Arrelin/family_budget
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Arrelin:564adac6292a044593107de7b23b22d227f2fc8b
Branches Tags
Arrelin:master Arrelin:update-categories Arrelin:feature/change-categories Arrelin:bugfix/iro4ka Arrelin:feature/new-sort Arrelin:feature/new-deploy Arrelin:feature/history Arrelin:arrelin-patch-2 Arrelin:arrelin-patch-1 Arrelin:refactor/frontend-code-quality Arrelin:bugfix/revert
...
compare: Arrelin:514ced6e19d000f6793d531892ad1150a45e20c9
Branches Tags
Arrelin:master Arrelin:update-categories Arrelin:feature/change-categories Arrelin:bugfix/iro4ka Arrelin:feature/new-sort Arrelin:feature/new-deploy Arrelin:feature/history Arrelin:arrelin-patch-2 Arrelin:arrelin-patch-1 Arrelin:refactor/frontend-code-quality Arrelin:bugfix/revert

9 Commits
564adac629 ... 514ced6e19

Author SHA1 Message Date
arrelin
514ced6e19 fix
Some checks failed
Build and Publish Images / build-and-push (push) Has been cancelled
Details
2026-01-17 13:10:03 +03:00
arrelin
35e79de378 fix 2026-01-17 12:52:07 +03:00
arrelin
31bafb3c76 feat: replace back button with invite member functionality 2026-01-17 12:38:34 +03:00
arrelin
baccf0429b "fix: add family to authorized_families on create and OAuth login 2026-01-17 10:59:19 +03:00
arrelin
3e0e6ff456 oauth2 session fix 2026-01-17 10:47:09 +03:00
arrelin
48160331eb Merge remote-tracking branch 'origin/master' 2026-01-17 10:19:27 +03:00
arrelin
a4b06fb057 oauth2 2026-01-17 10:15:44 +03:00
Arrelin
a217beadec Merge pull request #3 from Arrelin/feature/ci-cd-update 
init
 2025-12-26 23:57:17 +03:00
arrelin
5fdb0c7ed7 init 2025-12-26 23:56:56 +03:00
30 changed files with 1986 additions and 356 deletions
Expand all files Collapse all files

4
.env
View File

@@ -7,3 +7,7 @@ DATABASE_URL=postgresql://bd_user:2123@localhost:5432/family_budget
APP_PORT=8080 APP_PORT=8080
RUST_LOG=info RUST_LOG=info
GOOGLE_CLIENT_ID=220924587308-nntk4hgu5rlknpgoq0m1qje8nhjnjmtf.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=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
GOOGLE_REDIRECT_URL=https://family-budget.duckdns.org/api/auth/google/callback

7
.env.example
View File

@@ -12,3 +12,10 @@ DOMAIN=yourdomain.com
EMAIL=your@email.com EMAIL=your@email.com
ALLOWED_ORIGINS=https://yourdomain.com ALLOWED_ORIGINS=https://yourdomain.com
GITHUB_USERNAME=your_github_username
GITHUB_TOKEN=your_github_personal_access_token
OWNER=your_github_username
REPO_USER=your_github_username
REPO_PASS=your_github_personal_access_token

3
backend/Cargo.toml
View File

@@ -22,3 +22,6 @@ argon2 = "0.5"
async-trait = "0.1" async-trait = "0.1"
thiserror = "2.0" thiserror = "2.0"
time = "0.3" time = "0.3"
oauth2 = { version = "5.0.0", features = ["reqwest"] }
reqwest = { version = "0.12.28", features = ["json"] }
rand = "0.8"

5
backend/src/auth.rs
View File

@@ -20,7 +20,7 @@ impl AuthUser for user::Model {
} }
fn session_auth_hash(&self) -> &[u8] { fn session_auth_hash(&self) -> &[u8] {
self.password_hash.as_bytes() self.password_hash.as_deref().unwrap_or("oauth").as_bytes()
} }
} }
@@ -56,7 +56,8 @@ impl AuthnBackend for AuthBackend {
.await?; .await?;
if let Some(user) = user { if let Some(user) = user {
let parsed_hash = PasswordHash::new(&user.password_hash) let password_hash = user.password_hash.as_ref().ok_or(Error::InvalidCredentials)?;
let parsed_hash = PasswordHash::new(password_hash)
.map_err(|_| Error::PasswordHash)?; .map_err(|_| Error::PasswordHash)?;
let is_valid = Argon2::default() let is_valid = Argon2::default()

49
backend/src/lib.rs
View File

@@ -7,7 +7,7 @@ use sea_orm_migration::prelude::*;
use std::net::SocketAddr; use std::net::SocketAddr;
use utoipa::OpenApi; use utoipa::OpenApi;
use utoipa_swagger_ui::SwaggerUi; use utoipa_swagger_ui::SwaggerUi;
use tower_sessions::{Expiry, SessionManagerLayer}; use tower_sessions::{Expiry, SessionManagerLayer, cookie::SameSite};
use tower_sessions_sqlx_store::PostgresStore; use tower_sessions_sqlx_store::PostgresStore;
use axum_login::AuthManagerLayerBuilder; use axum_login::AuthManagerLayerBuilder;
use time::Duration; use time::Duration;
@@ -29,7 +29,12 @@ pub use middleware::{require_admin, require_family_access};
paths( paths(
routes::auth::login, routes::auth::login,
routes::auth::logout, routes::auth::logout,
routes::auth::me,
routes::auth::family_login,
routes::oauth::google_auth,
routes::oauth::google_callback,
routes::family::create_family, routes::family::create_family,
routes::family::create_my_family,
routes::family::get_family, routes::family::get_family,
routes::family::get_all_families, routes::family::get_all_families,
routes::family::update_family, routes::family::update_family,
@@ -53,6 +58,11 @@ pub use middleware::{require_admin, require_family_access};
routes::shopping_item::mark_as_purchased, routes::shopping_item::mark_as_purchased,
routes::shopping_item::mark_all_as_purchased, routes::shopping_item::mark_all_as_purchased,
routes::shopping_item::clear_all, routes::shopping_item::clear_all,
routes::invite_link::create_invite_link,
routes::invite_link::get_my_invite_links,
routes::invite_link::delete_invite_link,
routes::invite_link::validate_invite_link,
routes::invite_link::join_family_via_invite,
), ),
components( components(
schemas( schemas(
@@ -62,7 +72,13 @@ pub use middleware::{require_admin, require_family_access};
models::shopping_item::Model, models::shopping_item::Model,
routes::auth::LoginRequest, routes::auth::LoginRequest,
routes::auth::LoginResponse, routes::auth::LoginResponse,
routes::auth::MeResponse,
routes::auth::FamilyLoginRequest,
routes::auth::FamilyLoginResponse,
routes::oauth::OAuthUrlResponse,
routes::family::CreateFamilyRequest, routes::family::CreateFamilyRequest,
routes::family::CreateMyFamilyRequest,
routes::family::CreateMyFamilyResponse,
routes::family::UpdateFamilyRequest, routes::family::UpdateFamilyRequest,
routes::category::CreateCategoryRequest, routes::category::CreateCategoryRequest,
routes::category::UpdateCategoryRequest, routes::category::UpdateCategoryRequest,
@@ -73,6 +89,11 @@ pub use middleware::{require_admin, require_family_access};
routes::shopping_item::UpdateShoppingItemRequest, routes::shopping_item::UpdateShoppingItemRequest,
routes::shopping_item::MarkAsPurchasedRequest, routes::shopping_item::MarkAsPurchasedRequest,
routes::shopping_item::BulkOperationResponse, routes::shopping_item::BulkOperationResponse,
models::invite_link::Model,
routes::invite_link::CreateInviteLinkRequest,
routes::invite_link::InviteLinkResponse,
routes::invite_link::ValidateInviteResponse,
routes::invite_link::JoinFamilyResponse,
) )
), ),
tags( tags(
@@ -80,7 +101,8 @@ pub use middleware::{require_admin, require_family_access};
(name = "families", description = "Family management endpoints"), (name = "families", description = "Family management endpoints"),
(name = "categories", description = "Category management endpoints"), (name = "categories", description = "Category management endpoints"),
(name = "expenses", description = "Expense management endpoints"), (name = "expenses", description = "Expense management endpoints"),
(name = "shopping-items", description = "Shopping list management endpoints") (name = "shopping-items", description = "Shopping list management endpoints"),
(name = "invite-links", description = "Family invite link management endpoints")
), ),
info( info(
title = "Family Budget API", title = "Family Budget API",
@@ -114,7 +136,8 @@ pub async fn create_app(db: DatabaseConnection) -> Result<Router, DbErr> {
.expect("Failed to run session store migrations"); .expect("Failed to run session store migrations");
let session_layer = SessionManagerLayer::new(session_store) let session_layer = SessionManagerLayer::new(session_store)
.with_secure(false) .with_secure(true)
.with_same_site(SameSite::Lax)
.with_expiry(Expiry::OnInactivity(Duration::days(7))); .with_expiry(Expiry::OnInactivity(Duration::days(7)));
let backend = auth::AuthBackend { db: db.clone() }; let backend = auth::AuthBackend { db: db.clone() };
@@ -130,6 +153,23 @@ pub async fn create_app(db: DatabaseConnection) -> Result<Router, DbErr> {
let auth_routes = Router::new() let auth_routes = Router::new()
.route("/login", post(routes::auth::login)) .route("/login", post(routes::auth::login))
.route("/logout", post(routes::auth::logout)) .route("/logout", post(routes::auth::logout))
.route("/me", get(routes::auth::me))
.route("/my-family", post(routes::family::create_my_family))
.route("/auth/family-login", post(routes::auth::family_login))
.layer(auth_layer.clone())
.with_state(db.clone());
let oauth_routes = Router::new()
.route("/auth/google", get(routes::oauth::google_auth))
.route("/auth/google/callback", get(routes::oauth::google_callback))
.layer(auth_layer.clone())
.with_state(db.clone());
let invite_link_routes = Router::new()
.route("/my-family/invite-links", post(routes::invite_link::create_invite_link))
.route("/my-family/invite-links", get(routes::invite_link::get_my_invite_links))
.route("/my-family/invite-links/:token", delete(routes::invite_link::delete_invite_link))
.route("/invite/:token/join", post(routes::invite_link::join_family_via_invite))
.layer(auth_layer) .layer(auth_layer)
.with_state(db.clone()); .with_state(db.clone());
@@ -162,12 +202,15 @@ pub async fn create_app(db: DatabaseConnection) -> Result<Router, DbErr> {
.route("/families/:id", get(routes::family::get_family)) .route("/families/:id", get(routes::family::get_family))
.route("/families/:id", put(routes::family::update_family)) .route("/families/:id", put(routes::family::update_family))
.route("/families/:id/verify", post(routes::family::verify_family_password)) .route("/families/:id/verify", post(routes::family::verify_family_password))
.route("/invite/:token", get(routes::invite_link::validate_invite_link))
.layer(session_layer) .layer(session_layer)
.with_state(db); .with_state(db);
let api_routes = Router::new() let api_routes = Router::new()
.merge(admin_family_routes) .merge(admin_family_routes)
.merge(auth_routes) .merge(auth_routes)
.merge(oauth_routes)
.merge(invite_link_routes)
.merge(family_protected_routes) .merge(family_protected_routes)
.merge(public_routes); .merge(public_routes);

