finish alpha.1.1

Author: CaesarLi-WantToBeAFreeMan

backend/src/main/java/com/caesarjlee/caesarfinancialtracker/configurations/BotBlocker.java

@@ -0,0 +1,55 @@
+package com.caesarjlee.caesarfinancialtracker.configurations;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+
+import jakarta.servlet.*;
+import jakarta.servlet.http.*;
+import java.io.IOException;
+import java.util.*;
+
+/*
+ * block bots and unauthorized requests
+ * only allow:
+ *  1. allowed frontend origins (localhost and caesaris.net)
+ *  2. with a valid Bearer token
+ *  3. OPTIONS preflight requests
+ */
+@Component
+@Order(1)
+public class BotBlocker implements Filter {
+    @Value("${app.cors.allowed-origins}") private String allowedOriginsRaw;
+
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
+        throws IOException, ServletException {
+        HttpServletRequest  httpServletRequest  = (HttpServletRequest)servletRequest;
+        HttpServletResponse httpServletResponse = (HttpServletResponse)servletResponse;
+
+        // allow CORS preflight
+        if("OPTIONS".equalsIgnoreCase(httpServletRequest.getMethod())) {
+            filterChain.doFilter(httpServletRequest, httpServletResponse);
+            return;
+        }
+
+        String       origin              = httpServletRequest.getHeader("Origin");
+        String       authorizationHeader = httpServletRequest.getHeader("Authorization");
+
+        List<String> allowedOrigins =
+            Arrays.stream(allowedOriginsRaw.split(",")).map(String::trim).filter(str -> !str.isEmpty()).toList();
+
+        boolean hasValidOrigin        = origin != null && allowedOrigins.contains(origin);
+        boolean hasAuthoricationToken = authorizationHeader != null && authorizationHeader.startsWith("Bearer");
+
+        // block if neither an allowed origin nor a valid JWT token
+        if(!hasValidOrigin && !hasAuthoricationToken) {
+            httpServletResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
+            httpServletResponse.setContentType("application/json");
+            httpServletResponse.getWriter().write("{\"error\": \"Access denied\"}");
+            return;
+        }
+
+        filterChain.doFilter(httpServletRequest, httpServletResponse);
+    }
+}

backend/src/main/java/com/caesarjlee/caesarfinancialtracker/repositories/RecordRepository.java

@@ -2,25 +2,25 @@
 
 import com.caesarjlee.caesarfinancialtracker.entities.RecordEntity;
 
-import java.math.BigDecimal;
-import java.time.LocalDate;
-import java.util.*;
-
 import org.springframework.data.domain.*;
 import org.springframework.data.jpa.repository.*;
 import org.springframework.data.repository.query.Param;
 
