {{ printf "%s.%s.svc.cluster.local" "rabbitmq-cluster" .Release.Namespace | quote }}
+            - name: RABBITMQ_PORT
+              value: {{ .Values.rabbitmq.port | quote }}
+            - name: RABBITMQ_VHOST
+              value: {{ .Values.rabbitmq.vhost | default "/" | quote }}
+            - name: MAIL_QUEUE
+              value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }}
+            - name: MOJEID_CLIENT_ID
+              value: {{ .Values.oauth.mojeid.clientId | quote }}
+            - name: MOJEID_CLIENT_SECRET
+              value: {{ .Values.oauth.mojeid.clientSecret | quote }}
+            - name: BANKID_CLIENT_ID
+              value: {{ .Values.oauth.bankid.clientId | quote }}
+            - name: BANKID_CLIENT_SECRET
+              value: {{ .Values.oauth.bankid.clientSecret | quote }}
+            - name: DOMAIN
+              value: {{ required "Set .Values.domain" .Values.domain | quote }}
+            - name: DOMAIN_SCHEME
+              value: {{ required "Set .Values.domain_scheme" .Values.domain_scheme | quote }}
+            - name: FRONTEND_DOMAIN
+              value: {{ required "Set .Values.frontend_domain" .Values.frontend_domain | quote }}
+            - name: FRONTEND_DOMAIN_SCHEME
+              value: {{ required "Set .Values.frontend_domain_scheme" .Values.frontend_domain_scheme | quote }}
+          livenessProbe:
+            httpGet:
+              path: /
+              port: {{ .Values.app.port }}
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /
+              port: {{ .Values.app.port }}
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            failureThreshold: 3

7project/charts/myapp-chart/templates/database-grant.yaml

@@ -0,0 +1,18 @@
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Grant
+metadata:
+  name: grant
+spec:
+  mariaDbRef:
+    name: {{ .Values.mariadb.mariaDbRef.name }}
+    namespace: {{ .Values.mariadb.mariaDbRef.namespace }}
+  privileges:
+    - "ALL PRIVILEGES"
+  database: {{ required "Set .Values.deployment" .Values.deployment | quote }}
+  table: "*"
+  username: {{ required "Set .Values.deployment" .Values.deployment | quote }}
+  grantOption: true
+  host: "%"
+  cleanupPolicy: {{ .Values.mariadb.cleanupPolicy }}
+  requeueInterval: {{ .Values.mariadb.requeueInterval | quote }}
+  retryInterval: {{ .Values.mariadb.retryInterval | quote }}

7project/charts/myapp-chart/templates/database-secret.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ required "Set .Values.database.secretName" .Values.database.secretName }}
+type: kubernetes.io/basic-auth
+stringData:
+  password: {{ required "Set .Values.database.password" .Values.database.password | quote }}

7project/charts/myapp-chart/templates/database-user.yaml

@@ -0,0 +1,16 @@
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: User
+metadata:
+  name: {{ required "Set .Values.deployment" .Values.deployment }}
+spec:
+  mariaDbRef:
+    name: {{ .Values.mariadb.mariaDbRef.name }}
+    namespace: {{ .Values.mariadb.mariaDbRef.namespace }}
+  passwordSecretKeyRef:
+    name: {{ required "Set .Values.database.secretName" .Values.database.secretName }}
+    key: password
+  maxUserConnections: 20
+  host: "%"
+  cleanupPolicy: {{ .Values.mariadb.cleanupPolicy }}
+  requeueInterval: {{ .Values.mariadb.requeueInterval | quote }}
+  retryInterval: {{ .Values.mariadb.retryInterval | quote }}

7project/charts/myapp-chart/templates/database.yaml

@@ -0,0 +1,14 @@
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Database
+metadata:
+  name: {{ required "Set .Values.deployment" .Values.deployment }}
+spec:
+  mariaDbRef:
+    name: {{ .Values.mariadb.mariaDbRef.name | required "Values mariadb.mariaDbRef.name is required" }}
+    namespace: {{ .Values.mariadb.mariaDbRef.namespace | default .Release.Namespace }}
+  characterSet: utf8
+  collate: utf8_general_ci
+  cleanupPolicy: {{ .Values.mariadb.cleanupPolicy }}
+  requeueInterval: {{ .Values.mariadb.requeueInterval | quote }}
+  retryInterval: {{ .Values.mariadb.retryInterval | quote }}
+

7project/charts/myapp-chart/templates/rabbitmq-cluster.yaml

@@ -0,0 +1,10 @@
+apiVersion: rabbitmq.com/v1beta1
+kind: RabbitmqCluster
+metadata:
+  name: "rabbitmq-cluster"
+  namespace: {{ .Release.Namespace }}
+spec:
+  replicas: {{ .Values.rabbitmq.replicas | default 1 }}
+  persistence:
+    storage: {{ .Values.rabbitmq.storage | default "1Gi" }}
+  resources: {}

7project/charts/myapp-chart/templates/rabbitmq-permission.yaml

@@ -0,0 +1,15 @@
+apiVersion: rabbitmq.com/v1beta1
+kind: Permission
+metadata:
+  name: {{ printf "%s-permission" (.Values.rabbitmq.username | default "demo-app") }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  rabbitmqClusterReference:
+    name: rabbitmq-cluster
+    namespace: {{ .Release.Namespace }}
+  vhost: {{ .Values.rabbitmq.vhost | default "/" | quote }}
+  user: {{ .Values.rabbitmq.username | default "demo-app" }}
+  permissions:
+    configure: ".*"
+    read: ".*"
+    write: ".*"

7project/charts/myapp-chart/templates/rabbitmq-queue.yaml

@@ -0,0 +1,12 @@
+apiVersion: rabbitmq.com/v1beta1
+kind: Queue
+metadata:
+  name: {{ .Values.worker.mailQueueName | replace "_" "-" | lower }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  rabbitmqClusterReference:
+    name: rabbitmq-cluster
+    namespace: {{ .Release.Namespace }}
+  name: {{ .Values.worker.mailQueueName }}
+  vhost: {{ .Values.rabbitmq.vhost | default "/" | quote }}
+  durable: true

7project/charts/myapp-chart/templates/rabbitmq-user-secret.yaml

@@ -0,0 +1,10 @@
+{{- if .Values.rabbitmq.password }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
+  namespace: {{ .Release.Namespace }}
+stringData:
+  password: {{ .Values.rabbitmq.password | quote }}
+  username: {{ .Values.rabbitmq.username | quote }}
+{{- end }}

7project/charts/myapp-chart/templates/rabbitmq-user.yaml

@@ -0,0 +1,13 @@
+apiVersion: rabbitmq.com/v1beta1
+kind: User
+metadata:
+  name: {{ .Values.rabbitmq.username | default "demo-app" }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  rabbitmqClusterReference:
+    name: rabbitmq-cluster
+    namespace: {{ .Release.Namespace }}
+  tags:
+    - management
+  importCredentialsSecret:
+    name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}

7project/charts/myapp-chart/templates/service.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.app.name }}
+spec:
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: {{ .Values.app.port }}
+  selector:
+    app: {{ .Values.app.name }}

7project/charts/myapp-chart/templates/tunnel.yaml

@@ -0,0 +1,14 @@
+apiVersion: networking.cfargotunnel.com/v1alpha1
+kind: TunnelBinding
+metadata:
+  name: guestbook-tunnel-binding
+  namespace: {{ .Release.Namespace }}
+subjects:
+  - name: app-server
+    spec:
+      target: {{ printf "http://%s.%s.svc.cluster.local" .Values.app.name .Release.Namespace | quote }}
+      fqdn: {{ required "Set .Values.domain via --set domain=example.com" .Values.domain | quote }}
+      noTlsVerify: true
+tunnelRef:
+  kind: ClusterTunnel
+  name: cluster-tunnel

7project/charts/myapp-chart/templates/worker-deployment.yaml

@@ -0,0 +1,48 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ printf "%s-worker" .Values.app.name }}
+spec:
+  replicas: {{ .Values.worker.replicas }}
+  revisionHistoryLimit: 3
+  selector:
+    matchLabels:
+      app: {{ printf "%s-worker" .Values.app.name }}
+  template:
+    metadata:
+      labels:
+        app: {{ printf "%s-worker" .Values.app.name }}
+    spec:
+      containers:
+        - name: {{ printf "%s-worker" .Values.app.name }}
+          image: "{{- if .Values.image.digest -}}{{ .Values.image.repository }}@{{ .Values.image.digest }}{{- else -}}{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}{{- end -}}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+          command:
+            - celery
+            - -A
+            - app.celery_app
+            - worker
+            - -Q
+            - $(MAIL_QUEUE)
+            - --loglevel
+            - INFO
+          env:
+            - name: RABBITMQ_USERNAME
+              value: {{ .Values.rabbitmq.username | quote }}
+            - name: RABBITMQ_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
+                  key: password
+            - name: RABBITMQ_HOST
+              value: {{ printf "%s.%s.svc.cluster.local" "rabbitmq-cluster" .Release.Namespace | quote }}
+            - name: RABBITMQ_PORT
+              value: {{ .Values.rabbitmq.port | quote }}
+            - name: RABBITMQ_VHOST
+              value: {{ .Values.rabbitmq.vhost | default "/" | quote }}
+            - name: MAIL_QUEUE
+              value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }}

7project/charts/myapp-chart/values-dev.yaml

@@ -0,0 +1,5 @@
+env: dev
+
+mariadb:
+  cleanupPolicy: Delete
+

7project/charts/myapp-chart/values-prod.yaml

@@ -0,0 +1,7 @@
+env: prod
+
+app:
+  replicas: 3
+
+worker:
+  replicas: 3

7project/charts/myapp-chart/values.yaml

@@ -0,0 +1,72 @@
+# Base values shared across environments
+env: dev
+
+# Optional PR number used to suffix DB name, set via --set prNumber=123 in CI
+prNumber: ""
+
+# Optional deployment identifier used to suffix resource names (db, user, secret)
+# Example: --set deployment=alice or --set deployment=feature123
+deployment: ""
+
+# Public domain to expose the app under (used by TunnelBinding fqdn)
+# Set at install time: --set domain=example.com
+domain: ""
+domain_scheme: ""
+
+frontend_domain: ""
+frontend_domain_scheme: ""
+
+image:
+  repository: lukastrkan/cc-app-demo
+  # You can use a tag or digest. If digest is provided, it takes precedence.
+  digest: ""
+  pullPolicy: IfNotPresent
+
+app:
+  name: "finance-tracker"
+  replicas: 1
+  port: 8000
+
+worker:
+  name: app-demo-worker
+  replicas: 1
+  # Queue name for Celery worker and for CRD Queue
+  mailQueueName: "mail_queue"
+
+
+service:
+  port: 80
+
+oauth:
+  bankid:
+    clientId: ""
+    clientSecret: ""
+  mojeid:
+    clientId: ""
+    clientSecret: ""
+
+rabbitmq:
+  create: true
+  replicas: 1
+  storage: 5Gi
+  # Optional: override the generated cluster name; default is "<app.name>-rabbit[-<deployment>]"
+  clusterName: ""
+  port: "5672"
+  username: demo-app
+  password: ""
+  vhost: "/"
+
+mariadb:
+  name: app-demo-database
+  cleanupPolicy: Skip
+  requeueInterval: 10h
+  retryInterval: 30s
+  mariaDbRef:
+    name: mariadb-repl
+    namespace: mariadb-operator
+
+# Database access resources
+database:
+  userName: app-demo-user
+  secretName: app-demo-database-secret
+  password: ""