77
backend/src/migration/m20250116_000001_add_oauth_fields.rs Normal file
View File

@@ -0,0 +1,77 @@
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.alter_table(
Table::alter()
.table(User::Table)
.add_column(ColumnDef::new(User::Email).string().unique_key())
.add_column(ColumnDef::new(User::GoogleId).string().unique_key())
.add_column(ColumnDef::new(User::FamilyId).integer())
.modify_column(ColumnDef::new(User::PasswordHash).string().null())
.modify_column(ColumnDef::new(User::Username).string().null())
.to_owned(),
)
.await?;
manager
.create_foreign_key(
ForeignKey::create()
.name("fk_user_family")
.from(User::Table, User::FamilyId)
.to(Family::Table, Family::Id)
.on_delete(ForeignKeyAction::SetNull)
.to_owned(),
)
.await?;
Ok(())
}
async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.drop_foreign_key(
ForeignKey::drop()
.name("fk_user_family")
.table(User::Table)
.to_owned(),
)
.await?;
manager
.alter_table(
Table::alter()
.table(User::Table)
.drop_column(User::Email)
.drop_column(User::GoogleId)
.drop_column(User::FamilyId)
.modify_column(ColumnDef::new(User::PasswordHash).string().not_null())
.modify_column(ColumnDef::new(User::Username).string().not_null())
.to_owned(),
)
.await?;
Ok(())
}
}
#[derive(DeriveIden)]
enum User {
Table,
Email,
GoogleId,
FamilyId,
PasswordHash,
Username,
}
#[derive(DeriveIden)]
enum Family {
Table,
Id,
}

98
backend/src/migration/m20250117_000001_create_invite_links.rs Normal file
View File

@@ -0,0 +1,98 @@
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.create_table(
Table::create()
.table(InviteLink::Table)
.if_not_exists()
.col(
ColumnDef::new(InviteLink::Id)
.integer()
.not_null()
.auto_increment()
.primary_key(),
)
.col(ColumnDef::new(InviteLink::FamilyId).integer().not_null())
.col(
ColumnDef::new(InviteLink::Token)
.string()
.not_null()
.unique_key(),
)
.col(
ColumnDef::new(InviteLink::CreatedAt)
.timestamp()
.not_null()
.default(Expr::current_timestamp()),
)
.col(ColumnDef::new(InviteLink::ExpiresAt).timestamp())
.col(ColumnDef::new(InviteLink::MaxUses).integer())
.col(
ColumnDef::new(InviteLink::UsesCount)
.integer()
.not_null()
.default(0),
)
.col(
ColumnDef::new(InviteLink::CreatedBy)
.integer()
.not_null(),
)
.foreign_key(
ForeignKey::create()
.name("fk_invite_link_family")
.from(InviteLink::Table, InviteLink::FamilyId)
.to(Family::Table, Family::Id)
.on_delete(ForeignKeyAction::Cascade)
.on_update(ForeignKeyAction::Cascade),
)
.foreign_key(
ForeignKey::create()
.name("fk_invite_link_created_by")
.from(InviteLink::Table, InviteLink::CreatedBy)
.to(User::Table, User::Id)
.on_delete(ForeignKeyAction::Cascade)
.on_update(ForeignKeyAction::Cascade),
)
.to_owned(),
)
.await
}
async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.drop_table(Table::drop().table(InviteLink::Table).to_owned())
.await
}
}
#[derive(DeriveIden)]
enum InviteLink {
Table,
Id,
FamilyId,
Token,
CreatedAt,
ExpiresAt,
MaxUses,
UsesCount,
CreatedBy,
}
#[derive(DeriveIden)]
enum Family {
Table,
Id,
}
#[derive(DeriveIden)]
enum User {
Table,
Id,
}

4
backend/src/migration/mod.rs
View File

@@ -5,6 +5,8 @@ mod m20241209_000002_create_users;
mod m20241209_000003_seed_admin; mod m20241209_000003_seed_admin;
mod m20241215_000001_add_family_password; mod m20241215_000001_add_family_password;
mod m20241224_000001_create_shopping_items; mod m20241224_000001_create_shopping_items;
mod m20250116_000001_add_oauth_fields;
mod m20250117_000001_create_invite_links;
pub struct Migrator; pub struct Migrator;
@@ -17,6 +19,8 @@ impl MigratorTrait for Migrator {
Box::new(m20241209_000003_seed_admin::Migration), Box::new(m20241209_000003_seed_admin::Migration),
Box::new(m20241215_000001_add_family_password::Migration), Box::new(m20241215_000001_add_family_password::Migration),
Box::new(m20241224_000001_create_shopping_items::Migration), Box::new(m20241224_000001_create_shopping_items::Migration),
Box::new(m20250116_000001_add_oauth_fields::Migration),
Box::new(m20250117_000001_create_invite_links::Migration),
] ]
} }
} }

48
backend/src/models/invite_link.rs Normal file
View File

@@ -0,0 +1,48 @@
use sea_orm::entity::prelude::*;
use serde::{Deserialize, Serialize};
use utoipa::ToSchema;
#[derive(Clone, Debug, PartialEq, DeriveEntityModel, Serialize, Deserialize, ToSchema)]
#[sea_orm(table_name = "invite_link")]
pub struct Model {
#[sea_orm(primary_key)]
pub id: i32,
pub family_id: i32,
#[sea_orm(unique)]
pub token: String,
pub created_at: DateTime,
pub expires_at: Option<DateTime>,
pub max_uses: Option<i32>,
pub uses_count: i32,
pub created_by: i32,
}
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {
#[sea_orm(
belongs_to = "super::family::Entity",
from = "Column::FamilyId",
to = "super::family::Column::Id"
)]
Family,
#[sea_orm(
belongs_to = "super::user::Entity",
from = "Column::CreatedBy",
to = "super::user::Column::Id"
)]
User,
}
impl Related<super::family::Entity> for Entity {
fn to() -> RelationDef {
Relation::Family.def()
}
}
impl Related<super::user::Entity> for Entity {
fn to() -> RelationDef {
Relation::User.def()
}
}
impl ActiveModelBehavior for ActiveModel {}