-public interface RecordRepository extends JpaRepository <RecordEntity, Long> {
+import java.math.BigDecimal;
+import java.time.LocalDate;
+import java.util.*;
+
+public interface RecordRepository extends JpaRepository<RecordEntity, Long> {
     /*
         SELECT * FROM cft_records
             WHERE id = ? AND profile_id = ?
     */
-    Optional <RecordEntity> findByIdAndProfileId(Long id, Long profileId);
+    Optional<RecordEntity> findByIdAndProfileId(Long id, Long profileId);
     /*
         SELECT * FROM cft_records
             WHERE profile_id = ?
     */
-    List <RecordEntity> findByProfileId(Long profileId);
+    List<RecordEntity>     findByProfileId(Long profileId);
     /*
         SELECT r.* FROM cft_records r
             JOIN cft_categories c ON c.id = r.category_id
@@ -35,8 +35,7 @@ public interface RecordRepository extends JpaRepository <RecordEntity, Long> {
             ORDER BY ? ASC/DESC
             LIMIT ? OFFSET ?
     */
-    @Query(
-        """
+    @Query("""
             SELECT r FROM RecordEntity r
                 WHERE r.profile.id = :profileId
                     AND (:keyword       IS NULL OR LOWER(r.name)    LIKE LOWER(CONCAT('%', :keyword, '%')))
@@ -46,16 +45,11 @@ public interface RecordRepository extends JpaRepository <RecordEntity, Long> {
                     AND (:dateEnd       IS NULL OR r.date           <= :dateEnd)
                     AND (:priceLow      IS NULL OR r.price          >= :priceLow)
                     AND (:priceHigh     IS NULL OR r.price          <= :priceHigh)
-        """
-    )
-    Page<RecordEntity> search(@Param("profileId") Long profileId,
-                              @Param("keyword") String keyword,
-                              @Param("type") String type,
-                              @Param("categoryId") Long categoryId,
-                              @Param("dateStart") LocalDate dateStart,
-                              @Param("dateEnd") LocalDate dateEnd,
-                              @Param("priceLow") BigDecimal priceLow,
-                              @Param("priceHigh") BigDecimal priceHigh,
+        """)
+    Page<RecordEntity> search(@Param("profileId") Long profileId, @Param("keyword") String keyword,
+                              @Param("type") String type, @Param("categoryId") Long categoryId,
+                              @Param("dateStart") LocalDate dateStart, @Param("dateEnd") LocalDate dateEnd,
+                              @Param("priceLow") BigDecimal priceLow, @Param("priceHigh") BigDecimal priceHigh,
                               Pageable pageable);
     /*
         SELECT r.* FROM cft_records r
@@ -69,27 +63,19 @@ Page<RecordEntity> search(@Param("profileId") Long profileId,
                 AND (? IS NULL OR r.category_id IN (?, ...))
                 AND (? IS NULL OR LOWER(r.name) LIKE LOWER(CONCAT('%', ?, '%')))
     */
-    @Query(
-        """
-            SELECT r FROM RecordEntity r
-            WHERE r.profile.id = :profileId
-                AND (:type      IS NULL OR r.category.type          =   :type)
-                AND (:dateStart IS NULL OR r.date                       >= :dateStart)
-                AND (:dateEnd   IS NULL OR r.date                       <= :dateEnd)
-                AND (:priceLow  IS NULL OR r.price                      >= :priceLow)
-                AND (:priceHigh IS NULL OR r.price                      <= :priceHigh)
-                AND (:#{#categories == null || #categories.isEmpty()}   = true
-                                        OR r.category.id                IN :categories)
-                AND (:keyword   IS NULL OR LOWER(r.name)                LIKE LOWER(CONCAT('%', :keyword, '%')))
-        """
-    )
-    List <RecordEntity> searchAll(@Param("profileId") Long profileId,
-                                  @Param("type") String type,
-                                  @Param("dateStart") LocalDate dateStart,
-                                  @Param("dateEnd") LocalDate dateEnd,
-                                  @Param("priceLow") BigDecimal priceLow,
-                                  @Param("priceHigh") BigDecimal priceHigh,
-                                  @Param("skipCategories") boolean skipCategories,
-                                  @Param("categories") List <Long> categories,
-                                  @Param("keyword") String keyword);
+    @Query("""
+        SELECT r FROM RecordEntity r
+        WHERE r.profile.id = :profileId
+            AND (:type IS NULL OR :type = 'all' OR LOWER(r.category.type) = LOWER(:type))
+            AND (:dateStart  IS NULL OR r.date      >= :dateStart)
+            AND (:dateEnd    IS NULL OR r.date      <= :dateEnd)
+            AND (:priceLow   IS NULL OR r.price     >= :priceLow)
+            AND (:priceHigh  IS NULL OR r.price     <= :priceHigh)
+            AND (:categories IS NULL OR r.category.id IN :categories)
+            AND (:keyword    IS NULL OR LOWER(r.name) LIKE LOWER(CONCAT('%', :keyword, '%')))
+    """)
+    List<RecordEntity> searchAll(@Param("profileId") Long profileId, @Param("type") String type,
+                                 @Param("dateStart") LocalDate dateStart, @Param("dateEnd") LocalDate dateEnd,
+                                 @Param("priceLow") BigDecimal priceLow, @Param("priceHigh") BigDecimal priceHigh,
+                                 @Param("categories") List<Long> categories, @Param("keyword") String keyword);
 }

backend/src/main/java/com/caesarjlee/caesarfinancialtracker/services/RecordService.java

@@ -1,12 +1,12 @@
 package com.caesarjlee.caesarfinancialtracker.services;
 
-import com.caesarjlee.caesarfinancialtracker.dtos.records.*;
 import com.caesarjlee.caesarfinancialtracker.dtos.imports.ImportResponse;
+import com.caesarjlee.caesarfinancialtracker.dtos.records.*;
 import com.caesarjlee.caesarfinancialtracker.entities.*;
 import com.caesarjlee.caesarfinancialtracker.enumerations.*;
 import com.caesarjlee.caesarfinancialtracker.exceptions.categories.CategoryNotFoundException;
-import com.caesarjlee.caesarfinancialtracker.exceptions.records.*;
 import com.caesarjlee.caesarfinancialtracker.exceptions.pages.PageSizeException;
+import com.caesarjlee.caesarfinancialtracker.exceptions.records.*;
 import com.caesarjlee.caesarfinancialtracker.repositories.*;
 import com.caesarjlee.caesarfinancialtracker.utilities.*;
 