7project/checklist.md

@@ -0,0 +1,81 @@
+# Project Evaluation Checklist
+
+The group earn points by completing items from the categories below.
+You are not expected to complete all items.
+Focus on areas that align with your project goals and interests.
+
+The core deliverables are required.
+This means that you must get at least 2 points for each item in this category.
+
+| **Category**                     | **Item**                                | **Max Points** | **Points**       |
+| -------------------------------- | --------------------------------------- | -------------- | ---------------- |
+| **Core Deliverables (Required)** |                                         |                |                  |
+| Codebase & Organization          | Well-organized project structure        | 5              |                  |
+|                                  | Clean, readable code                    | 5              |                  |
+|                                  | Use planning tool (e.g., GitHub issues) | 5              |                  |
+|                                  | Proper version control usage            | 5              |                  |
+|                                  | Complete source code                    | 5              |                  |
+| Documentation                    | Comprehensive reproducibility report    | 10             |                  |
+|                                  | Updated design document                 | 5              |                  |
+|                                  | Clear build/deployment instructions     | 5              |                  |
+|                                  | Troubleshooting guide                   | 5              |                  |
+|                                  | Completed self-assessment table         | 5              |                  |
+|                                  | Hour sheets for all members             | 5              |                  |
+| Presentation Video               | Project demonstration                   | 5              |                  |
+|                                  | Code walk-through                       | 5              |                  |
+|                                  | Deployment showcase                     | 5              |                  |
+| **Technical Implementation**     |                                         |                |                  |
+| Application Functionality        | Basic functionality works               | 10             |                  |
+|                                  | Advanced features implemented           | 10             |                  |
+|                                  | Error handling & robustness             | 10             |                  |
+|                                  | User-friendly interface                 | 5              |                  |
+| Backend & Architecture           | Stateless web server                    | 5              |                  |
+|                                  | Stateful application                    | 10             |                  |
+|                                  | Database integration                    | 10             |                  |
+|                                  | API design                              | 5              |                  |
+|                                  | Microservices architecture              | 10             |                  |
+| Cloud Integration                | Basic cloud deployment                  | 10             |                  |
+|                                  | Cloud APIs usage                        | 10             |                  |
+|                                  | Serverless components                   | 10             |                  |
+|                                  | Advanced cloud services                 | 5              |                  |
+| **DevOps & Deployment**          |                                         |                |                  |
+| Containerization                 | Basic Dockerfile                        | 5              |                  |
+|                                  | Optimized Dockerfile                    | 5              |                  |
+|                                  | Docker Compose                          | 5              |                  |
+|                                  | Persistent storage                      | 5              |                  |
+| Deployment & Scaling             | Manual deployment                       | 5              |                  |
+|                                  | Automated deployment                    | 5              |                  |
+|                                  | Multiple replicas                       | 5              |                  |
+|                                  | Kubernetes deployment                   | 10             |                  |
+| **Quality Assurance**            |                                         |                |                  |
+| Testing                          | Unit tests                              | 5              |                  |
+|                                  | Integration tests                       | 5              |                  |
+|                                  | End-to-end tests                        | 5              |                  |
+|                                  | Performance testing                     | 5              |                  |
+| Monitoring & Operations          | Health checks                           | 5              |                  |
+|                                  | Logging                                 | 5              |                  |
+|                                  | Metrics/Monitoring                      | 5              |                  |
+| Security                         | HTTPS/TLS                               | 5              |                  |
+|                                  | Authentication                          | 5              |                  |
+|                                  | Authorization                           | 5              |                  |
+| **Innovation & Excellence**      |                                         |                |                  |
+| Advanced Features and            | AI/ML Integration                       | 10             |                  |
+| Technical Excellence             | Real-time features                      | 10             |                  |
+|                                  | Creative problem solving                | 10             |                  |
+|                                  | Performance optimization                | 5              |                  |
+|                                  | Exceptional user experience             | 5              |                  |
+| **Total**                        |                                         | **255**        | **[Your Total]** |
+
+## Grading Scale
+
+- **Minimum Required: 100 points**
+- **Maximum: 200+ points**
+
+| Grade | Points   |
+| ----- | -------- |
+| A     | 180-200+ |
+| B     | 160-179  |
+| C     | 140-159  |
+| D     | 120-139  |
+| E     | 100-119  |
+| F     | 0-99     |

7project/compose.yml

@@ -15,7 +15,7 @@ services:
     volumes:
       - redis_data:/data
   rabbitmq:
-    image: bitnami/rabbitmq:3.13.3-debian-12-r0
+    image: bitnamilegacy/rabbitmq:3.13.3-debian-12-r0
     network_mode: host
     ports:
       - "5672:5672"

7project/create_migration.sh

@@ -8,4 +8,8 @@ fi
 cd backend || { echo "Directory 'backend' does not exist"; exit 1; }
 alembic revision --autogenerate -m "$1"
 git add alembic/versions/*
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+echo -e "${YELLOW}Don't forget to check imports in the new migration file!${NC}"
 cd - || exit

7project/deployment/app-demo-deployment.yaml

@@ -14,7 +14,7 @@ spec:
         app: app-demo
     spec:
       containers:
-        - image: lukastrkan/cc-app-demo@sha256:d320eefb9dee05dc0f0ec5a2ca90daae7ca8c2af0088dc6b88eee076486c0f3b
+        - image: lukastrkan/cc-app-demo@sha256:75634b4d97282b6b8424fe17767c81adf44af5f7359c1d25883073b5629b3e05
           name: app-demo
           ports:
             - containerPort: 8000

7project/deployment/app-demo-worker-deployment.yaml

@@ -14,7 +14,7 @@ spec:
         app: app-demo-worker
     spec:
       containers:
-        - image: lukastrkan/cc-app-demo@sha256:d320eefb9dee05dc0f0ec5a2ca90daae7ca8c2af0088dc6b88eee076486c0f3b
+        - image: lukastrkan/cc-app-demo@sha256:75634b4d97282b6b8424fe17767c81adf44af5f7359c1d25883073b5629b3e05
           name: app-demo-worker
           command:
             - celery
@@ -29,8 +29,13 @@ spec:
             - name: RABBITMQ_USERNAME
               value: demo-app
             - name: RABBITMQ_PASSWORD
-              value: StrongPassword123!
+              valueFrom:
+                secretKeyRef:
+                  name: demo-app-user-credentials
+                  key: password
             - name: RABBITMQ_HOST
               value: rabbitmq.rabbitmq.svc.cluster.local
             - name: RABBITMQ_PORT
               value: '5672'
+            - name: RABBITMQ_VHOST
+              value: "/"

7project/frontend/README.md

@@ -4,7 +4,7 @@ This template provides a minimal setup to get React working in Vite with HMR and
 
 Currently, two official plugins are available:
 
-- [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react) uses [Babel](https://babeljs.io/) for Fast Refresh
+- [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react) uses [Babel](https://babeljs.io/) (or [oxc](https://oxc.rs) when used in [rolldown-vite](https://vite.dev/guide/rolldown)) for Fast Refresh
 - [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react-swc) uses [SWC](https://swc.rs/) for Fast Refresh
 