2
backend/src/models/mod.rs
View File

@@ -3,9 +3,11 @@ pub mod category;
pub mod expense; pub mod expense;
pub mod user; pub mod user;
pub mod shopping_item; pub mod shopping_item;
pub mod invite_link;
pub use family::Entity as Family; pub use family::Entity as Family;
pub use category::Entity as Category; pub use category::Entity as Category;
pub use expense::Entity as Expense; pub use expense::Entity as Expense;
pub use user::Entity as User; pub use user::Entity as User;
pub use shopping_item::Entity as ShoppingItem; pub use shopping_item::Entity as ShoppingItem;
pub use invite_link::Entity as InviteLink;

26
backend/src/models/user.rs
View File

@@ -7,12 +7,32 @@ pub struct Model {
#[sea_orm(primary_key)] #[sea_orm(primary_key)]
pub id: i32, pub id: i32,
#[sea_orm(unique)] #[sea_orm(unique)]
pub username: String, pub username: Option<String>,
pub password_hash: String, #[serde(skip_serializing)]
pub password_hash: Option<String>,
pub is_admin: bool, pub is_admin: bool,
#[sea_orm(unique)]
pub email: Option<String>,
#[sea_orm(unique)]
#[serde(skip_serializing)]
pub google_id: Option<String>,
pub family_id: Option<i32>,
} }
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)] #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation {} pub enum Relation {
#[sea_orm(
belongs_to = "super::family::Entity",
from = "Column::FamilyId",
to = "super::family::Column::Id"
)]
Family,
}
impl Related<super::family::Entity> for Entity {
fn to() -> RelationDef {
Relation::Family.def()
}
}
impl ActiveModelBehavior for ActiveModel {} impl ActiveModelBehavior for ActiveModel {}

115
backend/src/routes/auth.rs
View File

@@ -1,12 +1,16 @@
use axum::{ use axum::{
extract::State,
http::StatusCode, http::StatusCode,
Json, Json,
}; };
use axum_login::AuthSession; use axum_login::AuthSession;
use sea_orm::{DatabaseConnection, EntityTrait, ColumnTrait, QueryFilter, ActiveModelTrait, Set};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use utoipa::ToSchema; use utoipa::ToSchema;
use crate::auth::{AuthBackend, Credentials}; use crate::auth::{AuthBackend, Credentials};
use crate::models::{user, User, family, Family};
use crate::services::FamilyService;
#[derive(Debug, Deserialize, ToSchema)] #[derive(Debug, Deserialize, ToSchema)]
pub struct LoginRequest { pub struct LoginRequest {
@@ -20,6 +24,15 @@ pub struct LoginResponse {
pub is_admin: bool, pub is_admin: bool,
} }
#[derive(Debug, Serialize, ToSchema)]
pub struct MeResponse {
pub id: i32,
pub username: Option<String>,
pub email: Option<String>,
pub is_admin: bool,
pub family_id: Option<i32>,
}
#[utoipa::path( #[utoipa::path(
post, post,
path = "/login", path = "/login",
@@ -72,3 +85,105 @@ pub async fn logout(
Ok(StatusCode::OK) Ok(StatusCode::OK)
} }
#[utoipa::path(
get,
path = "/me",
tag = "auth",
responses(
(status = 200, description = "Current user info", body = MeResponse),
(status = 401, description = "Not authenticated")
)
)]
pub async fn me(
auth_session: AuthSession<AuthBackend>,
) -> Result<Json<MeResponse>, StatusCode> {
let user = auth_session.user.ok_or(StatusCode::UNAUTHORIZED)?;
Ok(Json(MeResponse {
id: user.id,
username: user.username,
email: user.email,
is_admin: user.is_admin,
family_id: user.family_id,
}))
}
#[derive(Debug, Deserialize, ToSchema)]
pub struct FamilyLoginRequest {
pub family_name: String,
pub password: String,
}
#[derive(Debug, Serialize, ToSchema)]
pub struct FamilyLoginResponse {
pub success: bool,
pub family_id: i32,
}
#[utoipa::path(
post,
path = "/auth/family-login",
tag = "auth",
request_body = FamilyLoginRequest,
responses(
(status = 200, description = "Login successful", body = FamilyLoginResponse),
(status = 401, description = "Invalid credentials"),
(status = 404, description = "Family not found")
)
)]
pub async fn family_login(
mut auth_session: AuthSession<AuthBackend>,
State(db): State<DatabaseConnection>,
Json(payload): Json<FamilyLoginRequest>,
) -> Result<Json<FamilyLoginResponse>, StatusCode> {
let family = Family::find()
.filter(family::Column::Name.eq(&payload.family_name))
.one(&db)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?
.ok_or(StatusCode::NOT_FOUND)?;
let valid = FamilyService::verify_password(&db, family.id, payload.password.clone())
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
if !valid {
return Err(StatusCode::UNAUTHORIZED);
}
let existing_member = User::find()
.filter(user::Column::FamilyId.eq(family.id))
.filter(user::Column::GoogleId.is_null())
.filter(user::Column::Username.eq(&payload.family_name))
.one(&db)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
let member_user = if let Some(user) = existing_member {
user
} else {
let new_member = user::ActiveModel {
username: Set(Some(payload.family_name)),
email: Set(None),
google_id: Set(None),
password_hash: Set(None),
is_admin: Set(false),
family_id: Set(Some(family.id)),
..Default::default()
};
new_member.insert(&db)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?
};
auth_session
.login(&member_user)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
Ok(Json(FamilyLoginResponse {
success: true,
family_id: family.id,
}))
}

79
backend/src/routes/family.rs
View File

@@ -3,12 +3,15 @@ use axum::{
http::StatusCode, http::StatusCode,
Json, Json,
}; };
use sea_orm::DatabaseConnection; use axum_login::AuthSession;
use sea_orm::{DatabaseConnection, EntityTrait, ActiveModelTrait, Set};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use utoipa::ToSchema; use utoipa::ToSchema;
use tower_sessions::Session; use tower_sessions::Session;
use crate::auth::AuthBackend;
use crate::models::family::Model as FamilyModel; use crate::models::family::Model as FamilyModel;
use crate::models::{user, User};
use crate::services::FamilyService; use crate::services::FamilyService;
#[derive(Debug, Deserialize, ToSchema)] #[derive(Debug, Deserialize, ToSchema)]
@@ -18,6 +21,14 @@ pub struct CreateFamilyRequest {
pub password: String, pub password: String,
} }
#[derive(Debug, Deserialize, ToSchema)]
#[schema(example = json!({"name": "Smith Family", "password": "secret123"}))]
pub struct CreateMyFamilyRequest {
pub name: String,
#[serde(default)]
pub password: Option<String>,
}
#[derive(Debug, Deserialize, ToSchema)] #[derive(Debug, Deserialize, ToSchema)]
#[schema(example = json!({"password": "secret123"}))] #[schema(example = json!({"password": "secret123"}))]
pub struct VerifyFamilyPasswordRequest { pub struct VerifyFamilyPasswordRequest {
@@ -188,3 +199,69 @@ pub async fn verify_family_password(
Err(StatusCode::UNAUTHORIZED) Err(StatusCode::UNAUTHORIZED)
} }
} }
#[derive(Debug, Serialize, ToSchema)]
pub struct CreateMyFamilyResponse {
pub family: FamilyModel,
pub user_id: i32,
pub family_id: i32,
}
#[utoipa::path(
post,
path = "/my-family",
tag = "families",
request_body = CreateMyFamilyRequest,
responses(
(status = 200, description = "Family created and linked to user", body = CreateMyFamilyResponse),
(status = 401, description = "Not authenticated"),
(status = 409, description = "User already has a family"),
(status = 500, description = "Internal server error")
)
)]
pub async fn create_my_family(
auth_session: AuthSession<AuthBackend>,
session: Session,
State(db): State<DatabaseConnection>,
Json(payload): Json<CreateMyFamilyRequest>,
) -> Result<Json<CreateMyFamilyResponse>, StatusCode> {
let current_user = auth_session.user.ok_or(StatusCode::UNAUTHORIZED)?;
if current_user.family_id.is_some() {
return Err(StatusCode::CONFLICT);
}
let password = payload.password.unwrap_or_default();
let family = FamilyService::create(&db, payload.name, password)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
let mut active_user: user::ActiveModel = User::find_by_id(current_user.id)
.one(&db)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?
.ok_or(StatusCode::NOT_FOUND)?
.into();
active_user.family_id = Set(Some(family.id));
active_user.update(&db)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
let mut authorized_families: Vec<i32> = session
.get("authorized_families")
.await
.unwrap_or(None)
.unwrap_or_default();
authorized_families.push(family.id);
session
.insert("authorized_families", authorized_families)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
Ok(Json(CreateMyFamilyResponse {
family_id: family.id,
user_id: current_user.id,
family,
}))
}