@@ -18,7 +18,6 @@
 import java.time.LocalDate;
 import java.util.List;
 import java.util.stream.Collectors;
-
 import lombok.RequiredArgsConstructor;
 
 @Service
@@ -30,11 +29,11 @@ public class RecordService {
     private final ImportFiles        importFiles;
     private final ExportFiles        exportFiles;
 
-    //helpers
+    // helpers
     private RecordResponse           toResponse(RecordEntity entity) {
-        return new RecordResponse(entity.getId(), entity.getName(), entity.getType(), entity.getIcon(), entity.getDate(),
-                                    entity.getPrice(), entity.getDescription(), entity.getCreatedAt(),
-                                    entity.getUpdatedAt(), entity.getCategory().getId());
+        return new RecordResponse(entity.getId(), entity.getName(), entity.getType(), entity.getIcon(),
+                                  entity.getDate(), entity.getPrice(), entity.getDescription(), entity.getCreatedAt(),
+                                  entity.getUpdatedAt(), entity.getCategory().getId());
     }
 
     private RecordOrders validOrder(String order) {
@@ -52,12 +51,12 @@ private Pageable validPage(String order, int page, int size) {
     }
 
     private void validate(LocalDate start, LocalDate end, BigDecimal low, BigDecimal high) {
-        //dates
+        // dates
         if(end != null && end.isAfter(LocalDate.now()))
             throw new InvalidRecordDateException(end + " must be <= " + LocalDate.now());
         if(start != null && end != null && start.isAfter(end))
             throw new InvalidRecordDateException(start + " must be <= " + end);
-        //prices
+        // prices
         if(low != null && low.compareTo(BigDecimal.ZERO) < 0)
             throw new InvalidRecordPriceException(low + " must be >= 0");
         if(high != null && high.compareTo(BigDecimal.ZERO) < 0)
@@ -66,15 +65,15 @@ private void validate(LocalDate start, LocalDate end, BigDecimal low, BigDecimal
             throw new InvalidRecordPriceException(low + " must be <= " + high);
     }
 
-    private static String toKeyword(String keyword){
+    private static String toKeyword(String keyword) {
         return keyword == null || keyword.isBlank() ? null : "%" + keyword.toLowerCase() + "%";
     }
 
-    private static String toType(String type){
+    private static String toType(String type) {
         return type == null || type.isBlank() || "all".equalsIgnoreCase(type) ? null : type.toLowerCase();
     }
 
-    //crud
+    // crud
     public RecordResponse create(RecordRequest request) {
         Long           profileId = profileService.getCurrentProfile().getId();
         CategoryEntity category =
@@ -98,23 +97,26 @@ public Page<RecordResponse> read(String order, String type, String keyword, Long
                                      LocalDate dateEnd, BigDecimal priceLow, BigDecimal priceHigh, int page, int size) {
         validate(dateStart, dateEnd, priceLow, priceHigh);
         return recordRepository
-            .search(profileService.getCurrentProfile().getId(), toKeyword(keyword), toType(type), categoryId, dateStart, dateEnd, priceLow,
-                    priceHigh, validPage(order, page, size))
+            .search(profileService.getCurrentProfile().getId(), toKeyword(keyword), toType(type), categoryId, dateStart,
+                    dateEnd, priceLow, priceHigh, validPage(order, page, size))
             .map(this::toResponse);
     }
 
-    public List <RecordResponse> readAll(String type, LocalDate dateStart, LocalDate dateEnd, BigDecimal priceLow, BigDecimal priceHigh, List <Long> categories, String keyword){
+    public List<RecordResponse> readAll(String type, LocalDate dateStart, LocalDate dateEnd, BigDecimal priceLow,
+                                        BigDecimal priceHigh, List<Long> categories, String keyword) {
         validate(dateStart, dateEnd, priceLow, priceHigh);
-        boolean skipCategories = categories == null || categories.isEmpty();
-        return recordRepository.searchAll(profileService.getCurrentProfile().getId(), toType(type), dateStart, dateEnd, priceLow, priceHigh, skipCategories, skipCategories ? List.of(-1L) : categories, keyword)
+        List<Long> categoryFilter = (categories == null || categories.isEmpty()) ? null : categories;
+        return recordRepository
+            .searchAll(profileService.getCurrentProfile().getId(), toType(type), dateStart, dateEnd, priceLow,
+                       priceHigh, categoryFilter, keyword)
             .stream()
             .map(this::toResponse)
             .collect(Collectors.toList());
     }
 
