4 files changed, 324 insertions, 0 deletions
diff --git a/src/controller/auth.ts b/src/controller/auth.ts
new file mode 100644
index 0000000..13196fb
--- /dev/null
+++ b/src/controller/auth.ts
@@ -0,0 +1,117 @@
+/* Financer - Pocket Money Tracker
+ * Copyright (C) 2025  Vidhu Kant Sharma <vidhukant@vidhukant.com>
+
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import { Request, Response } from "express";
+import bcrypt from "bcrypt";
+
+import { create, readByEmail, readById } from "../service/user";
+import { getAccessToken, getRefreshToken, verifyRefreshToken } from "../util/auth";
+
+const signup = async (req: Request, res: Response) => {
+    bcrypt.hash(req.body.password, 10, async (err, hash) => {
+        try {
+            if (err != undefined) {
+                res.status(500).json({ error: "Internal Server Error" });
+                console.error(err);
+            }
+
+            const user = await create({
+                ...req.body,
+                "password": hash,
+            });
+
+            // @ts-ignore
+            delete user["password"];
+            // @ts-ignore
+            delete user["refreshTokenVersion"]
+
+            res.status(201).json({
+                user: user,
+                accessToken: getAccessToken(user.id),
+                refreshToken: getRefreshToken(user.id, user.refreshTokenVersion)
+            });
+        } catch (error) {
+            res.status(500).json({ error: "Internal Server Error" });
+            console.error(error);
+        }
+    });
+}
+
+const login = async (req: Request, res: Response) => {
+    try {
+        const user = await readByEmail(req.body.email);
+
+        bcrypt.compare(req.body.password, user.password, (err, isMatch) => {
+            if (err != undefined) {
+                res.status(500).json({ error: "Internal Server Error" });
+                console.error(err);
+            }
+
+            if (isMatch) {
+                // @ts-ignore
+                delete user["password"];
+                // @ts-ignore
+                delete user["refreshTokenVersion"]
+
+                res.status(200).json({
+                    user: user,
+                    accessToken: getAccessToken(user.id),
+                    refreshToken: getRefreshToken(user.id, user.refreshTokenVersion)
+                });
+            } else {
+                res.status(400).json({ error: "Invalid Credentials" });
+            }
+        })
+    } catch (error) {
+        res.status(500).json({ error: "Internal Server Error" });
+        console.error(error);
+    }
+}
+
+const refresh = async (req: Request, res: Response) => {
+    try {
+        const claims = verifyRefreshToken(req.body.refreshToken);
+        const user = await readById(claims.userId);
+
+        if (!user) {
+            res.status(404).json({ error: "Not Found" })
+        } else {
+            // @ts-ignore
+            if (claims.version == user.refreshTokenVersion) {
+                // @ts-ignore
+                res.status(200).json({ accessToken: getAccessToken(user.id), refreshToken: getRefreshToken(user.id, user.refreshTokenVersion) });
+            } else {
+                res.status(401).json({ error: "Session Expired" })
+            }
+        }
+    } catch (error) {
+        // @ts-ignore
+        switch (error.message) {
+            case "invalid signature":
+                res.status(401).json({ error: "Invalid Credentials" });
+                break;
+            case "jwt expired":
+                res.status(401).json({ error: "Token Expired" });
+                break;
+            default:
+                res.status(500).json({ error: "Internal Server Error" });
+                console.error(error);
+        }
+    }
+}
+
+export { login, signup, refresh };
+\ No newline at end of file
diff --git a/src/controller/friend.ts b/src/controller/friend.ts
new file mode 100644
index 0000000..e98f1e6
--- /dev/null
+++ b/src/controller/friend.ts
@@ -0,0 +1,110 @@
+/* Financer - Pocket Money Tracker
+ * Copyright (C) 2025  Vidhu Kant Sharma <vidhukant@vidhukant.com>
+
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import { Request, Response } from "express";
+import { getFriendToken } from "../util/auth";
+import { friend, unfriend, list } from "../service/friend";
+import jwt from "jsonwebtoken";
+
+const friendRequest = async (req: Request, res: Response) => {
+    try {
+        // @ts-ignore
+        res.status(200).json({ token: getFriendToken(req.userId) })
+    } catch (error) {
+        res.status(500).json({ error: "Internal Server Error" });
+        console.error(error);
+    }
+}
+
+const addFriend = async (req: Request, res: Response) => {
+    try {
+        // @ts-ignore
+        jwt.verify(req.body.token as string, process.env.FRIEND_TOKEN_SECRET, async (err, claims) => {
+            if (err) {
+                // @ts-ignore
+                switch (err.message) {