289
backend/src/routes/invite_link.rs Normal file
View File

@@ -0,0 +1,289 @@
use axum::{
extract::{Path, State},
http::{StatusCode, HeaderMap},
Json,
};
use axum_login::AuthSession;
use sea_orm::DatabaseConnection;
use serde::{Deserialize, Serialize};
use tower_sessions::Session;
use utoipa::ToSchema;
use crate::auth::AuthBackend;
use crate::models::invite_link::Model as InviteLinkModel;
use crate::services::InviteLinkService;
#[derive(Debug, Deserialize, ToSchema)]
#[schema(example = json!({"expires_in_hours": 24, "max_uses": 5}))]
pub struct CreateInviteLinkRequest {
pub expires_in_hours: Option<i64>,
pub max_uses: Option<i32>,
}
#[derive(Debug, Serialize, ToSchema)]
pub struct InviteLinkResponse {
pub id: i32,
pub family_id: i32,
pub token: String,
pub invite_url: String,
pub expires_at: Option<String>,
pub max_uses: Option<i32>,
pub uses_count: i32,
}
#[derive(Debug, Serialize, ToSchema)]
pub struct ValidateInviteResponse {
pub valid: bool,
pub family_id: Option<i32>,
pub family_name: Option<String>,
}
#[derive(Debug, Serialize, ToSchema)]
pub struct JoinFamilyResponse {
pub success: bool,
pub family_id: i32,
pub message: String,
}
fn model_to_response(model: InviteLinkModel, base_url: &str) -> InviteLinkResponse {
InviteLinkResponse {
id: model.id,
family_id: model.family_id,
token: model.token.clone(),
invite_url: format!("{}/invite/{}", base_url, model.token),
expires_at: model.expires_at.map(|dt| dt.to_string()),
max_uses: model.max_uses,
uses_count: model.uses_count,
}
}
#[utoipa::path(
post,
path = "/my-family/invite-links",
tag = "invite-links",
request_body = CreateInviteLinkRequest,
responses(
(status = 200, description = "Invite link created", body = InviteLinkResponse),
(status = 401, description = "Not authenticated"),
(status = 403, description = "User has no family"),
(status = 500, description = "Internal server error")
)
)]
pub async fn create_invite_link(
auth_session: AuthSession<AuthBackend>,
headers: HeaderMap,
State(db): State<DatabaseConnection>,
Json(payload): Json<CreateInviteLinkRequest>,
) -> Result<Json<InviteLinkResponse>, StatusCode> {
let user = auth_session.user.ok_or(StatusCode::UNAUTHORIZED)?;
let family_id = user.family_id.ok_or(StatusCode::FORBIDDEN)?;
let expires_at = payload.expires_in_hours.map(|hours| {
chrono::Utc::now().naive_utc() + chrono::Duration::hours(hours)
});
let invite = InviteLinkService::create(&db, family_id, user.id, expires_at, payload.max_uses)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
let base_url = headers
.get("origin")
.and_then(|v| v.to_str().ok())
.map(|s| s.to_string())
.unwrap_or_else(|| std::env::var("FRONTEND_URL").unwrap_or_else(|_| "http://localhost:5173".to_string()));
Ok(Json(model_to_response(invite, &base_url)))
}
#[utoipa::path(
get,
path = "/my-family/invite-links",
tag = "invite-links",
responses(
(status = 200, description = "List of invite links", body = Vec<InviteLinkResponse>),
(status = 401, description = "Not authenticated"),
(status = 403, description = "User has no family"),
(status = 500, description = "Internal server error")
)
)]
pub async fn get_my_invite_links(
auth_session: AuthSession<AuthBackend>,
headers: HeaderMap,
State(db): State<DatabaseConnection>,
) -> Result<Json<Vec<InviteLinkResponse>>, StatusCode> {
let user = auth_session.user.ok_or(StatusCode::UNAUTHORIZED)?;
let family_id = user.family_id.ok_or(StatusCode::FORBIDDEN)?;
let invites = InviteLinkService::find_by_family(&db, family_id)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
let base_url = headers
.get("origin")
.and_then(|v| v.to_str().ok())
.map(|s| s.to_string())
.unwrap_or_else(|| std::env::var("FRONTEND_URL").unwrap_or_else(|_| "http://localhost:5173".to_string()));
let responses: Vec<InviteLinkResponse> = invites
.into_iter()
.map(|i| model_to_response(i, &base_url))
.collect();
Ok(Json(responses))
}
#[utoipa::path(
delete,
path = "/my-family/invite-links/{token}",
tag = "invite-links",
params(
("token" = String, Path, description = "Invite token")
),
responses(
(status = 204, description = "Invite link deleted"),
(status = 401, description = "Not authenticated"),
(status = 403, description = "User has no family or not authorized"),
(status = 404, description = "Invite link not found"),
(status = 500, description = "Internal server error")
)
)]
pub async fn delete_invite_link(
auth_session: AuthSession<AuthBackend>,
State(db): State<DatabaseConnection>,
Path(token): Path<String>,
) -> Result<StatusCode, StatusCode> {
let user = auth_session.user.ok_or(StatusCode::UNAUTHORIZED)?;
let family_id = user.family_id.ok_or(StatusCode::FORBIDDEN)?;
let invite = InviteLinkService::find_by_token(&db, &token)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?
.ok_or(StatusCode::NOT_FOUND)?;
if invite.family_id != family_id {
return Err(StatusCode::FORBIDDEN);
}
InviteLinkService::delete_by_token(&db, &token)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
Ok(StatusCode::NO_CONTENT)
}
#[utoipa::path(
get,
path = "/invite/{token}",
tag = "invite-links",
params(
("token" = String, Path, description = "Invite token")
),
responses(
(status = 200, description = "Invite link is valid", body = ValidateInviteResponse),
(status = 404, description = "Invite link not found or invalid"),
(status = 500, description = "Internal server error")
)
)]
pub async fn validate_invite_link(
State(db): State<DatabaseConnection>,
Path(token): Path<String>,
) -> Result<Json<ValidateInviteResponse>, StatusCode> {
use crate::models::Family;
use sea_orm::EntityTrait;
let invite = InviteLinkService::find_by_token(&db, &token)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?
.ok_or(StatusCode::NOT_FOUND)?;
if let Some(expires_at) = invite.expires_at {
let now = chrono::Utc::now().naive_utc();
if now > expires_at {
return Ok(Json(ValidateInviteResponse {
valid: false,
family_id: None,
family_name: None,
}));
}
}
if let Some(max_uses) = invite.max_uses {
if invite.uses_count >= max_uses {
return Ok(Json(ValidateInviteResponse {
valid: false,
family_id: None,
family_name: None,
}));
}
}
let family = Family::find_by_id(invite.family_id)
.one(&db)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
Ok(Json(ValidateInviteResponse {
valid: true,
family_id: Some(invite.family_id),
family_name: family.map(|f| f.name),
}))
}
#[utoipa::path(
post,
path = "/invite/{token}/join",
tag = "invite-links",
params(
("token" = String, Path, description = "Invite token")
),
responses(
(status = 200, description = "Successfully joined family", body = JoinFamilyResponse),
(status = 401, description = "Not authenticated"),
(status = 400, description = "User already in a family or invite invalid"),
(status = 404, description = "Invite link not found"),
(status = 500, description = "Internal server error")
)
)]
pub async fn join_family_via_invite(
auth_session: AuthSession<AuthBackend>,
session: Session,
State(db): State<DatabaseConnection>,
Path(token): Path<String>,
) -> Result<Json<JoinFamilyResponse>, StatusCode> {
let user = auth_session.user.ok_or(StatusCode::UNAUTHORIZED)?;
if user.family_id.is_some() {
return Ok(Json(JoinFamilyResponse {
success: false,
family_id: 0,
message: "You already belong to a family".to_string(),
}));
}
let invite = InviteLinkService::validate_and_use(&db, &token, user.id)
.await
.map_err(|e| match e {
sea_orm::DbErr::RecordNotFound(_) => StatusCode::NOT_FOUND,
sea_orm::DbErr::Custom(msg) if msg.contains("expired") => StatusCode::BAD_REQUEST,
sea_orm::DbErr::Custom(msg) if msg.contains("max uses") => StatusCode::BAD_REQUEST,
sea_orm::DbErr::Custom(msg) if msg.contains("already belongs") => StatusCode::BAD_REQUEST,
_ => StatusCode::INTERNAL_SERVER_ERROR,
})?;
let mut authorized_families: Vec<i32> = session
.get("authorized_families")
.await
.unwrap_or(None)
.unwrap_or_default();
if !authorized_families.contains(&invite.family_id) {
authorized_families.push(invite.family_id);
session
.insert("authorized_families", authorized_families)
.await
.ok();
}
Ok(Json(JoinFamilyResponse {
success: true,
family_id: invite.family_id,
message: "Successfully joined family".to_string(),
}))
}