     public RecordResponse update(Long id, RecordRequest request) {
         RecordEntity entity = recordRepository.findByIdAndProfileId(id, profileService.getCurrentProfile().getId())
-                                            .orElseThrow(() -> new RecordNotFoundException(request.name()));
+                                  .orElseThrow(() -> new RecordNotFoundException(request.name()));
         entity.setName(request.name());
         entity.setType(request.type() == null ? entity.getType() : request.type());
         entity.setIcon(request.icon() == null ? entity.getIcon() : request.icon());
@@ -125,13 +127,13 @@ public RecordResponse update(Long id, RecordRequest request) {
             request.categoryId() == null
                 ? entity.getCategory()
                 : categoryRepository.findById(request.categoryId())
-                                    .orElseThrow(() -> new CategoryNotFoundException(Long.toString(request.categoryId()))));
+                      .orElseThrow(() -> new CategoryNotFoundException(Long.toString(request.categoryId()))));
         return toResponse(recordRepository.save(entity));
     }
 
     public void delete(Long id) {
         recordRepository.delete(recordRepository.findByIdAndProfileId(id, profileService.getCurrentProfile().getId())
-                                                .orElseThrow(() -> new RecordNotFoundException(Long.toString(id))));
+                                    .orElseThrow(() -> new RecordNotFoundException(Long.toString(id))));
     }
 
     public ImportResponse importRecord(MultipartFile file) {

backend/src/main/java/com/caesarjlee/caesarfinancialtracker/utilities/JwtService.java

@@ -12,10 +12,10 @@
 
 @Service
 public class JwtService {
-    @Value("${jwt.secret}") private String SECRET;
-    private static final long              EXPIRATION = 1_000 * 60 * 60 * 24 * 3;   // 3 days
+    @Value("${jwt.secret}") private String            SECRET;
+    @Value("${jwt.expiration:86400000}") private long EXPIRATION;
 
-    private SecretKey                      getSigningKey() {
+    private SecretKey                                 getSigningKey() {
         return Keys.hmacShaKeyFor(SECRET.getBytes());
     }
 

backend/src/main/resources/application.yml

@@ -1,4 +1,6 @@
 spring:
+    # profiles:
+    #     active: local
     jackson:
         property-naming-strategy: SNAKE_CASE
     datasource:
@@ -25,3 +27,4 @@ app:
 
 jwt:
     secret: ${JWT_SECRET}
+    expiration: ${JWT_EXPIRATION:86400000} #24 hours

frontend/index.html

@@ -2,9 +2,36 @@
 <html lang="en">
     <head>
         <meta charset="UTF-8" />
+        <link rel="icon" type="image/png" href="src/assets/images/logo.png" />
         <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+
+        <!--SEO (Search Engine Optimization)-->
         <title>Caesar Financial Tracker</title>
-        <link rel="icon" href="src/assets/images/logo.png" type="image/png" />
+        <meta
+            name="description"
+            content="Caesar Financial Tracker - Take over your wallet - track your income and expenses with
+            ease."
+        />
+        <meta
+            name="keyword"
+            content="financial tracker, expense tracker, income tracker, budget, money manager, java, spring
+            boot, typescript, react"
+        />
+        <meta name="author" content="Caesar James LEE" />
+
+        <!--tell Google to index home, /login and /signup pages only-->
+        <meta name="robots" content="index, follow" />
+        <meta name="googlebot" content="index, follow" />
+
+        <!--open graph to get better Google search results-->
+        <meta property="og:type" content="website" />
+        <meta property="og:title" content="Caesar Financial Tracker" />
+        <meta property="og:description" content="Take over your wallet. Track your income and expenses with ease." />
+        <meta property="og:url" content="https://caesaris.net" />
+        <meta property="og:image" content="https://caesaris.net/src/assets/images/logo.png" />
+
+        <!--sitemap-->
+        <link rel="sitemap" type="application/xml" href="/sitemap.xml" />
     </head>
     <body>
         <div id="root"></div>