 ## React Compiler

7project/frontend/package-lock.json

@@ -13,15 +13,16 @@
       },
       "devDependencies": {
         "@eslint/js": "^9.36.0",
-        "@types/react": "^19.1.13",
+        "@types/node": "^24.6.0",
+        "@types/react": "^19.1.16",
         "@types/react-dom": "^19.1.9",
-        "@vitejs/plugin-react": "^5.0.3",
+        "@vitejs/plugin-react": "^5.0.4",
         "eslint": "^9.36.0",
         "eslint-plugin-react-hooks": "^5.2.0",
-        "eslint-plugin-react-refresh": "^0.4.20",
+        "eslint-plugin-react-refresh": "^0.4.22",
         "globals": "^16.4.0",
-        "typescript": "~5.8.3",
-        "typescript-eslint": "^8.44.0",
+        "typescript": "~5.9.3",
+        "typescript-eslint": "^8.45.0",
         "vite": "^7.1.7"
       }
     },
@@ -807,19 +808,22 @@
       }
     },
     "node_modules/@eslint/config-helpers": {
-      "version": "0.3.1",
-      "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.3.1.tgz",
-      "integrity": "sha512-xR93k9WhrDYpXHORXpxVL5oHj3Era7wo6k/Wd8/IsQNnZUTzkGS29lyn3nAT05v6ltUuTFVCCYDEGfy2Or/sPA==",
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.4.0.tgz",
+      "integrity": "sha512-WUFvV4WoIwW8Bv0KeKCIIEgdSiFOsulyN0xrMu+7z43q/hkOLXjvb5u7UC9jDxvRzcrbEmuZBX5yJZz1741jog==",
       "dev": true,
       "license": "Apache-2.0",
+      "dependencies": {
+        "@eslint/core": "^0.16.0"
+      },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
       }
     },
     "node_modules/@eslint/core": {
-      "version": "0.15.2",
-      "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.15.2.tgz",
-      "integrity": "sha512-78Md3/Rrxh83gCxoUc0EiciuOHsIITzLy53m3d9UyiW8y9Dj2D29FeETqyKA+BRK76tnTp6RXWb3pCay8Oyomg==",
+      "version": "0.16.0",
+      "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.16.0.tgz",
+      "integrity": "sha512-nmC8/totwobIiFcGkDza3GIKfAw1+hLiYVrh3I1nIomQ8PEr5cxg34jnkmGawul/ep52wGRAcyeDCNtWKSOj4Q==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -867,9 +871,9 @@
       }
     },
     "node_modules/@eslint/js": {
-      "version": "9.36.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.36.0.tgz",
-      "integrity": "sha512-uhCbYtYynH30iZErszX78U+nR3pJU3RHGQ57NXy5QupD4SBVwDeU8TNBy+MjMngc1UyIW9noKqsRqfjQTBU2dw==",
+      "version": "9.37.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.37.0.tgz",
+      "integrity": "sha512-jaS+NJ+hximswBG6pjNX0uEJZkrT0zwpVi3BA3vX22aFGjJjmgSTSmPpZCRKmoBL5VY/M6p0xsSJx7rk7sy5gg==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -890,13 +894,13 @@
       }
     },
     "node_modules/@eslint/plugin-kit": {
-      "version": "0.3.5",
-      "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.3.5.tgz",
-      "integrity": "sha512-Z5kJ+wU3oA7MMIqVR9tyZRtjYPr4OC004Q4Rw7pgOKUOKkJfZ3O24nz3WYfGRpMDNmcOi3TwQOmgm7B7Tpii0w==",
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.4.0.tgz",
+      "integrity": "sha512-sB5uyeq+dwCWyPi31B2gQlVlo+j5brPlWx4yZBrEaRo/nhdDE8Xke1gsGgtiBdaBTxuTkceLVuVt/pclrasb0A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@eslint/core": "^0.15.2",
+        "@eslint/core": "^0.16.0",
         "levn": "^0.4.1"
       },
       "engines": {
@@ -1044,16 +1048,16 @@
       }
     },
     "node_modules/@rolldown/pluginutils": {
-      "version": "1.0.0-beta.35",
-      "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-beta.35.tgz",
-      "integrity": "sha512-slYrCpoxJUqzFDDNlvrOYRazQUNRvWPjXA17dAOISY3rDMxX6k8K4cj2H+hEYMHF81HO3uNd5rHVigAWRM5dSg==",
+      "version": "1.0.0-beta.38",
+      "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-beta.38.tgz",
+      "integrity": "sha512-N/ICGKleNhA5nc9XXQG/kkKHJ7S55u0x0XUJbbkmdCnFuoRkM1Il12q9q0eX19+M7KKUEPw/daUPIRnxhcxAIw==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/@rollup/rollup-android-arm-eabi": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.52.2.tgz",
-      "integrity": "sha512-o3pcKzJgSGt4d74lSZ+OCnHwkKBeAbFDmbEm5gg70eA8VkyCuC/zV9TwBnmw6VjDlRdF4Pshfb+WE9E6XY1PoQ==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.52.4.tgz",
+      "integrity": "sha512-BTm2qKNnWIQ5auf4deoetINJm2JzvihvGb9R6K/ETwKLql/Bb3Eg2H1FBp1gUb4YGbydMA3jcmQTR73q7J+GAA==",
       "cpu": [
         "arm"
       ],
@@ -1065,9 +1069,9 @@
       ]
     },
     "node_modules/@rollup/rollup-android-arm64": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.52.2.tgz",
-      "integrity": "sha512-cqFSWO5tX2vhC9hJTK8WAiPIm4Q8q/cU8j2HQA0L3E1uXvBYbOZMhE2oFL8n2pKB5sOCHY6bBuHaRwG7TkfJyw==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.52.4.tgz",
+      "integrity": "sha512-P9LDQiC5vpgGFgz7GSM6dKPCiqR3XYN1WwJKA4/BUVDjHpYsf3iBEmVz62uyq20NGYbiGPR5cNHI7T1HqxNs2w==",
       "cpu": [
         "arm64"
       ],
@@ -1079,9 +1083,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-arm64": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.52.2.tgz",
-      "integrity": "sha512-vngduywkkv8Fkh3wIZf5nFPXzWsNsVu1kvtLETWxTFf/5opZmflgVSeLgdHR56RQh71xhPhWoOkEBvbehwTlVA==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.52.4.tgz",
+      "integrity": "sha512-QRWSW+bVccAvZF6cbNZBJwAehmvG9NwfWHwMy4GbWi/BQIA/laTIktebT2ipVjNncqE6GLPxOok5hsECgAxGZg==",
       "cpu": [
         "arm64"
       ],
@@ -1093,9 +1097,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-x64": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.52.2.tgz",
-      "integrity": "sha512-h11KikYrUCYTrDj6h939hhMNlqU2fo/X4NB0OZcys3fya49o1hmFaczAiJWVAFgrM1NCP6RrO7lQKeVYSKBPSQ==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.52.4.tgz",
+      "integrity": "sha512-hZgP05pResAkRJxL1b+7yxCnXPGsXU0fG9Yfd6dUaoGk+FhdPKCJ5L1Sumyxn8kvw8Qi5PvQ8ulenUbRjzeCTw==",
       "cpu": [
         "x64"
       ],
@@ -1107,9 +1111,9 @@
       ]
     },
     "node_modules/@rollup/rollup-freebsd-arm64": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.52.2.tgz",
-      "integrity": "sha512-/eg4CI61ZUkLXxMHyVlmlGrSQZ34xqWlZNW43IAU4RmdzWEx0mQJ2mN/Cx4IHLVZFL6UBGAh+/GXhgvGb+nVxw==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.52.4.tgz",
+      "integrity": "sha512-xmc30VshuBNUd58Xk4TKAEcRZHaXlV+tCxIXELiE9sQuK3kG8ZFgSPi57UBJt8/ogfhAF5Oz4ZSUBN77weM+mQ==",
       "cpu": [
         "arm64"
       ],
@@ -1121,9 +1125,9 @@
       ]
     },
     "node_modules/@rollup/rollup-freebsd-x64": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.52.2.tgz",
-      "integrity": "sha512-QOWgFH5X9+p+S1NAfOqc0z8qEpJIoUHf7OWjNUGOeW18Mx22lAUOiA9b6r2/vpzLdfxi/f+VWsYjUOMCcYh0Ng==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.52.4.tgz",
+      "integrity": "sha512-WdSLpZFjOEqNZGmHflxyifolwAiZmDQzuOzIq9L27ButpCVpD7KzTRtEG1I0wMPFyiyUdOO+4t8GvrnBLQSwpw==",
       "cpu": [
         "x64"
       ],
@@ -1135,9 +1139,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.52.2.tgz",
-      "integrity": "sha512-kDWSPafToDd8LcBYd1t5jw7bD5Ojcu12S3uT372e5HKPzQt532vW+rGFFOaiR0opxePyUkHrwz8iWYEyH1IIQA==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.52.4.tgz",
+      "integrity": "sha512-xRiOu9Of1FZ4SxVbB0iEDXc4ddIcjCv2aj03dmW8UrZIW7aIQ9jVJdLBIhxBI+MaTnGAKyvMwPwQnoOEvP7FgQ==",
       "cpu": [
         "arm"
       ],
@@ -1149,9 +1153,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-musleabihf": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.52.2.tgz",
-      "integrity": "sha512-gKm7Mk9wCv6/rkzwCiUC4KnevYhlf8ztBrDRT9g/u//1fZLapSRc+eDZj2Eu2wpJ+0RzUKgtNijnVIB4ZxyL+w==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.52.4.tgz",
+      "integrity": "sha512-FbhM2p9TJAmEIEhIgzR4soUcsW49e9veAQCziwbR+XWB2zqJ12b4i/+hel9yLiD8pLncDH4fKIPIbt5238341Q==",
       "cpu": [
         "arm"
       ],
@@ -1163,9 +1167,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-gnu": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.52.2.tgz",
-      "integrity": "sha512-66lA8vnj5mB/rtDNwPgrrKUOtCLVQypkyDa2gMfOefXK6rcZAxKLO9Fy3GkW8VkPnENv9hBkNOFfGLf6rNKGUg==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.52.4.tgz",
+      "integrity": "sha512-4n4gVwhPHR9q/g8lKCyz0yuaD0MvDf7dV4f9tHt0C73Mp8h38UCtSCSE6R9iBlTbXlmA8CjpsZoujhszefqueg==",
       "cpu": [
         "arm64"
       ],
@@ -1177,9 +1181,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-musl": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.52.2.tgz",
-      "integrity": "sha512-s+OPucLNdJHvuZHuIz2WwncJ+SfWHFEmlC5nKMUgAelUeBUnlB4wt7rXWiyG4Zn07uY2Dd+SGyVa9oyLkVGOjA==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.52.4.tgz",
+      "integrity": "sha512-u0n17nGA0nvi/11gcZKsjkLj1QIpAuPFQbR48Subo7SmZJnGxDpspyw2kbpuoQnyK+9pwf3pAoEXerJs/8Mi9g==",
       "cpu": [
         "arm64"
       ],
@@ -1191,9 +1195,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-loong64-gnu": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.52.2.tgz",
-      "integrity": "sha512-8wTRM3+gVMDLLDdaT6tKmOE3lJyRy9NpJUS/ZRWmLCmOPIJhVyXwjBo+XbrrwtV33Em1/eCTd5TuGJm4+DmYjw==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.52.4.tgz",
+      "integrity": "sha512-0G2c2lpYtbTuXo8KEJkDkClE/+/2AFPdPAbmaHoE870foRFs4pBrDehilMcrSScrN/fB/1HTaWO4bqw+ewBzMQ==",
       "cpu": [
         "loong64"
       ],
@@ -1205,9 +1209,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-ppc64-gnu": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.52.2.tgz",
-      "integrity": "sha512-6yqEfgJ1anIeuP2P/zhtfBlDpXUb80t8DpbYwXQ3bQd95JMvUaqiX+fKqYqUwZXqdJDd8xdilNtsHM2N0cFm6A==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.52.4.tgz",
+      "integrity": "sha512-teSACug1GyZHmPDv14VNbvZFX779UqWTsd7KtTM9JIZRDI5NUwYSIS30kzI8m06gOPB//jtpqlhmraQ68b5X2g==",
       "cpu": [
         "ppc64"
       ],
@@ -1219,9 +1223,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-riscv64-gnu": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.52.2.tgz",
-      "integrity": "sha512-sshYUiYVSEI2B6dp4jMncwxbrUqRdNApF2c3bhtLAU0qA8Lrri0p0NauOsTWh3yCCCDyBOjESHMExonp7Nzc0w==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.52.4.tgz",
+      "integrity": "sha512-/MOEW3aHjjs1p4Pw1Xk4+3egRevx8Ji9N6HUIA1Ifh8Q+cg9dremvFCUbOX2Zebz80BwJIgCBUemjqhU5XI5Eg==",
       "cpu": [
         "riscv64"
       ],
@@ -1233,9 +1237,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-riscv64-musl": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.52.2.tgz",
-      "integrity": "sha512-duBLgd+3pqC4MMwBrKkFxaZerUxZcYApQVC5SdbF5/e/589GwVvlRUnyqMFbM8iUSb1BaoX/3fRL7hB9m2Pj8Q==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.52.4.tgz",
+      "integrity": "sha512-1HHmsRyh845QDpEWzOFtMCph5Ts+9+yllCrREuBR/vg2RogAQGGBRC8lDPrPOMnrdOJ+mt1WLMOC2Kao/UwcvA==",
       "cpu": [
         "riscv64"
       ],
@@ -1247,9 +1251,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-s390x-gnu": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.52.2.tgz",
-      "integrity": "sha512-tzhYJJidDUVGMgVyE+PmxENPHlvvqm1KILjjZhB8/xHYqAGeizh3GBGf9u6WdJpZrz1aCpIIHG0LgJgH9rVjHQ==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.52.4.tgz",
+      "integrity": "sha512-seoeZp4L/6D1MUyjWkOMRU6/iLmCU2EjbMTyAG4oIOs1/I82Y5lTeaxW0KBfkUdHAWN7j25bpkt0rjnOgAcQcA==",
       "cpu": [
         "s390x"
       ],
@@ -1261,9 +1265,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-gnu": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.52.2.tgz",
-      "integrity": "sha512-opH8GSUuVcCSSyHHcl5hELrmnk4waZoVpgn/4FDao9iyE4WpQhyWJ5ryl5M3ocp4qkRuHfyXnGqg8M9oKCEKRA==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.52.4.tgz",
+      "integrity": "sha512-Wi6AXf0k0L7E2gteNsNHUs7UMwCIhsCTs6+tqQ5GPwVRWMaflqGec4Sd8n6+FNFDw9vGcReqk2KzBDhCa1DLYg==",
       "cpu": [
         "x64"
       ],
@@ -1275,9 +1279,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-musl": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.52.2.tgz",
-      "integrity": "sha512-LSeBHnGli1pPKVJ79ZVJgeZWWZXkEe/5o8kcn23M8eMKCUANejchJbF/JqzM4RRjOJfNRhKJk8FuqL1GKjF5oQ==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.52.4.tgz",
+      "integrity": "sha512-dtBZYjDmCQ9hW+WgEkaffvRRCKm767wWhxsFW3Lw86VXz/uJRuD438/XvbZT//B96Vs8oTA8Q4A0AfHbrxP9zw==",
       "cpu": [
         "x64"
       ],
@@ -1289,9 +1293,9 @@
       ]
     },
     "node_modules/@rollup/rollup-openharmony-arm64": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.52.2.tgz",
-      "integrity": "sha512-uPj7MQ6/s+/GOpolavm6BPo+6CbhbKYyZHUDvZ/SmJM7pfDBgdGisFX3bY/CBDMg2ZO4utfhlApkSfZ92yXw7Q==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.52.4.tgz",
+      "integrity": "sha512-1ox+GqgRWqaB1RnyZXL8PD6E5f7YyRUJYnCqKpNzxzP0TkaUh112NDrR9Tt+C8rJ4x5G9Mk8PQR3o7Ku2RKqKA==",
       "cpu": [
         "arm64"
       ],
@@ -1303,9 +1307,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-arm64-msvc": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.52.2.tgz",