2
backend/src/routes/mod.rs
View File

@@ -3,3 +3,5 @@ pub mod category;
pub mod expense; pub mod expense;
pub mod auth; pub mod auth;
pub mod shopping_item; pub mod shopping_item;
pub mod oauth;
pub mod invite_link;

140
backend/src/routes/oauth.rs Normal file
View File

@@ -0,0 +1,140 @@
use axum::{
extract::{Query, State},
http::StatusCode,
response::Redirect,
Json,
};
use axum_login::AuthSession;
use sea_orm::DatabaseConnection;
use serde::{Deserialize, Serialize};
use tower_sessions::Session;
use utoipa::ToSchema;
use crate::auth::AuthBackend;
use crate::services::OAuthService;
const CSRF_TOKEN_KEY: &str = "oauth_csrf_token";
const FRONTEND_URL_KEY: &str = "oauth_frontend_url";
#[derive(Debug, Deserialize, ToSchema)]
pub struct GoogleAuthQuery {
pub redirect_url: Option<String>,
}
#[derive(Debug, Deserialize)]
pub struct GoogleCallbackQuery {
pub code: String,
pub state: String,
}
#[derive(Debug, Serialize, ToSchema)]
pub struct OAuthUrlResponse {
pub url: String,
}
#[utoipa::path(
get,
path = "/auth/google",
tag = "auth",
params(
("redirect_url" = Option<String>, Query, description = "Frontend URL to redirect after auth")
),
responses(
(status = 200, description = "Returns Google OAuth URL", body = OAuthUrlResponse)
)
)]
pub async fn google_auth(
session: Session,
Query(query): Query<GoogleAuthQuery>,
) -> Result<Json<OAuthUrlResponse>, StatusCode> {
let oauth_service = OAuthService::new();
let (auth_url, csrf_token) = oauth_service.get_auth_url();
session
.insert(CSRF_TOKEN_KEY, csrf_token.secret().clone())
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
if let Some(redirect_url) = query.redirect_url {
session
.insert(FRONTEND_URL_KEY, redirect_url)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
}
Ok(Json(OAuthUrlResponse { url: auth_url }))
}
#[utoipa::path(
get,
path = "/auth/google/callback",
tag = "auth",
responses(
(status = 302, description = "Redirects to frontend after successful auth"),
(status = 401, description = "Authentication failed")
)
)]
pub async fn google_callback(
mut auth_session: AuthSession<AuthBackend>,
session: Session,
State(db): State<DatabaseConnection>,
Query(query): Query<GoogleCallbackQuery>,
) -> Result<Redirect, StatusCode> {
let stored_csrf: Option<String> = session
.get(CSRF_TOKEN_KEY)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
let frontend_url: Option<String> = session
.get(FRONTEND_URL_KEY)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
session.remove::<String>(CSRF_TOKEN_KEY).await.ok();
session.remove::<String>(FRONTEND_URL_KEY).await.ok();
if stored_csrf.as_deref() != Some(&query.state) {
return Err(StatusCode::UNAUTHORIZED);
}
let oauth_service = OAuthService::new();
let access_token = oauth_service
.exchange_code(query.code)
.await
.map_err(|_| StatusCode::UNAUTHORIZED)?;
let google_user = oauth_service
.get_user_info(&access_token)
.await
.map_err(|_| StatusCode::UNAUTHORIZED)?;
let user = oauth_service
.find_or_create_user(&db, google_user)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
auth_session
.login(&user)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
if let Some(family_id) = user.family_id {
let mut authorized_families: Vec<i32> = session
.get("authorized_families")
.await
.unwrap_or(None)
.unwrap_or_default();
if !authorized_families.contains(&family_id) {
authorized_families.push(family_id);
session
.insert("authorized_families", authorized_families)
.await
.ok();
}
}
let redirect_url = frontend_url.unwrap_or_else(|| "http://localhost:3000".to_string());
Ok(Redirect::temporary(&redirect_url))
}

121
backend/src/services/invite_link_service.rs Normal file
View File

@@ -0,0 +1,121 @@
use sea_orm::*;
use rand::distributions::Alphanumeric;
use rand::Rng;
use crate::models::invite_link::{self, Entity as InviteLink, Model as InviteLinkModel};
use crate::models::{user, User};
pub struct InviteLinkService;
impl InviteLinkService {
pub fn generate_token() -> String {
rand::thread_rng()
.sample_iter(&Alphanumeric)
.take(32)
.map(char::from)
.collect()
}
pub async fn create(
db: &DatabaseConnection,
family_id: i32,
created_by: i32,
expires_at: Option<chrono::NaiveDateTime>,
max_uses: Option<i32>,
) -> Result<InviteLinkModel, DbErr> {
let token = Self::generate_token();
let invite = invite_link::ActiveModel {
family_id: Set(family_id),
token: Set(token),
created_by: Set(created_by),
expires_at: Set(expires_at),
max_uses: Set(max_uses),
..Default::default()
};
invite.insert(db).await
}
pub async fn find_by_token(
db: &DatabaseConnection,
token: &str,
) -> Result<Option<InviteLinkModel>, DbErr> {
InviteLink::find()
.filter(invite_link::Column::Token.eq(token))
.one(db)
.await
}
pub async fn find_by_family(
db: &DatabaseConnection,
family_id: i32,
) -> Result<Vec<InviteLinkModel>, DbErr> {
InviteLink::find()
.filter(invite_link::Column::FamilyId.eq(family_id))
.all(db)
.await
}
pub async fn validate_and_use(
db: &DatabaseConnection,
token: &str,
user_id: i32,
) -> Result<InviteLinkModel, DbErr> {
let invite = InviteLink::find()
.filter(invite_link::Column::Token.eq(token))
.one(db)
.await?
.ok_or(DbErr::RecordNotFound("Invite link not found".to_string()))?;
if let Some(expires_at) = invite.expires_at {
let now = chrono::Utc::now().naive_utc();
if now > expires_at {
return Err(DbErr::Custom("Invite link has expired".to_string()));
}
}
if let Some(max_uses) = invite.max_uses {
if invite.uses_count >= max_uses {
return Err(DbErr::Custom("Invite link has reached max uses".to_string()));
}
}
let user = User::find_by_id(user_id)
.one(db)
.await?
.ok_or(DbErr::RecordNotFound("User not found".to_string()))?;
if user.family_id.is_some() {
return Err(DbErr::Custom("User already belongs to a family".to_string()));
}
let mut active_user: user::ActiveModel = user.into();
active_user.family_id = Set(Some(invite.family_id));
active_user.update(db).await?;
let mut active_invite: invite_link::ActiveModel = invite.clone().into();
active_invite.uses_count = Set(invite.uses_count + 1);
active_invite.update(db).await
}
pub async fn delete(db: &DatabaseConnection, id: i32) -> Result<DeleteResult, DbErr> {
let invite = InviteLink::find_by_id(id)
.one(db)
.await?
.ok_or(DbErr::RecordNotFound("Invite link not found".to_string()))?;
let invite: invite_link::ActiveModel = invite.into();
invite.delete(db).await
}
pub async fn delete_by_token(db: &DatabaseConnection, token: &str) -> Result<DeleteResult, DbErr> {
let invite = InviteLink::find()
.filter(invite_link::Column::Token.eq(token))
.one(db)
.await?
.ok_or(DbErr::RecordNotFound("Invite link not found".to_string()))?;
let invite: invite_link::ActiveModel = invite.into();
invite.delete(db).await
}
}

4
backend/src/services/mod.rs
View File

@@ -2,8 +2,12 @@ pub mod family_service;
pub mod category_service; pub mod category_service;
pub mod expense_service; pub mod expense_service;
pub mod shopping_item_service; pub mod shopping_item_service;
pub mod oauth_service;
pub mod invite_link_service;
pub use family_service::FamilyService; pub use family_service::FamilyService;
pub use category_service::CategoryService; pub use category_service::CategoryService;
pub use expense_service::ExpenseService; pub use expense_service::ExpenseService;
pub use shopping_item_service::ShoppingItemService; pub use shopping_item_service::ShoppingItemService;
pub use oauth_service::OAuthService;
pub use invite_link_service::InviteLinkService;