+                    case "jwt expired":
+                        res.status(401).json({ error: "Request Expired" });
+                        break;
+                    case "invalid signature":
+                        res.status(401).json({ error: "Request Invalid" });
+                        break;
+                    default:
+                        res.status(500).json({ error: "Internal Server Error" });
+                        console.error(err)
+                        break;
+                }
+            } else {
+                // @ts-ignore
+                if (claims.userId == req.userId) {
+                    res.status(400).json({ message: "Attempted to become friends with self" });
+                } else {
+                    try {
+                        // @ts-ignore
+                        const _ = await friend(claims.userId, req.userId);
+                        res.status(200).json({ message: "success" });
+                    } catch (error) {
+                        // @ts-ignore
+                        if (error.code == "P2002") {
+                            res.status(409).json({ error: "Already friends" });
+                        } else {
+                            console.error(error);
+                            res.status(500).json({ error: "Internal Server Error" });
+                        }
+                    }
+                }
+            }
+        });
+    } catch(error) {
+        res.status(500).json({ error: "Internal Server Error" });
+        console.error(error);
+    }
+}
+
+const removeFriend = async (req: Request, res: Response) => {
+    try {
+        // @ts-ignore
+        const { count } = await unfriend(req.userId, req.body.friendId)
+        if (count > 0) {
+            res.status(200).json({ message: "success" });
+        } else {
+            res.status(404).json({ error: "Friend not found" });
+        }
+    } catch(error) {
+        res.status(500).json({ error: "Internal Server Error" });
+        console.error(error);
+    }
+}
+
+const listFriends = async (req: Request, res: Response) => {
+    try {
+        // @ts-ignore
+        const friends = await list(req.userId)
+        // @ts-ignore
+        res.status(200).json({ friends: friends });
+    } catch(error) {
+        res.status(500).json({ error: "Internal Server Error" });
+        console.error(error);
+    }
+}
+
+export {
+    friendRequest,
+    addFriend,
+    removeFriend,
+    listFriends
+}
diff --git a/src/controller/transaction.ts b/src/controller/transaction.ts
new file mode 100644
index 0000000..b5fcf99
--- /dev/null
+++ b/src/controller/transaction.ts
@@ -0,0 +1,57 @@
+/* Financer - Pocket Money Tracker
+ * Copyright (C) 2025  Vidhu Kant Sharma <vidhukant@vidhukant.com>
+
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import { Request, Response } from "express";
+import { create, read } from "../service/transaction";
+
+const addNew = async (req: Request, res: Response) => {
+    try {
+        // @ts-ignore
+        const transaction = await create({ ...req.body, userId: req.userId });
+        res.status(201).json({ transaction })
+    } catch(error) {
+        res.status(500).json({ error: "Internal Server Error" });
+        console.error(error);
+    }
+}
+
+const get = async (req: Request, res: Response) => {
+    try {
+        // @ts-ignore
+        const transactions = await read(req.userId, req.body.type);
+        res.status(transactions.length > 0 ? 200 : 204).json({ transactions })
+    } catch(error) {
+        res.status(500).json({ error: "Internal Server Error" });
+        console.error(error);
+    }
+}
+
+const remove = async (req: Request, res: Response) => {
+    try {
+        // TODO: check ownership before deletion
+        res.status(200).json({ "message": "work in progress" })
+    } catch(error) {
+        res.status(500).json({ error: "Internal Server Error" });
+        console.error(error);
+    }
+}
+
+export {
+    addNew,
+    get,
+    remove
+}
diff --git a/src/controller/user.ts b/src/controller/user.ts
new file mode 100644
index 0000000..7948c06
--- /dev/null
+++ b/src/controller/user.ts
@@ -0,0 +1,40 @@
+/* Financer - Pocket Money Tracker
+ * Copyright (C) 2025  Vidhu Kant Sharma <vidhukant@vidhukant.com>
+
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import { Request, Response } from "express";
+import { readById } from "../service/user";
+
+const profile = async (req: Request, res: Response) => {
+    try {
+        // @ts-ignore
+        const user = await readById(req.userId);
+
+        // @ts-ignore
+        delete user["password"]
+        // @ts-ignore
+        delete user["refreshTokenVersion"]
+
+        res.status(200).json({ user: user })
+    } catch(error) {
+        res.status(500).json({ error: "Internal Server Error" });
+        console.error(error);
+    }
+}
+
+export {
+    profile,
+}
+\ No newline at end of file