-      "integrity": "sha512-Z9MUCrSgIaUeeHAiNkm3cQyst2UhzjPraR3gYYfOjAuZI7tcFRTOD+4cHLPoS/3qinchth+V56vtqz1Tv+6KPA==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.52.4.tgz",
+      "integrity": "sha512-8GKr640PdFNXwzIE0IrkMWUNUomILLkfeHjXBi/nUvFlpZP+FA8BKGKpacjW6OUUHaNI6sUURxR2U2g78FOHWQ==",
       "cpu": [
         "arm64"
       ],
@@ -1317,9 +1321,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-ia32-msvc": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.52.2.tgz",
-      "integrity": "sha512-+GnYBmpjldD3XQd+HMejo+0gJGwYIOfFeoBQv32xF/RUIvccUz20/V6Otdv+57NE70D5pa8W/jVGDoGq0oON4A==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.52.4.tgz",
+      "integrity": "sha512-AIy/jdJ7WtJ/F6EcfOb2GjR9UweO0n43jNObQMb6oGxkYTfLcnN7vYYpG+CN3lLxrQkzWnMOoNSHTW54pgbVxw==",
       "cpu": [
         "ia32"
       ],
@@ -1331,9 +1335,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-x64-gnu": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.52.2.tgz",
-      "integrity": "sha512-ApXFKluSB6kDQkAqZOKXBjiaqdF1BlKi+/eqnYe9Ee7U2K3pUDKsIyr8EYm/QDHTJIM+4X+lI0gJc3TTRhd+dA==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.52.4.tgz",
+      "integrity": "sha512-UF9KfsH9yEam0UjTwAgdK0anlQ7c8/pWPU2yVjyWcF1I1thABt6WXE47cI71pGiZ8wGvxohBoLnxM04L/wj8mQ==",
       "cpu": [
         "x64"
       ],
@@ -1345,9 +1349,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-x64-msvc": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.52.2.tgz",
-      "integrity": "sha512-ARz+Bs8kY6FtitYM96PqPEVvPXqEZmPZsSkXvyX19YzDqkCaIlhCieLLMI5hxO9SRZ2XtCtm8wxhy0iJ2jxNfw==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.52.4.tgz",
+      "integrity": "sha512-bf9PtUa0u8IXDVxzRToFQKsNCRz9qLYfR/MpECxl4mRoWYjAeFjgxj1XdZr2M/GNVpT05p+LgQOHopYDlUu6/w==",
       "cpu": [
         "x64"
       ],
@@ -1417,10 +1421,20 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/@types/node": {
+      "version": "24.7.0",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.7.0.tgz",
+      "integrity": "sha512-IbKooQVqUBrlzWTi79E8Fw78l8k1RNtlDDNWsFZs7XonuQSJ8oNYfEeclhprUldXISRMLzBpILuKgPlIxm+/Yw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "undici-types": "~7.14.0"
+      }
+    },
     "node_modules/@types/react": {
-      "version": "19.1.13",
-      "resolved": "https://registry.npmjs.org/@types/react/-/react-19.1.13.tgz",
-      "integrity": "sha512-hHkbU/eoO3EG5/MZkuFSKmYqPbSVk5byPFa3e7y/8TybHiLMACgI8seVYlicwk7H5K/rI2px9xrQp/C+AUDTiQ==",
+      "version": "19.2.0",
+      "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.0.tgz",
+      "integrity": "sha512-1LOH8xovvsKsCBq1wnT4ntDUdCJKmnEakhsuoUSy6ExlHCkGP2hqnatagYTgFk6oeL0VU31u7SNjunPN+GchtA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1428,27 +1442,27 @@
       }
     },
     "node_modules/@types/react-dom": {
-      "version": "19.1.9",
-      "resolved": "https://registry.npmjs.org/@types/react-dom/-/react-dom-19.1.9.tgz",
-      "integrity": "sha512-qXRuZaOsAdXKFyOhRBg6Lqqc0yay13vN7KrIg4L7N4aaHN68ma9OK3NE1BoDFgFOTfM7zg+3/8+2n8rLUH3OKQ==",
+      "version": "19.2.0",
+      "resolved": "https://registry.npmjs.org/@types/react-dom/-/react-dom-19.2.0.tgz",
+      "integrity": "sha512-brtBs0MnE9SMx7px208g39lRmC5uHZs96caOJfTjFcYSLHNamvaSMfJNagChVNkup2SdtOxKX1FDBkRSJe1ZAg==",
       "dev": true,
       "license": "MIT",
       "peerDependencies": {
-        "@types/react": "^19.0.0"
+        "@types/react": "^19.2.0"
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "8.44.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.44.1.tgz",
-      "integrity": "sha512-molgphGqOBT7t4YKCSkbasmu1tb1MgrZ2szGzHbclF7PNmOkSTQVHy+2jXOSnxvR3+Xe1yySHFZoqMpz3TfQsw==",
+      "version": "8.45.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.45.0.tgz",
+      "integrity": "sha512-HC3y9CVuevvWCl/oyZuI47dOeDF9ztdMEfMH8/DW/Mhwa9cCLnK1oD7JoTVGW/u7kFzNZUKUoyJEqkaJh5y3Wg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/regexpp": "^4.10.0",
-        "@typescript-eslint/scope-manager": "8.44.1",
-        "@typescript-eslint/type-utils": "8.44.1",
-        "@typescript-eslint/utils": "8.44.1",
-        "@typescript-eslint/visitor-keys": "8.44.1",
+        "@typescript-eslint/scope-manager": "8.45.0",
+        "@typescript-eslint/type-utils": "8.45.0",
+        "@typescript-eslint/utils": "8.45.0",
+        "@typescript-eslint/visitor-keys": "8.45.0",
         "graphemer": "^1.4.0",
         "ignore": "^7.0.0",
         "natural-compare": "^1.4.0",
@@ -1462,7 +1476,7 @@
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "@typescript-eslint/parser": "^8.44.1",
+        "@typescript-eslint/parser": "^8.45.0",
         "eslint": "^8.57.0 || ^9.0.0",
         "typescript": ">=4.8.4 <6.0.0"
       }
@@ -1478,16 +1492,16 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "8.44.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.44.1.tgz",
-      "integrity": "sha512-EHrrEsyhOhxYt8MTg4zTF+DJMuNBzWwgvvOYNj/zm1vnaD/IC5zCXFehZv94Piqa2cRFfXrTFxIvO95L7Qc/cw==",
+      "version": "8.45.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.45.0.tgz",
+      "integrity": "sha512-TGf22kon8KW+DeKaUmOibKWktRY8b2NSAZNdtWh798COm1NWx8+xJ6iFBtk3IvLdv6+LGLJLRlyhrhEDZWargQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/scope-manager": "8.44.1",
-        "@typescript-eslint/types": "8.44.1",
-        "@typescript-eslint/typescript-estree": "8.44.1",
-        "@typescript-eslint/visitor-keys": "8.44.1",
+        "@typescript-eslint/scope-manager": "8.45.0",
+        "@typescript-eslint/types": "8.45.0",
+        "@typescript-eslint/typescript-estree": "8.45.0",
+        "@typescript-eslint/visitor-keys": "8.45.0",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -1503,14 +1517,14 @@
       }
     },
     "node_modules/@typescript-eslint/project-service": {
-      "version": "8.44.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.44.1.tgz",
-      "integrity": "sha512-ycSa60eGg8GWAkVsKV4E6Nz33h+HjTXbsDT4FILyL8Obk5/mx4tbvCNsLf9zret3ipSumAOG89UcCs/KRaKYrA==",
+      "version": "8.45.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.45.0.tgz",
+      "integrity": "sha512-3pcVHwMG/iA8afdGLMuTibGR7pDsn9RjDev6CCB+naRsSYs2pns5QbinF4Xqw6YC/Sj3lMrm/Im0eMfaa61WUg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.44.1",
-        "@typescript-eslint/types": "^8.44.1",
+        "@typescript-eslint/tsconfig-utils": "^8.45.0",
+        "@typescript-eslint/types": "^8.45.0",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -1525,14 +1539,14 @@
       }
     },
     "node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.44.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.44.1.tgz",
-      "integrity": "sha512-NdhWHgmynpSvyhchGLXh+w12OMT308Gm25JoRIyTZqEbApiBiQHD/8xgb6LqCWCFcxFtWwaVdFsLPQI3jvhywg==",
+      "version": "8.45.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.45.0.tgz",
+      "integrity": "sha512-clmm8XSNj/1dGvJeO6VGH7EUSeA0FMs+5au/u3lrA3KfG8iJ4u8ym9/j2tTEoacAffdW1TVUzXO30W1JTJS7dA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.44.1",
-        "@typescript-eslint/visitor-keys": "8.44.1"
+        "@typescript-eslint/types": "8.45.0",
+        "@typescript-eslint/visitor-keys": "8.45.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -1543,9 +1557,9 @@
       }
     },
     "node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.44.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.44.1.tgz",
-      "integrity": "sha512-B5OyACouEjuIvof3o86lRMvyDsFwZm+4fBOqFHccIctYgBjqR3qT39FBYGN87khcgf0ExpdCBeGKpKRhSFTjKQ==",
+      "version": "8.45.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.45.0.tgz",
+      "integrity": "sha512-aFdr+c37sc+jqNMGhH+ajxPXwjv9UtFZk79k8pLoJ6p4y0snmYpPA52GuWHgt2ZF4gRRW6odsEj41uZLojDt5w==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -1560,15 +1574,15 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "8.44.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.44.1.tgz",
-      "integrity": "sha512-KdEerZqHWXsRNKjF9NYswNISnFzXfXNDfPxoTh7tqohU/PRIbwTmsjGK6V9/RTYWau7NZvfo52lgVk+sJh0K3g==",
+      "version": "8.45.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.45.0.tgz",
+      "integrity": "sha512-bpjepLlHceKgyMEPglAeULX1vixJDgaKocp0RVJ5u4wLJIMNuKtUXIczpJCPcn2waII0yuvks/5m5/h3ZQKs0A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.44.1",
-        "@typescript-eslint/typescript-estree": "8.44.1",
-        "@typescript-eslint/utils": "8.44.1",
+        "@typescript-eslint/types": "8.45.0",
+        "@typescript-eslint/typescript-estree": "8.45.0",
+        "@typescript-eslint/utils": "8.45.0",
         "debug": "^4.3.4",
         "ts-api-utils": "^2.1.0"
       },
@@ -1585,9 +1599,9 @@
       }
     },
     "node_modules/@typescript-eslint/types": {
-      "version": "8.44.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.44.1.tgz",
-      "integrity": "sha512-Lk7uj7y9uQUOEguiDIDLYLJOrYHQa7oBiURYVFqIpGxclAFQ78f6VUOM8lI2XEuNOKNB7XuvM2+2cMXAoq4ALQ==",
+      "version": "8.45.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.45.0.tgz",
+      "integrity": "sha512-WugXLuOIq67BMgQInIxxnsSyRLFxdkJEJu8r4ngLR56q/4Q5LrbfkFRH27vMTjxEK8Pyz7QfzuZe/G15qQnVRA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -1599,16 +1613,16 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.44.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.44.1.tgz",
-      "integrity": "sha512-qnQJ+mVa7szevdEyvfItbO5Vo+GfZ4/GZWWDRRLjrxYPkhM+6zYB2vRYwCsoJLzqFCdZT4mEqyJoyzkunsZ96A==",
+      "version": "8.45.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.45.0.tgz",
+      "integrity": "sha512-GfE1NfVbLam6XQ0LcERKwdTTPlLvHvXXhOeUGC1OXi4eQBoyy1iVsW+uzJ/J9jtCz6/7GCQ9MtrQ0fml/jWCnA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/project-service": "8.44.1",
-        "@typescript-eslint/tsconfig-utils": "8.44.1",
-        "@typescript-eslint/types": "8.44.1",
-        "@typescript-eslint/visitor-keys": "8.44.1",
+        "@typescript-eslint/project-service": "8.45.0",
+        "@typescript-eslint/tsconfig-utils": "8.45.0",
+        "@typescript-eslint/types": "8.45.0",
+        "@typescript-eslint/visitor-keys": "8.45.0",
         "debug": "^4.3.4",
         "fast-glob": "^3.3.2",
         "is-glob": "^4.0.3",
@@ -1667,16 +1681,16 @@
       }
     },
     "node_modules/@typescript-eslint/utils": {
-      "version": "8.44.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.44.1.tgz",
-      "integrity": "sha512-DpX5Fp6edTlocMCwA+mHY8Mra+pPjRZ0TfHkXI8QFelIKcbADQz1LUPNtzOFUriBB2UYqw4Pi9+xV4w9ZczHFg==",
+      "version": "8.45.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.45.0.tgz",
+      "integrity": "sha512-bxi1ht+tLYg4+XV2knz/F7RVhU0k6VrSMc9sb8DQ6fyCTrGQLHfo7lDtN0QJjZjKkLA2ThrKuCdHEvLReqtIGg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.7.0",
-        "@typescript-eslint/scope-manager": "8.44.1",
-        "@typescript-eslint/types": "8.44.1",
-        "@typescript-eslint/typescript-estree": "8.44.1"
+        "@typescript-eslint/scope-manager": "8.45.0",
+        "@typescript-eslint/types": "8.45.0",
+        "@typescript-eslint/typescript-estree": "8.45.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -1691,13 +1705,13 @@
       }
     },
     "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.44.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.44.1.tgz",
-      "integrity": "sha512-576+u0QD+Jp3tZzvfRfxon0EA2lzcDt3lhUbsC6Lgzy9x2VR4E+JUiNyGHi5T8vk0TV+fpJ5GLG1JsJuWCaKhw==",
+      "version": "8.45.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.45.0.tgz",
+      "integrity": "sha512-qsaFBA3e09MIDAGFUrTk+dzqtfv1XPVz8t8d1f0ybTzrCY7BKiMC5cjrl1O/P7UmHsNyW90EYSkU/ZWpmXelag==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.44.1",
+        "@typescript-eslint/types": "8.45.0",
         "eslint-visitor-keys": "^4.2.1"
       },
       "engines": {
@@ -1709,16 +1723,16 @@
       }
     },
     "node_modules/@vitejs/plugin-react": {
-      "version": "5.0.3",
-      "resolved": "https://registry.npmjs.org/@vitejs/plugin-react/-/plugin-react-5.0.3.tgz",
-      "integrity": "sha512-PFVHhosKkofGH0Yzrw1BipSedTH68BFF8ZWy1kfUpCtJcouXXY0+racG8sExw7hw0HoX36813ga5o3LTWZ4FUg==",
+      "version": "5.0.4",
+      "resolved": "https://registry.npmjs.org/@vitejs/plugin-react/-/plugin-react-5.0.4.tgz",
+      "integrity": "sha512-La0KD0vGkVkSk6K+piWDKRUyg8Rl5iAIKRMH0vMJI0Eg47bq1eOxmoObAaQG37WMW9MSyk7Cs8EIWwJC1PtzKA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@babel/core": "^7.28.4",
         "@babel/plugin-transform-react-jsx-self": "^7.27.1",
         "@babel/plugin-transform-react-jsx-source": "^7.27.1",
-        "@rolldown/pluginutils": "1.0.0-beta.35",
+        "@rolldown/pluginutils": "1.0.0-beta.38",