148
backend/src/services/oauth_service.rs Normal file
View File

@@ -0,0 +1,148 @@
use oauth2::{
basic::BasicClient, AuthUrl, ClientId, ClientSecret, RedirectUrl, TokenUrl,
AuthorizationCode, TokenResponse, Scope, CsrfToken,
};
use reqwest::Client as HttpClient;
use sea_orm::{DatabaseConnection, EntityTrait, ColumnTrait, QueryFilter, ActiveModelTrait, Set};
use serde::Deserialize;
use crate::models::{user, User};
#[derive(Debug, Deserialize)]
pub struct GoogleUserInfo {
pub id: String,
pub email: String,
pub name: Option<String>,
}
pub struct OAuthService {
http_client: HttpClient,
}
impl OAuthService {
pub fn new() -> Self {
Self {
http_client: HttpClient::new(),
}
}
pub fn get_auth_url(&self) -> (String, CsrfToken) {
let client_id = std::env::var("GOOGLE_CLIENT_ID")
.expect("GOOGLE_CLIENT_ID must be set");
let client_secret = std::env::var("GOOGLE_CLIENT_SECRET")
.expect("GOOGLE_CLIENT_SECRET must be set");
let redirect_url = std::env::var("GOOGLE_REDIRECT_URL")
.unwrap_or_else(|_| "http://localhost:8080/api/auth/google/callback".to_string());
let client = BasicClient::new(ClientId::new(client_id))
.set_client_secret(ClientSecret::new(client_secret))
.set_auth_uri(AuthUrl::new("https://accounts.google.com/o/oauth2/v2/auth".to_string()).unwrap())
.set_token_uri(TokenUrl::new("https://oauth2.googleapis.com/token".to_string()).unwrap())
.set_redirect_uri(RedirectUrl::new(redirect_url).unwrap());
let (auth_url, csrf_token) = client
.authorize_url(CsrfToken::new_random)
.add_scope(Scope::new("openid".to_string()))
.add_scope(Scope::new("email".to_string()))
.add_scope(Scope::new("profile".to_string()))
.url();
(auth_url.to_string(), csrf_token)
}
pub async fn exchange_code(&self, code: String) -> Result<String, OAuthError> {
let client_id = std::env::var("GOOGLE_CLIENT_ID")
.expect("GOOGLE_CLIENT_ID must be set");
let client_secret = std::env::var("GOOGLE_CLIENT_SECRET")
.expect("GOOGLE_CLIENT_SECRET must be set");
let redirect_url = std::env::var("GOOGLE_REDIRECT_URL")
.unwrap_or_else(|_| "http://localhost:8080/api/auth/google/callback".to_string());
let client = BasicClient::new(ClientId::new(client_id))
.set_client_secret(ClientSecret::new(client_secret))
.set_auth_uri(AuthUrl::new("https://accounts.google.com/o/oauth2/v2/auth".to_string()).unwrap())
.set_token_uri(TokenUrl::new("https://oauth2.googleapis.com/token".to_string()).unwrap())
.set_redirect_uri(RedirectUrl::new(redirect_url).unwrap());
let http_client = oauth2::reqwest::ClientBuilder::new()
.build()
.map_err(|e| OAuthError::TokenExchange(e.to_string()))?;
let token = client
.exchange_code(AuthorizationCode::new(code))
.request_async(&http_client)
.await
.map_err(|e: oauth2::RequestTokenError<_, _>| OAuthError::TokenExchange(e.to_string()))?;
Ok(token.access_token().secret().clone())
}
pub async fn get_user_info(&self, access_token: &str) -> Result<GoogleUserInfo, OAuthError> {
let response = self.http_client
.get("https://www.googleapis.com/oauth2/v2/userinfo")
.bearer_auth(access_token)
.send()
.await
.map_err(|e| OAuthError::UserInfo(e.to_string()))?;
response
.json::<GoogleUserInfo>()
.await
.map_err(|e| OAuthError::UserInfo(e.to_string()))
}
pub async fn find_or_create_user(
&self,
db: &DatabaseConnection,
google_user: GoogleUserInfo,
) -> Result<user::Model, OAuthError> {
let existing = User::find()
.filter(user::Column::GoogleId.eq(&google_user.id))
.one(db)
.await
.map_err(|e| OAuthError::Database(e.to_string()))?;
if let Some(user) = existing {
return Ok(user);
}
let existing_by_email = User::find()
.filter(user::Column::Email.eq(&google_user.email))
.one(db)
.await
.map_err(|e| OAuthError::Database(e.to_string()))?;
if let Some(user) = existing_by_email {
let mut active: user::ActiveModel = user.into();
active.google_id = Set(Some(google_user.id));
let updated = active.update(db).await
.map_err(|e| OAuthError::Database(e.to_string()))?;
return Ok(updated);
}
let new_user = user::ActiveModel {
email: Set(Some(google_user.email)),
google_id: Set(Some(google_user.id)),
username: Set(google_user.name),
password_hash: Set(None),
is_admin: Set(false),
family_id: Set(None),
..Default::default()
};
let created = new_user.insert(db).await
.map_err(|e| OAuthError::Database(e.to_string()))?;
Ok(created)
}
}
#[derive(Debug, thiserror::Error)]
pub enum OAuthError {
#[error("Token exchange failed: {0}")]
TokenExchange(String),
#[error("Failed to get user info: {0}")]
UserInfo(String),
#[error("Database error: {0}")]
Database(String),
}

10
docker-compose.prod.yml
View File

@@ -1,5 +1,3 @@
version: '3.8'
services: services:
postgres: postgres:
image: postgres:16-alpine image: postgres:16-alpine
@@ -14,6 +12,7 @@ services:
- postgres_data:/var/lib/postgresql/data - postgres_data:/var/lib/postgresql/data
networks: networks:
- app_network - app_network
restart: unless-stopped
backend: backend:
image: ghcr.io/${OWNER:-${COMPOSE_PROJECT_NAME}}/family_budget-backend:latest image: ghcr.io/${OWNER:-${COMPOSE_PROJECT_NAME}}/family_budget-backend:latest
@@ -22,10 +21,15 @@ services:
DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB} DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}
RUST_LOG: ${RUST_LOG:-info} RUST_LOG: ${RUST_LOG:-info}
ALLOWED_ORIGINS: ${ALLOWED_ORIGINS:-http://localhost:3000,http://localhost:5173} ALLOWED_ORIGINS: ${ALLOWED_ORIGINS:-http://localhost:3000,http://localhost:5173}
GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID}
GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET}
GOOGLE_REDIRECT_URL: ${GOOGLE_REDIRECT_URL}
FRONTEND_URL: ${FRONTEND_URL:-https://family-budget.duckdns.org}
depends_on: depends_on:
- postgres - postgres
networks: networks:
- app_network - app_network
restart: unless-stopped
frontend: frontend:
image: ghcr.io/${OWNER:-${COMPOSE_PROJECT_NAME}}/family_budget-frontend:latest image: ghcr.io/${OWNER:-${COMPOSE_PROJECT_NAME}}/family_budget-frontend:latest
@@ -34,6 +38,7 @@ services:
- backend - backend
networks: networks:
- app_network - app_network
restart: unless-stopped
nginx: nginx:
image: nginx:alpine image: nginx:alpine
@@ -66,6 +71,7 @@ services:
container_name: family_budget_watchtower container_name: family_budget_watchtower
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- ./docker-config.json:/config.json:ro
environment: environment:
- WATCHTOWER_POLL_INTERVAL=300 - WATCHTOWER_POLL_INTERVAL=300
- WATCHTOWER_CLEANUP=true - WATCHTOWER_CLEANUP=true