         "@types/babel__core": "^7.20.5",
         "react-refresh": "^0.17.0"
       },
@@ -1800,9 +1814,9 @@
       "license": "MIT"
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.8.6",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.8.6.tgz",
-      "integrity": "sha512-wrH5NNqren/QMtKUEEJf7z86YjfqW/2uw3IL3/xpqZUC95SSVIFXYQeeGjL6FT/X68IROu6RMehZQS5foy2BXw==",
+      "version": "2.8.12",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.8.12.tgz",
+      "integrity": "sha512-vAPMQdnyKCBtkmQA6FMCBvU9qFIppS3nzyXnEM+Lo2IAhG4Mpjv9cCxMudhgV3YdNNJv6TNqXy97dfRVL2LmaQ==",
       "dev": true,
       "license": "Apache-2.0",
       "bin": {
@@ -1834,9 +1848,9 @@
       }
     },
     "node_modules/browserslist": {
-      "version": "4.26.2",
-      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.26.2.tgz",
-      "integrity": "sha512-ECFzp6uFOSB+dcZ5BK/IBaGWssbSYBHvuMeMt3MMFyhI0Z8SqGgEkBLARgpRH3hutIgPVsALcMwbDrJqPxQ65A==",
+      "version": "4.26.3",
+      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.26.3.tgz",
+      "integrity": "sha512-lAUU+02RFBuCKQPj/P6NgjlbCnLBMp4UtgTx7vNHd3XSIJF87s9a5rA3aH2yw3GS9DqZAUbOtZdCCiZeVRqt0w==",
       "dev": true,
       "funding": [
         {
@@ -1854,9 +1868,9 @@
       ],
       "license": "MIT",
       "dependencies": {
-        "baseline-browser-mapping": "^2.8.3",
-        "caniuse-lite": "^1.0.30001741",
-        "electron-to-chromium": "^1.5.218",
+        "baseline-browser-mapping": "^2.8.9",
+        "caniuse-lite": "^1.0.30001746",
+        "electron-to-chromium": "^1.5.227",
         "node-releases": "^2.0.21",
         "update-browserslist-db": "^1.1.3"
       },
@@ -1878,9 +1892,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001743",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001743.tgz",
-      "integrity": "sha512-e6Ojr7RV14Un7dz6ASD0aZDmQPT/A+eZU+nuTNfjqmRrmkmQlnTNWH0SKmqagx9PeW87UVqapSurtAXifmtdmw==",
+      "version": "1.0.30001748",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001748.tgz",
+      "integrity": "sha512-5P5UgAr0+aBmNiplks08JLw+AW/XG/SurlgZLgB1dDLfAw7EfRGxIwzPHxdSCGY/BTKDqIVyJL87cCN6s0ZR0w==",
       "dev": true,
       "funding": [
         {
@@ -1997,9 +2011,9 @@
       "license": "MIT"
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.223",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.223.tgz",
-      "integrity": "sha512-qKm55ic6nbEmagFlTFczML33rF90aU+WtrJ9MdTCThrcvDNdUHN4p6QfVN78U06ZmguqXIyMPyYhw2TrbDUwPQ==",
+      "version": "1.5.230",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.230.tgz",
+      "integrity": "sha512-A6A6Fd3+gMdaed9wX83CvHYJb4UuapPD5X5SLq72VZJzxHSY0/LUweGXRWmQlh2ln7KV7iw7jnwXK7dlPoOnHQ==",
       "dev": true,
       "license": "ISC"
     },
@@ -2069,20 +2083,20 @@
       }
     },
     "node_modules/eslint": {
-      "version": "9.36.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.36.0.tgz",
-      "integrity": "sha512-hB4FIzXovouYzwzECDcUkJ4OcfOEkXTv2zRY6B9bkwjx/cprAq0uvm1nl7zvQ0/TsUk0zQiN4uPfJpB9m+rPMQ==",
+      "version": "9.37.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.37.0.tgz",
+      "integrity": "sha512-XyLmROnACWqSxiGYArdef1fItQd47weqB7iwtfr9JHwRrqIXZdcFMvvEcL9xHCmL0SNsOvF0c42lWyM1U5dgig==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.8.0",
         "@eslint-community/regexpp": "^4.12.1",
         "@eslint/config-array": "^0.21.0",
-        "@eslint/config-helpers": "^0.3.1",
-        "@eslint/core": "^0.15.2",
+        "@eslint/config-helpers": "^0.4.0",
+        "@eslint/core": "^0.16.0",
         "@eslint/eslintrc": "^3.3.1",
-        "@eslint/js": "9.36.0",
-        "@eslint/plugin-kit": "^0.3.5",
+        "@eslint/js": "9.37.0",
+        "@eslint/plugin-kit": "^0.4.0",
         "@humanfs/node": "^0.16.6",
         "@humanwhocodes/module-importer": "^1.0.1",
         "@humanwhocodes/retry": "^0.4.2",
@@ -2143,9 +2157,9 @@
       }
     },
     "node_modules/eslint-plugin-react-refresh": {
-      "version": "0.4.21",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-react-refresh/-/eslint-plugin-react-refresh-0.4.21.tgz",
-      "integrity": "sha512-MWDWTtNC4voTcWDxXbdmBNe8b/TxfxRFUL6hXgKWJjN9c1AagYEmpiFWBWzDw+5H3SulWUe1pJKTnoSdmk88UA==",
+      "version": "0.4.23",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-react-refresh/-/eslint-plugin-react-refresh-0.4.23.tgz",
+      "integrity": "sha512-G4j+rv0NmbIR45kni5xJOrYvCtyD3/7LjpVH8MPPcudXDcNu8gv+4ATTDXTtbRR8rTCM5HxECvCSsRmxKnWDsA==",
       "dev": true,
       "license": "MIT",
       "peerDependencies": {
@@ -2711,9 +2725,9 @@
       "license": "MIT"
     },
     "node_modules/node-releases": {
-      "version": "2.0.21",
-      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.21.tgz",
-      "integrity": "sha512-5b0pgg78U3hwXkCM8Z9b2FJdPZlr9Psr9V2gQPESdGHqbntyFJKFW4r5TeWGFzafGY3hzs1JC62VEQMbl1JFkw==",
+      "version": "2.0.23",
+      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.23.tgz",
+      "integrity": "sha512-cCmFDMSm26S6tQSDpBCg/NR8NENrVPhAJSf+XbxBG4rPFaaonlEoE9wHQmun+cls499TQGSb7ZyPBRlzgKfpeg==",
       "dev": true,
       "license": "MIT"
     },
@@ -2891,24 +2905,24 @@
       "license": "MIT"
     },
     "node_modules/react": {
-      "version": "19.1.1",
-      "resolved": "https://registry.npmjs.org/react/-/react-19.1.1.tgz",
-      "integrity": "sha512-w8nqGImo45dmMIfljjMwOGtbmC/mk4CMYhWIicdSflH91J9TyCyczcPFXJzrZ/ZXcgGRFeP6BU0BEJTw6tZdfQ==",
+      "version": "19.2.0",
+      "resolved": "https://registry.npmjs.org/react/-/react-19.2.0.tgz",
+      "integrity": "sha512-tmbWg6W31tQLeB5cdIBOicJDJRR2KzXsV7uSK9iNfLWQ5bIZfxuPEHp7M8wiHyHnn0DD1i7w3Zmin0FtkrwoCQ==",
       "license": "MIT",
       "engines": {
         "node": ">=0.10.0"
       }
     },
     "node_modules/react-dom": {
-      "version": "19.1.1",
-      "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.1.1.tgz",
-      "integrity": "sha512-Dlq/5LAZgF0Gaz6yiqZCf6VCcZs1ghAJyrsu84Q/GT0gV+mCxbfmKNoGRKBYMJ8IEdGPqu49YWXD02GCknEDkw==",
+      "version": "19.2.0",
+      "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.2.0.tgz",
+      "integrity": "sha512-UlbRu4cAiGaIewkPyiRGJk0imDN2T3JjieT6spoL2UeSf5od4n5LB/mQ4ejmxhCFT1tYe8IvaFulzynWovsEFQ==",
       "license": "MIT",
       "dependencies": {
-        "scheduler": "^0.26.0"
+        "scheduler": "^0.27.0"
       },
       "peerDependencies": {
-        "react": "^19.1.1"
+        "react": "^19.2.0"
       }
     },
     "node_modules/react-refresh": {
@@ -2943,9 +2957,9 @@
       }
     },
     "node_modules/rollup": {
-      "version": "4.52.2",
-      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.52.2.tgz",
-      "integrity": "sha512-I25/2QgoROE1vYV+NQ1En9T9UFB9Cmfm2CJ83zZOlaDpvz29wGQSZXWKw7MiNXau7wYgB/T9fVIdIuEQ+KbiiA==",
+      "version": "4.52.4",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.52.4.tgz",
+      "integrity": "sha512-CLEVl+MnPAiKh5pl4dEWSyMTpuflgNQiLGhMv8ezD5W/qP8AKvmYpCOKRRNOh7oRKnauBZ4SyeYkMS+1VSyKwQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -2959,28 +2973,28 @@
         "npm": ">=8.0.0"
       },
       "optionalDependencies": {
-        "@rollup/rollup-android-arm-eabi": "4.52.2",
-        "@rollup/rollup-android-arm64": "4.52.2",
-        "@rollup/rollup-darwin-arm64": "4.52.2",
-        "@rollup/rollup-darwin-x64": "4.52.2",
-        "@rollup/rollup-freebsd-arm64": "4.52.2",
-        "@rollup/rollup-freebsd-x64": "4.52.2",
-        "@rollup/rollup-linux-arm-gnueabihf": "4.52.2",
-        "@rollup/rollup-linux-arm-musleabihf": "4.52.2",
-        "@rollup/rollup-linux-arm64-gnu": "4.52.2",
-        "@rollup/rollup-linux-arm64-musl": "4.52.2",
-        "@rollup/rollup-linux-loong64-gnu": "4.52.2",
-        "@rollup/rollup-linux-ppc64-gnu": "4.52.2",
-        "@rollup/rollup-linux-riscv64-gnu": "4.52.2",
-        "@rollup/rollup-linux-riscv64-musl": "4.52.2",
-        "@rollup/rollup-linux-s390x-gnu": "4.52.2",
-        "@rollup/rollup-linux-x64-gnu": "4.52.2",
-        "@rollup/rollup-linux-x64-musl": "4.52.2",
-        "@rollup/rollup-openharmony-arm64": "4.52.2",
-        "@rollup/rollup-win32-arm64-msvc": "4.52.2",
-        "@rollup/rollup-win32-ia32-msvc": "4.52.2",
-        "@rollup/rollup-win32-x64-gnu": "4.52.2",
-        "@rollup/rollup-win32-x64-msvc": "4.52.2",
+        "@rollup/rollup-android-arm-eabi": "4.52.4",
+        "@rollup/rollup-android-arm64": "4.52.4",
+        "@rollup/rollup-darwin-arm64": "4.52.4",
+        "@rollup/rollup-darwin-x64": "4.52.4",
+        "@rollup/rollup-freebsd-arm64": "4.52.4",
+        "@rollup/rollup-freebsd-x64": "4.52.4",
+        "@rollup/rollup-linux-arm-gnueabihf": "4.52.4",
+        "@rollup/rollup-linux-arm-musleabihf": "4.52.4",
+        "@rollup/rollup-linux-arm64-gnu": "4.52.4",
+        "@rollup/rollup-linux-arm64-musl": "4.52.4",
+        "@rollup/rollup-linux-loong64-gnu": "4.52.4",
+        "@rollup/rollup-linux-ppc64-gnu": "4.52.4",
+        "@rollup/rollup-linux-riscv64-gnu": "4.52.4",
+        "@rollup/rollup-linux-riscv64-musl": "4.52.4",
+        "@rollup/rollup-linux-s390x-gnu": "4.52.4",
+        "@rollup/rollup-linux-x64-gnu": "4.52.4",
+        "@rollup/rollup-linux-x64-musl": "4.52.4",
+        "@rollup/rollup-openharmony-arm64": "4.52.4",
+        "@rollup/rollup-win32-arm64-msvc": "4.52.4",
+        "@rollup/rollup-win32-ia32-msvc": "4.52.4",
+        "@rollup/rollup-win32-x64-gnu": "4.52.4",
+        "@rollup/rollup-win32-x64-msvc": "4.52.4",
         "fsevents": "~2.3.2"
       }
     },
@@ -3009,9 +3023,9 @@
       }
     },
     "node_modules/scheduler": {
-      "version": "0.26.0",
-      "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.26.0.tgz",
-      "integrity": "sha512-NlHwttCI/l5gCPR3D1nNXtWABUmBwvZpEQiD4IXSbIDq8BzLIK/7Ir5gTFSGZDUu37K5cMNp0hFtzO38sC7gWA==",
+      "version": "0.27.0",
+      "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.27.0.tgz",
+      "integrity": "sha512-eNv+WrVbKu1f3vbYJT/xtiF5syA5HPIMtf9IgY/nKg0sWqzAUEvqY/xm7OcZc/qafLx/iO9FgOmeSAp4v5ti/Q==",
       "license": "MIT"
     },
     "node_modules/semver": {
@@ -3171,9 +3185,9 @@
       }
     },
     "node_modules/typescript": {
-      "version": "5.8.3",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.8.3.tgz",
-      "integrity": "sha512-p1diW6TqL9L07nNxvRMM7hMMw4c5XOo/1ibL4aAIGmSAt9slTE1Xgw5KWuof2uTOvCg9BY7ZRi+GaF+7sfgPeQ==",
+      "version": "5.9.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",
+      "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
       "dev": true,
       "license": "Apache-2.0",
       "bin": {
@@ -3185,16 +3199,16 @@
       }
     },
     "node_modules/typescript-eslint": {
-      "version": "8.44.1",
-      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.44.1.tgz",
-      "integrity": "sha512-0ws8uWGrUVTjEeN2OM4K1pLKHK/4NiNP/vz6ns+LjT/6sqpaYzIVFajZb1fj/IDwpsrrHb3Jy0Qm5u9CPcKaeg==",
+      "version": "8.45.0",
+      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.45.0.tgz",
+      "integrity": "sha512-qzDmZw/Z5beNLUrXfd0HIW6MzIaAV5WNDxmMs9/3ojGOpYavofgNAAD/nC6tGV2PczIi0iw8vot2eAe/sBn7zg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/eslint-plugin": "8.44.1",
-        "@typescript-eslint/parser": "8.44.1",
-        "@typescript-eslint/typescript-estree": "8.44.1",
-        "@typescript-eslint/utils": "8.44.1"
+        "@typescript-eslint/eslint-plugin": "8.45.0",
+        "@typescript-eslint/parser": "8.45.0",
+        "@typescript-eslint/typescript-estree": "8.45.0",
+        "@typescript-eslint/utils": "8.45.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -3208,6 +3222,13 @@
         "typescript": ">=4.8.4 <6.0.0"
       }
     },
+    "node_modules/undici-types": {
+      "version": "7.14.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.14.0.tgz",
+      "integrity": "sha512-QQiYxHuyZ9gQUIrmPo3IA+hUl4KYk8uSA7cHrcKd/l3p1OTpZcM0Tbp9x7FAtXdAYhlasd60ncPpgu6ihG6TOA==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/update-browserslist-db": {
       "version": "1.1.3",
       "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.1.3.tgz",
@@ -3250,9 +3271,9 @@
       }
     },
     "node_modules/vite": {
-      "version": "7.1.7",
-      "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.7.tgz",
-      "integrity": "sha512-VbA8ScMvAISJNJVbRDTJdCwqQoAareR/wutevKanhR2/1EkoXVZVkkORaYm/tNVCjP/UDTKtcw3bAkwOUdedmA==",
+      "version": "7.1.9",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.9.tgz",
+      "integrity": "sha512-4nVGliEpxmhCL8DslSAUdxlB6+SMrhB0a1v5ijlh1xB1nEPuy1mxaHxysVucLHuWryAxLWg6a5ei+U4TLn/rFg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {

7project/frontend/package.json

@@ -15,15 +15,16 @@
   },
   "devDependencies": {
     "@eslint/js": "^9.36.0",
-    "@types/react": "^19.1.13",
+    "@types/node": "^24.6.0",
+    "@types/react": "^19.1.16",
     "@types/react-dom": "^19.1.9",
-    "@vitejs/plugin-react": "^5.0.3",
+    "@vitejs/plugin-react": "^5.0.4",
     "eslint": "^9.36.0",
     "eslint-plugin-react-hooks": "^5.2.0",
-    "eslint-plugin-react-refresh": "^0.4.20",
+    "eslint-plugin-react-refresh": "^0.4.22",
     "globals": "^16.4.0",
-    "typescript": "~5.8.3",
-    "typescript-eslint": "^8.44.0",
+    "typescript": "~5.9.3",
+    "typescript-eslint": "^8.45.0",
     "vite": "^7.1.7"
   }
 }

7project/frontend/src/App.tsx

@@ -2,6 +2,7 @@ import { useState } from 'react'
 import reactLogo from './assets/react.svg'
 import viteLogo from '/vite.svg'
 import './App.css'
+import { BACKEND_URL } from './config'
 
 function App() {
   const [count, setCount] = useState(0)
@@ -24,6 +25,9 @@ function App() {
         <p>
           Edit <code>src/App.tsx</code> and save to test HMR
         </p>
+        <p style={{ fontSize: 12, color: '#888' }}>
+          Backend URL: <code>{BACKEND_URL || '(not configured)'}</code>
+        </p>
       </div>
       <p className="read-the-docs">
         Click on the Vite and React logos to learn more

7project/frontend/src/config.ts

@@ -0,0 +1,2 @@
+export const BACKEND_URL: string =
+  import.meta.env.VITE_BACKEND_URL ?? '';

7project/frontend/tsconfig.node.json

@@ -4,7 +4,7 @@
     "target": "ES2023",
     "lib": ["ES2023"],
     "module": "ESNext",
-    "types": [],
+    "types": ["node"],
     "skipLibCheck": true,
 
     /* Bundler mode */

7project/meetings/2025-10-16-meeting.md

@@ -0,0 +1,53 @@
+# Weekly Meeting Notes
+
+- Group 8 - Personal finance tracker
+- Mentor: Jaychander
+
+Keep all meeting notes in the `meetings.md` file in your project folder.
+Just copy the template below for each weekly meeting and fill in the details.
+
+## Administrative Info
+
+- Date: 2025-10-08
+- Attendees: Dejan Ribarovski, Lukas Trkan
+- Notetaker: Dejan Ribarovski
+
+## Progress Update (Before Meeting)
+
+Summary of what has been accomplished since the last meeting in the following categories.
+
+## Action Items from Last Week (During Meeting)
+
+- [x] start coding the app logic
+- [x] start writing the report so it matches the actual progress
+- [x] redo the system diagram so it includes a response flow
+
+### Coding
+Implemented initial functioning version of the app, added OAuth with BankId and MojeID,
+added database snapshots.
+
+### Documentation
+report.md is up to date
+
+## Questions and Topics for Discussion (Before Meeting)
+
+Prepare 3-5 questions and topics you want to discuss with your mentor.
+
+1. What other functionality should be added to the app
+2. Priority for the next week (Testing maybe?)
+3. Question 3
+
+## Discussion Notes (During Meeting)
+
+## Action Items for Next Week (During Meeting)
+
+Last 3 minutes of the meeting, summarize action items.
+
+- [ ] OAuth
+- [ ] CI/CD fix
+- [ ] Database local (multiple bank accounts)
+- [ ] Add tests and set up github pipeline
+- [ ] Frontend imporvment - user experience
+- [ ] make the report more clear
+
+---

7project/meetings/2025-10-9-meeting.md

@@ -0,0 +1,54 @@
+# Weekly Meeting Notes
+
+- Group 8 - Personal finance tracker
+- Mentor: Jaychander
+
+Keep all meeting notes in the `meetings.md` file in your project folder.
+Just copy the template below for each weekly meeting and fill in the details.
+
+## Administrative Info
+
+- Date: 2025-10-08
+- Attendees: Dejan Ribarovski, Lukas Trkan
+- Notetaker: Dejan Ribarovski
+
+## Progress Update (Before Meeting)
+
+Summary of what has been accomplished since the last meeting in the following categories.
+
+### Coding
+
+Lukas has implemented the template source directories, source files and config files necessary for deployment 
+- docker compose for database, redis cache and rabbit MQ
+- tofu
+- backend template
+- frontend template
+- charts templates
+
+### Documentation
+- Created GitHub issues for the next steps 
+- Added this document + checklist and report
+
+## Questions and Topics for Discussion (Before Meeting)
+
+Prepare 3-5 questions and topics you want to discuss with your mentor.
+
+1. Anything we should add structure-wise?
+2. Anything you would like us to prioritize until next week?
+
+## Discussion Notes (During Meeting)
+
+- start working on the report
+- start coding the actual code
+- write problems solved
+- redo the system diagram - see the response as well
+- create a meetings folder wih seperate meetings files
+## Action Items for Next Week (During Meeting)
+
+Last 3 minutes of the meeting, summarize action items.
+
+- [ ] start coding the app logic
+- [ ] start writing the report so it matches the actual progress
+- [ ] redo the system diagram so it includes a response flow
+
+---

7project/meetings/meeting-template.md

@@ -0,0 +1,41 @@
+# Weekly Meeting Notes
+
+- Group X - Project Title
+- Mentor: Mentor Name
+
+Keep all meeting notes in the `meetings.md` file in your project folder.
+Just copy the template below for each weekly meeting and fill in the details.
+
+## Administrative Info
+
+- Date: 2025-09-19
+- Attendees: Name1, Name2, Name3
+- Notetaker: Name1
+
+## Progress Update (Before Meeting)
+
+Summary of what has been accomplished since the last meeting in the following categories.
+
+### Coding
+
+### Documentation
+
+## Questions and Topics for Discussion (Before Meeting)
+
+Prepare 3-5 questions and topics you want to discuss with your mentor.
+
+1. Question 1
+2. Question 2
+3. Question 3
+
+## Discussion Notes (During Meeting)
+
+## Action Items for Next Week (During Meeting)
+
+Last 3 minutes of the meeting, summarize action items.
+
+- [ ] Action Item 1
+- [ ] Action Item 2
+- [ ] Action Item 3
+
+---