81
frontend/src/App.tsx
View File

@@ -1,16 +1,83 @@
import { BrowserRouter, Routes, Route } from 'react-router-dom'; import { useEffect } from 'react';
import Home from './pages/Home'; import { BrowserRouter, Routes, Route, Navigate, useLocation } from 'react-router-dom';
import Login from './pages/Login';
import FamilyView from './pages/FamilyView'; import FamilyView from './pages/FamilyView';
import AdminPanel from './pages/AdminPanel'; import AdminPanel from './pages/AdminPanel';
import NoFamily from './pages/NoFamily';
import InvitePage from './pages/InvitePage';
import { useStore } from './store/useStore';
import { authApi } from './api/client';
import { Loader2 } from 'lucide-react';
function AppContent() {
const { user, isAuthenticated, isLoading, setUser, setIsLoading } = useStore();
const location = useLocation();
useEffect(() => {
checkAuth();
}, []);
const checkAuth = async () => {
try {
const response = await authApi.me();
setUser(response.data);
} catch {
setUser(null);
} finally {
setIsLoading(false);
}
};
if (location.pathname.startsWith('/invite/')) {
return (
<Routes>
<Route path="/invite/:token" element={<InvitePage />} />
</Routes>
);
}
if (isLoading) {
return (
<div className="min-h-screen flex items-center justify-center gradient-bg">
<div className="flex items-center gap-3 text-white">
<Loader2 className="w-8 h-8 animate-spin" />
<span className="text-xl font-medium">Загрузка...</span>
</div>
</div>
);
}
if (!isAuthenticated) {
return (
<Routes>
<Route path="*" element={<Login />} />
</Routes>
);
}
if (!user?.family_id) {
return (
<Routes>
<Route path="/adminpanel" element={<AdminPanel />} />
<Route path="*" element={<NoFamily />} />
</Routes>
);
}
return (
<Routes>
<Route path="/" element={<Navigate to={`/family/${user.family_id}`} replace />} />
<Route path="/family/:familyId" element={<FamilyView />} />
<Route path="/adminpanel" element={<AdminPanel />} />
<Route path="*" element={<Navigate to={`/family/${user.family_id}`} replace />} />
</Routes>
);
}
function App() { function App() {
return ( return (
<BrowserRouter> <BrowserRouter>
<Routes> <AppContent />
<Route path="/" element={<Home />} />
<Route path="/family/:familyId" element={<FamilyView />} />
<Route path="/adminpanel" element={<AdminPanel />} />
</Routes>
</BrowserRouter> </BrowserRouter>
); );
} }

36
frontend/src/api/client.ts
View File

@@ -7,6 +7,8 @@ import type {
LoginRequest, LoginRequest,
LoginResponse, LoginResponse,
CreateFamilyRequest, CreateFamilyRequest,
CreateMyFamilyRequest,
CreateMyFamilyResponse,
CreateCategoryRequest, CreateCategoryRequest,
CreateExpenseRequest, CreateExpenseRequest,
VerifyFamilyPasswordRequest, VerifyFamilyPasswordRequest,
@@ -16,6 +18,12 @@ import type {
UpdateShoppingItemRequest, UpdateShoppingItemRequest,
MarkAsPurchasedRequest, MarkAsPurchasedRequest,
BulkOperationResponse, BulkOperationResponse,
User,
OAuthUrlResponse,
CreateInviteLinkRequest,
InviteLinkResponse,
ValidateInviteResponse,
JoinFamilyResponse,
} from '../types'; } from '../types';
const API_BASE_URL = import.meta.env.VITE_API_BASE_URL || ''; const API_BASE_URL = import.meta.env.VITE_API_BASE_URL || '';
@@ -31,6 +39,14 @@ export const authApi = {
logout: () => logout: () =>
apiClient.post('/logout'), apiClient.post('/logout'),
me: () =>
apiClient.get<User>('/me'),
getGoogleAuthUrl: (redirectUrl?: string) =>
apiClient.get<OAuthUrlResponse>('/auth/google', {
params: redirectUrl ? { redirect_url: redirectUrl } : undefined,
}),
}; };
export const familyApi = { export const familyApi = {
@@ -43,6 +59,9 @@ export const familyApi = {
create: (data: CreateFamilyRequest) => create: (data: CreateFamilyRequest) =>
apiClient.post<Family>('/families', data), apiClient.post<Family>('/families', data),
createMyFamily: (data: CreateMyFamilyRequest) =>
apiClient.post<CreateMyFamilyResponse>('/my-family', data),
update: (id: number, data: { name: string }) => update: (id: number, data: { name: string }) =>
apiClient.put<Family>(`/families/${id}`, data), apiClient.put<Family>(`/families/${id}`, data),
@@ -118,3 +137,20 @@ export const shoppingItemApi = {
clearAll: (familyId: number) => clearAll: (familyId: number) =>
apiClient.delete<BulkOperationResponse>(`/families/${familyId}/shopping-items/clear-all`), apiClient.delete<BulkOperationResponse>(`/families/${familyId}/shopping-items/clear-all`),
}; };
export const inviteLinkApi = {
create: (data: CreateInviteLinkRequest) =>
apiClient.post<InviteLinkResponse>('/my-family/invite-links', data),
getMyLinks: () =>
apiClient.get<InviteLinkResponse[]>('/my-family/invite-links'),
delete: (token: string) =>
apiClient.delete(`/my-family/invite-links/${token}`),
validate: (token: string) =>
apiClient.get<ValidateInviteResponse>(`/invite/${token}`),
join: (token: string) =>
apiClient.post<JoinFamilyResponse>(`/invite/${token}/join`),
};

108
frontend/src/pages/AdminPanel.tsx
View File

@@ -10,57 +10,25 @@ import {
Plus, Plus,
Trash2, Trash2,
Lock, Lock,
User,
ArrowLeft, ArrowLeft,
X,
} from 'lucide-react'; } from 'lucide-react';
export default function AdminPanel() { export default function AdminPanel() {
const navigate = useNavigate(); const navigate = useNavigate();
const { isAdmin, setIsAdmin, logout: storeLogout } = useStore(); const { user, logout: storeLogout } = useStore();
const [isAuthenticated, setIsAuthenticated] = useState(false);
const [username, setUsername] = useState('');
const [password, setPassword] = useState('');
const [loginError, setLoginError] = useState('');
const [newFamilyName, setNewFamilyName] = useState(''); const [newFamilyName, setNewFamilyName] = useState('');
const [newFamilyPassword, setNewFamilyPassword] = useState(''); const [newFamilyPassword, setNewFamilyPassword] = useState('');
const [families, setFamilies] = useState<Array<{ id: number; name: string }>>([]); const [families, setFamilies] = useState<Array<{ id: number; name: string }>>([]);
useEffect(() => { useEffect(() => {
if (isAdmin) { loadFamilies();
setIsAuthenticated(true); }, []);
loadFamilies();
}
}, [isAdmin]);
const handleLogin = async (e: React.FormEvent) => {
e.preventDefault();
setLoginError('');
try {
const response = await authApi.login({ username, password });
if (response.data.success && response.data.is_admin) {
setIsAdmin(true);
setIsAuthenticated(true);
loadFamilies();
} else {
setLoginError('Доступ запрещен. Требуются права администратора.');
}
} catch (err) {
setLoginError('Неверные учетные данные');
console.error(err);
}
};
const handleLogout = async () => { const handleLogout = async () => {
try { try {
await authApi.logout(); await authApi.logout();
storeLogout(); storeLogout();
setIsAuthenticated(false);
setUsername('');
setPassword('');
navigate('/'); navigate('/');
} catch (err) { } catch (err) {
console.error('Logout error:', err); console.error('Logout error:', err);
@@ -105,78 +73,28 @@ export default function AdminPanel() {
} }
}; };
if (!isAuthenticated) { if (!user?.is_admin) {
return ( return (
<div className="min-h-screen gradient-bg flex items-center justify-center py-8 sm:py-12 px-4"> <div className="min-h-screen gradient-bg flex items-center justify-center py-8 sm:py-12 px-4">
<div className="max-w-md w-full"> <div className="max-w-md w-full">
<div className="glass-effect rounded-2xl shadow-2xl p-6 sm:p-8"> <div className="glass-effect rounded-2xl shadow-2xl p-6 sm:p-8 text-center">
<div className="flex items-center justify-center mb-6"> <div className="flex items-center justify-center mb-6">
<div className="p-4 bg-linear-to-br from-purple-500 to-blue-500 text-white rounded-2xl"> <div className="p-4 bg-linear-to-br from-red-500 to-orange-500 text-white rounded-2xl">
<Shield className="w-10 h-10 sm:w-12 sm:h-12" /> <Shield className="w-10 h-10 sm:w-12 sm:h-12" />
</div> </div>
</div> </div>
<h1 className="text-2xl sm:text-3xl font-bold text-gray-900 mb-2 text-center"> <h1 className="text-2xl sm:text-3xl font-bold text-gray-900 mb-2">
Админ панель Доступ запрещен
</h1> </h1>
<p className="text-gray-600 text-center mb-6 text-sm sm:text-base"> <p className="text-gray-600 mb-6 text-sm sm:text-base">
Войдите для управления системой Требуются права администратора
</p> </p>
{loginError && (
<div className="mb-4 p-3 bg-red-100 border-l-4 border-red-500 text-red-700 rounded">
<div className="flex items-center gap-2">
<X className="w-4 h-4 flex-shrink-0" />
<span className="text-sm">{loginError}</span>
</div>
</div>
)}
<form onSubmit={handleLogin} className="space-y-4">
<div>
<label className="flex items-center gap-2 text-sm font-medium text-gray-700 mb-2">
<User className="w-4 h-4" />
Логин
</label>
<input
type="text"
value={username}
onChange={(e) => setUsername(e.target.value)}
className="w-full px-4 py-2.5 sm:py-3 border-2 border-gray-300 rounded-xl focus:ring-2 focus:ring-purple-500 focus:border-purple-500 transition-all text-sm sm:text-base"
placeholder="Введите логин"
required
/>
</div>
<div>
<label className="flex items-center gap-2 text-sm font-medium text-gray-700 mb-2">
<Lock className="w-4 h-4" />
Пароль
</label>
<input
type="password"
value={password}
onChange={(e) => setPassword(e.target.value)}
className="w-full px-4 py-2.5 sm:py-3 border-2 border-gray-300 rounded-xl focus:ring-2 focus:ring-purple-500 focus:border-purple-500 transition-all text-sm sm:text-base"
placeholder="Введите пароль"
required
/>
</div>
<button
type="submit"
className="w-full flex items-center justify-center gap-2 px-4 py-2.5 sm:py-3 bg-linear-to-r from-purple-600 to-blue-600 text-white rounded-xl hover:shadow-lg transition-all duration-300 font-medium text-sm sm:text-base"
>
<Shield className="w-4 h-4 sm:w-5 sm:h-5" />
Войти
</button>
</form>
<button <button
onClick={() => navigate('/')} onClick={() => navigate('/')}
className="w-full mt-4 flex items-center justify-center gap-2 px-4 py-2.5 sm:py-3 bg-gray-200 hover:bg-gray-300 text-gray-700 rounded-xl transition-all duration-300 font-medium text-sm sm:text-base" className="w-full flex items-center justify-center gap-2 px-4 py-3 bg-gray-200 hover:bg-gray-300 text-gray-700 rounded-xl transition-all duration-300 font-medium"
> >
<ArrowLeft className="w-4 h-4 sm:w-5 sm:h-5" /> <ArrowLeft className="w-5 h-5" />
На главную Назад
</button> </button>
</div> </div>
</div> </div>