7project/report.md

@@ -0,0 +1,394 @@
+# Personal finance tracker
+
+> **Instructions**:
+> This template provides the structure for your project report.
+> Replace the placeholder text with your actual content.
+> Remove instructions that are not relevant for your project, but leave the headings along with a (NA) label.
+
+## Project Overview
+
+**Project Name**: Personal Finance Tracker
+
+**Group Members**:
+
+- 289229, Lukáš Trkan, lukastrkan
+- 289258, Dejan Ribarovski, derib2613, ribardej
+
+**Brief Description**:
+Our application is a finance tracker, so a person can easily track his cash flow
+through multiple bank accounts. Person can label transactions with custom categories
+and later filter by them.
+
+## Architecture Overview
+Our system is a full‑stack web application composed of a React frontend, a FastAPI backend, a PostgreSQL database, and asynchronous background workers powered by Celery with RabbitMQ. Redis is available for caching/kv and may be used by Celery as a result backend. The backend exposes REST endpoints for authentication (email/password and OAuth), users, categories, and transactions. A thin controller layer (FastAPI routers) lives under app/api. Infrastructure for Kubernetes is provided via OpenTofu (Terraform‑compatible) modules and the application is packaged via a Helm chart.
+
+### High-Level Architecture
+
+```mermaid
+flowchart LR
+    proc_queue[Message Queue] --> proc_queue_worker[Worker Service]
+    proc_queue_worker --> ext_mail[(Email Service)]
+    proc_cron[Task planner] --> proc_queue
+    proc_queue_worker --> ext_bank[(Bank API)]
+    proc_queue_worker --> db
+    client[Client/Frontend] <--> svc[Backend API]
+    svc --> proc_queue
+    svc <--> db[(Database)]
+    svc <--> cache[(Cache)]
+```
+
+### Components
+
+- Frontend (frontend/): React + TypeScript app built with Vite. Talks to the backend via REST, handles login/registration, shows latest transactions, filtering, and allows adding transactions.
+- Backend API (backend/app): FastAPI app with routers under app/api for auth, categories, and transactions. Uses FastAPI Users for auth (JWT + OAuth), SQLAlchemy ORM, and Pydantic v2 schemas.
+- Worker service (backend/app/workers): Celery worker handling asynchronous tasks (e.g., sending verification emails, future background processing).
+- Database (PostgreSQL): Persists users, categories, transactions; schema managed by Alembic migrations.
+- Message Queue (RabbitMQ): Transports background jobs from the API to the worker.
+- Cache/Result Store (Redis): Available for caching or Celery result backend.
+- Infrastructure as Code (tofu/): OpenTofu modules provisioning cluster services (RabbitMQ, Redis, Argo CD, cert-manager, Cloudflare tunnel, etc.).
+- Deployment Chart (charts/myapp-chart/): Helm chart to deploy the application to Kubernetes.
+
+### Technologies Used
+
+- Backend: Python, FastAPI, FastAPI Users, SQLAlchemy, Pydantic, Alembic, Celery
+- Frontend: React, TypeScript, Vite
+- Database: PostgreSQL
+- Messaging: RabbitMQ 
+- Cache: Redis
+- Containerization/Orchestration: Docker, Docker Compose (dev), Kubernetes, Helm
+- IaC/Platform: OpenTofu (Terraform), Argo CD, cert-manager, MetalLB, Cloudflare Tunnel, Prometheus
+
+## Prerequisites
+
+### System Requirements
+
+- Operating System: Linux, macOS, or Windows
+- Minimum RAM: 4 GB (8 GB recommended for running backend, frontend, and database together)
+- Storage: 2 GB free (Docker images may require additional space)
+
+### Required Software
+
+- Docker Desktop or Docker Engine 24+
+- Docker Compose v2+
+- Node.js 20+ and npm 10+ (for local frontend dev/build)
+- Python 3.12+ (for local backend dev outside Docker)
+- PostgreSQL 15+ (optional if running DB outside Docker)
+- Helm 3.12+ and kubectl 1.29+ (for Kubernetes deployment)
+- OpenTofu 1.7+ (for infrastructure provisioning)
+
+### Environment Variables (common)
+
+- Backend: SECRET, FRONTEND_URL, BACKEND_URL, DATABASE_URL, RABBITMQ_URL, REDIS_URL 
+- OAuth vars (Backend): MOJEID_CLIENT_ID/SECRET, BANKID_CLIENT_ID/SECRET (optional)
+- Frontend: VITE_BACKEND_URL
+
+### Dependencies (key libraries)
+I am not sure what is meant by "key libraries"
+
+Backend: FastAPI, fastapi-users, SQLAlchemy, pydantic v2, Alembic, Celery  
+Frontend: React, TypeScript, Vite  
+Services: PostgreSQL, RabbitMQ, Redis
+
+## Build Instructions
+
+You can run the project with Docker Compose (recommended for local development) or run services manually.
+
+### 1) Clone the Repository
+
+```bash
+git clone https://github.com/dat515-2025/Group-8.git
+cd 7project
+```
+
+### 2) Install dependencies
+Backend
+```bash
+# In 7project/backend
+python3.12 -m venv .venv
+source .venv/bin/activate  # Windows: .venv\Scripts\activate
+pip install -r requirements.txt
+```
+Frontend
+```bash
+# In 7project/frontend
+npm install
+```
+
+### 3) Manual Local Run
+
+Backend
+```bash
+# From the 7project/ directory
+docker compose up --build
+# This starts: PostgreSQL, RabbitMQ/Redis (if defined)
+
+# Set environment variables (or create .env file)
+export SECRET=CHANGE_ME_SECRET
+export BACKEND_URL=http://127.0.0.1:8000
+export FRONTEND_URL=http://localhost:5173
+export DATABASE_URL=postgresql+asyncpg://user:password@127.0.0.1:5432/app
+export RABBITMQ_URL=amqp://guest:guest@127.0.0.1:5672/
+export REDIS_URL=redis://127.0.0.1:6379/0
+
+# Apply DB migrations (Alembic)
+# From 7project/backend
+alembic upgrade head
+
+# Run API
+uvicorn app.app:fastApi --reload --host 0.0.0.0 --port 8000
+
+# Run Celery worker (optional, for emails/background tasks)
+celery -A app.celery_app.celery_app worker -l info
+```
+
+Frontend
+```bash
+# Configure backend URL for dev
+echo 'VITE_BACKEND_URL=http://127.0.0.1:8000' > .env
+npm run dev
+# Open http://localhost:5173
+```
+
+- Backend default: http://127.0.0.1:8000 (OpenAPI at /docs)
+- Frontend default: http://localhost:5173
+
+If needed, adjust compose services/ports in compose.yml.
+
+
+## Deployment Instructions
+
+### Local (Docker Compose)
+
+Described in the previous section (Manual Local Run)
+
+### Kubernetes (via OpenTofu + Helm)
+
+1) Provision platform services (RabbitMQ/Redis/ingress/tunnel/etc.) with OpenTofu
+```bash
+cd tofu
+# copy and edit variables
+cp terraform.tfvars.example terraform.tfvars
+# authenticate to your cluster/cloud as needed, then:
+tofu init
+tofu plan
+tofu apply
+```
+
+2) Deploy the app using Helm
+```bash
+# Set the namespace
+kubectl create namespace myapp || true
+
+# Install/upgrade the chart with required values
+helm upgrade --install myapp charts/myapp-chart \
+  -n myapp \
+  -f charts/myapp-chart/values.yaml \
+  --set image.backend.repository=myorg/myapp-backend \
+  --set image.backend.tag=latest \
+  --set env.BACKEND_URL="https://myapp.example.com" \
+  --set env.FRONTEND_URL="https://myapp.example.com" \
+  --set env.SECRET="CHANGE_ME_SECRET"
+```
+Adjust values to your registry and domain. The chart’s NOTES.txt includes additional examples.
+
+3) Expose and access
+- If using Cloudflare Tunnel or an ingress, configure DNS accordingly (see tofu/modules/cloudflare and deployment/tunnel.yaml).
+- For quick testing without ingress:
+```bash
+kubectl -n myapp port-forward deploy/myapp-backend 8000:8000
+kubectl -n myapp port-forward deploy/myapp-frontend 5173:80
+```
+
+### Verification
+
+```bash
+# Check pods
+kubectl -n myapp get pods
+
+# Backend health
+curl -i http://127.0.0.1:8000/
+# OpenAPI
+open http://127.0.0.1:8000/docs
+
+# Frontend (if port-forwarded)
+open http://localhost:5173
+```
+
+## Testing Instructions
+
+### Unit Tests
+
+```bash
+# Commands to run unit tests
+# For example:
+# go test ./...
+# npm test
+```
+
+### Integration Tests
+
+```bash
+# Commands to run integration tests
+# Any setup required for integration tests
+```
+
+### End-to-End Tests
+
+```bash
+# Commands to run e2e tests
+# How to set up test environment
+```
+
+## Usage Examples
+
+All endpoints are documented at OpenAPI: http://127.0.0.1:8000/docs
+
+### Auth: Register and Login (JWT)
+
+```bash
+# Register
+curl -X POST http://127.0.0.1:8000/auth/register \
+  -H 'Content-Type: application/json' \
+  -d '{
+    "email": "user@example.com",
+    "password": "StrongPassw0rd",
+    "first_name": "Jane",
+    "last_name": "Doe"
+  }'
+
+# Login (JWT)
+TOKEN=$(curl -s -X POST http://127.0.0.1:8000/auth/jwt/login \
+  -H 'Content-Type: application/x-www-form-urlencoded' \
+  -d 'username=user@example.com&password=StrongPassw0rd' | jq -r .access_token)
+
+echo $TOKEN
+
+# Call a protected route
+curl -H "Authorization: Bearer $TOKEN" http://127.0.0.1:8000/authenticated-route
+```
+
+### Frontend
+
+- Start with: npm run dev in 7project/frontend
+- Ensure VITE_BACKEND_URL is set to the backend URL (e.g., http://127.0.0.1:8000)
+- Open http://localhost:5173
+- Login, view latest transactions, filter, and add new transactions from the UI.
+
+---
+
+## Presentation Video
+
+**YouTube Link**: [Insert your YouTube link here]
+
+**Duration**: [X minutes Y seconds]
+
+**Video Includes**:
+
+- [ ] Project overview and architecture
+- [ ] Live demonstration of key features
+- [ ] Code walkthrough
+- [ ] Build and deployment showcase
+
+## Troubleshooting
+
+### Common Issues
+
+#### Issue 1: [Common problem]
+
+**Symptoms**: [What the user sees]
+**Solution**: [Step-by-step fix]
+
+#### Issue 2: [Another common problem]
+
+**Symptoms**: [What the user sees]
+**Solution**: [Step-by-step fix]
+
+### Debug Commands
+
+```bash
+# Useful commands for debugging
+# Log viewing commands
+# Service status checks
+```
+
+---
+
+## Self-Assessment Table
+
+> Be honest and detailed in your assessments.
+> This information is used for individual grading.
+> Link to the specific commit on GitHub for each contribution.
+
+| Task/Component                                                        | Assigned To | Status        | Time Spent     | Difficulty | Notes       |
+|-----------------------------------------------------------------------|-------------| ------------- |----------------|------------| ----------- |
+| [Project Setup & Repository](https://github.com/dat515-2025/Group-8#) | Lukas       | ✅ Complete    | [X hours]      | Medium     | [Any notes] |
+| [Design Document](https://github.com/dat515-2025/Group-8/blob/main/6design/design.md)          | Both        | ✅ Complete    | 2 Hours        | Easy       | [Any notes] |
+| [Backend API Development](https://github.com/dat515-2025/Group-8/tree/main/7project/backend/app/api)  | Dejan       | ✅ Complete    | 10 hours       | Medium     | [Any notes] |
+| [Database Setup & Models](https://github.com/dat515-2025/Group-8/tree/main/7project/backend/app/models)  | Lukas       | ✅ Complete    | [X hours]      | Medium     | [Any notes] |
+| [Frontend Development](https://github.com/dat515-2025/Group-8/tree/main/7project/frontend)     | Dejan       | 🔄 In Progress | 7 hours so far | Medium     | [Any notes] |
+| [Docker Configuration](https://github.com/dat515-2025/Group-8/blob/main/7project/compose.yml)     | Lukas       | ✅ Complete    | [X hours]      | Easy       | [Any notes] |
+| [Cloud Deployment](https://github.com/dat515-2025/Group-8/blob/main/7project/deployment/app-demo-deployment.yaml)         | Lukas       | ✅ Complete    | [X hours]      | Hard       | [Any notes] |
+| [Testing Implementation](https://github.com/dat515-2025/group-name)   | Dejan       | ❌ Not Started     | [X hours]      | Medium     | [Any notes] |
+| [Documentation](https://github.com/dat515-2025/group-name)            | Both        | ❌ Not Started   | [X hours]      | Easy       | [Any notes] |
+| [Presentation Video](https://github.com/dat515-2025/group-name)       | Both        | ❌ Not Started     | [X hours]      | Medium     | [Any notes] |
+
+**Legend**: ✅ Complete | 🔄 In Progress | ⏳ Pending | ❌ Not Started
+
+## Hour Sheet
+
+> Link to the specific commit on GitHub for each contribution.
+
+### [Team Member 1 Name]
+
+| Date      | Activity            | Hours      | Description                         |
+| --------- | ------------------- | ---------- | ----------------------------------- |
+| [Date]    | Initial Setup       | [X.X]      | Repository setup, project structure |
+| [Date]    | Backend Development | [X.X]      | Implemented user authentication     |
+| [Date]    | Testing             | [X.X]      | Unit tests for API endpoints        |
+| [Date]    | Documentation       | [X.X]      | Updated README and design doc       |
+| **Total** |                     | **[XX.X]** |                                     |
+
+### Dejan
+
+| Date        | Activity             | Hours  | Description                    |
+|-------------|----------------------|--------|--------------------------------|
+| 25.9.       | Design               | 1.5    | 6design                        |
+| 9-11.10.    | Backend APIs         | 10     | Implemented Backend APIs       |
+| 13-15.10.   | Frontend Development | 6.5    | Created user interface mockups |
+| Continually | Documantation        | 3      | Documenting the dev process    |
+| **Total**   |                      | **21** |                                |
+
+
+### Group Total: [XXX.X] hours
+
+---
+
+## Final Reflection
+
+### What We Learned
+
+[Reflect on the key technical and collaboration skills learned during this project]
+
+### Challenges Faced
+
+[Describe the main challenges and how you overcame them]
+
+### If We Did This Again
+
+[What would you do differently? What worked well that you'd keep?]
+
+### Individual Growth
+
+#### [Team Member 1 Name]
+
+[Personal reflection on growth, challenges, and learning]
+
+#### [Team Member 2 Name]
+
+[Personal reflection on growth, challenges, and learning]
+
+
+---
+
+**Report Completion Date**: [Date]
+**Last Updated**: 15.10.2025

7project/tofu/main.tf

@@ -42,22 +42,27 @@ provider "helm" {
 }
 
 module "storage" {
-  source = "${path.module}/modules/storage"
+  source = "./modules/storage"
+}
+
+module "metrics_server" {
+  source     = "./modules/metrics-server"#
 }
 
 module "loadbalancer" {
-  source     = "${path.module}/modules/metallb"
+  source     = "./modules/metallb"
   depends_on = [module.storage]
 
   metallb_ip_range = var.metallb_ip_range
 }
 
 module "cert-manager" {
-  source = "${path.module}/modules/cert-manager"
+  source     = "./modules/cert-manager"
+  depends_on = [module.loadbalancer]
 }
 
 module "cloudflare" {
-  source     = "${path.module}/modules/cloudflare"
+  source     = "./modules/cloudflare"
   depends_on = [module.cert-manager]
 
   cloudflare_api_token   = var.cloudflare_api_token
@@ -67,10 +72,16 @@ module "cloudflare" {
   cloudflare_account_id  = var.cloudflare_account_id
 }
 
+module "monitoring" {
+  source                 = "./modules/prometheus"
+  depends_on             = [module.cloudflare]
+  cloudflare_domain = var.cloudflare_domain
+}
+
 
 module "database" {
-  source     = "${path.module}/modules/maxscale"
-  depends_on = [module.storage, module.loadbalancer, module.cloudflare]
+  source     = "./modules/maxscale"
+  depends_on = [module.monitoring]
 
   mariadb_password      = var.mariadb_password
   mariadb_root_password = var.mariadb_root_password
@@ -85,25 +96,32 @@ module "database" {
 
   phpmyadmin_enabled = var.phpmyadmin_enabled
   cloudflare_domain  = var.cloudflare_domain
+
+  s3_enabled = var.s3_enabled
+  s3_bucket = var.s3_bucket
+  s3_region = var.s3_region
+  s3_endpoint = var.s3_endpoint
+  s3_key_id = var.s3_key_id
+  s3_key_secret = var.s3_key_secret
 }
 
-module "argocd" {
-  source     = "${path.module}/modules/argocd"
-  depends_on = [module.storage, module.loadbalancer, module.cloudflare]
+#module "argocd" {
+#  source     = "${path.module}/modules/argocd"
+#  depends_on = [module.storage, module.loadbalancer, module.cloudflare]
 
-  argocd_admin_password = var.argocd_admin_password
-  cloudflare_domain     = var.cloudflare_domain
-}
+#  argocd_admin_password = var.argocd_admin_password
+#  cloudflare_domain     = var.cloudflare_domain
+#}
 
-module "redis" {
-  source                 = "${path.module}/modules/redis"
-  depends_on             = [module.storage]
-  cloudflare_base_domain = var.cloudflare_domain
-}
+#module "redis" {
+#  source                 = "${path.module}/modules/redis"
+#  depends_on             = [module.storage]
+#  cloudflare_base_domain = var.cloudflare_domain
+#}
 
 module "rabbitmq" {
-  source            = "${path.module}/modules/rabbitmq"
-  depends_on        = [module.storage]
+  source            = "./modules/rabbitmq"
+  depends_on        = [module.database]
   base_domain       = var.cloudflare_domain
   rabbitmq-password = var.rabbitmq-password
 }