126
frontend/src/pages/FamilyView.tsx
View File

@@ -1,10 +1,9 @@
import { useEffect, useState } from 'react'; import { useEffect, useState } from 'react';
import { useParams, useNavigate } from 'react-router-dom'; import { useParams, useNavigate } from 'react-router-dom';
import { categoryApi, expenseApi } from '../api/client'; import { categoryApi, expenseApi, inviteLinkApi } from '../api/client';
import { useStore } from '../store/useStore'; import { useStore } from '../store/useStore';
import type { Category, Expense } from '../types'; import type { Category, Expense, InviteLinkResponse } from '../types';
import { import {
ArrowLeft,
Wallet, Wallet,
TrendingDown, TrendingDown,
Plus, Plus,
@@ -18,6 +17,9 @@ import {
Calendar, Calendar,
MessageSquare, MessageSquare,
ShoppingCart, ShoppingCart,
UserPlus,
Copy,
Check,
} from 'lucide-react'; } from 'lucide-react';
import ShoppingListModal from '../components/ShoppingListModal'; import ShoppingListModal from '../components/ShoppingListModal';
@@ -42,6 +44,10 @@ export default function FamilyView() {
const [showHistory, setShowHistory] = useState<number | null>(null); const [showHistory, setShowHistory] = useState<number | null>(null);
const [categoryExpenses, setCategoryExpenses] = useState<Expense[]>([]); const [categoryExpenses, setCategoryExpenses] = useState<Expense[]>([]);
const [showShoppingList, setShowShoppingList] = useState(false); const [showShoppingList, setShowShoppingList] = useState(false);
const [showInviteModal, setShowInviteModal] = useState(false);
const [inviteLink, setInviteLink] = useState<InviteLinkResponse | null>(null);
const [inviteLoading, setInviteLoading] = useState(false);
const [copied, setCopied] = useState(false);
useEffect(() => { useEffect(() => {
if (!familyId) { if (!familyId) {
@@ -180,6 +186,36 @@ export default function FamilyView() {
} }
}; };
const handleCreateInviteLink = async () => {
try {
setInviteLoading(true);
const response = await inviteLinkApi.create({ expires_in_hours: 168 });
setInviteLink(response.data);
} catch (err) {
alert('Ошибка создания ссылки-приглашения');
console.error(err);
} finally {
setInviteLoading(false);
}
};
const handleCopyInviteLink = async () => {
if (!inviteLink) return;
try {
await navigator.clipboard.writeText(inviteLink.invite_url);
setCopied(true);
setTimeout(() => setCopied(false), 2000);
} catch (err) {
console.error('Failed to copy:', err);
}
};
const handleOpenInviteModal = () => {
setShowInviteModal(true);
setInviteLink(null);
setCopied(false);
};
if (loading) { if (loading) {
return ( return (
<div className="min-h-screen flex items-center justify-center gradient-bg"> <div className="min-h-screen flex items-center justify-center gradient-bg">
@@ -230,11 +266,11 @@ export default function FamilyView() {
<div className="max-w-5xl mx-auto"> <div className="max-w-5xl mx-auto">
<div className="mb-6 sm:mb-8"> <div className="mb-6 sm:mb-8">
<button <button
onClick={() => navigate('/')} onClick={handleOpenInviteModal}
className="inline-flex items-center gap-2 px-4 py-2 bg-white/20 hover:bg-white/30 text-white rounded-2xl backdrop-blur-md mb-6 transition-all duration-300 group" className="inline-flex items-center gap-2 px-4 py-2 bg-white/20 hover:bg-white/30 text-white rounded-2xl backdrop-blur-md mb-6 transition-all duration-300 group"
> >
<ArrowLeft className="w-5 h-5 group-hover:-translate-x-1 transition-transform" /> <UserPlus className="w-5 h-5 group-hover:scale-110 transition-transform" />
<span className="font-medium">Назад к списку семей</span> <span className="font-medium">Пригласить участника</span>
</button> </button>
<div className="text-center"> <div className="text-center">
<div className="inline-flex p-4 bg-white/20 backdrop-blur-md rounded-2xl mb-4"> <div className="inline-flex p-4 bg-white/20 backdrop-blur-md rounded-2xl mb-4">
@@ -527,6 +563,84 @@ export default function FamilyView() {
onClose={() => setShowShoppingList(false)} onClose={() => setShowShoppingList(false)}
/> />
)} )}
{showInviteModal && (
<div className="fixed inset-0 bg-black/60 backdrop-blur-sm flex items-center justify-center z-50 p-4">
<div className="bg-white rounded-3xl shadow-2xl w-full max-w-md p-6 sm:p-8">
<div className="flex items-center justify-between mb-6">
<div className="flex items-center gap-3">
<div className="p-3 bg-gradient-to-br from-purple-500 to-blue-500 rounded-2xl">
<UserPlus className="w-6 h-6 text-white" />
</div>
<h2 className="text-xl font-bold text-gray-800">Пригласить участника</h2>
</div>
<button
onClick={() => setShowInviteModal(false)}
className="p-2 hover:bg-gray-100 rounded-xl transition-all"
>
<X className="w-5 h-5 text-gray-500" />
</button>
</div>
{!inviteLink ? (
<div className="text-center">
<p className="text-gray-600 mb-6">
Создайте ссылку-приглашение, чтобы добавить нового участника в семью.
Ссылка будет действительна 7 дней.
</p>
<button
onClick={handleCreateInviteLink}
disabled={inviteLoading}
className="w-full flex items-center justify-center gap-2 px-6 py-4 bg-gradient-to-r from-purple-600 to-blue-600 text-white rounded-2xl hover:shadow-xl transition-all font-semibold disabled:opacity-50"
>
{inviteLoading ? (
<>
<Loader2 className="w-5 h-5 animate-spin" />
Создание...
</>
) : (
<>
<UserPlus className="w-5 h-5" />
Создать ссылку
</>
)}
</button>
</div>
) : (
<div>
<p className="text-gray-600 mb-4 text-center">
Отправьте эту ссылку участнику, которого хотите пригласить:
</p>
<div className="bg-gray-100 rounded-2xl p-4 mb-4">
<p className="text-sm text-gray-800 break-all font-mono">
{inviteLink.invite_url}
</p>
</div>
<button
onClick={handleCopyInviteLink}
className={`w-full flex items-center justify-center gap-2 px-6 py-4 rounded-2xl transition-all font-semibold ${
copied
? 'bg-green-500 text-white'
: 'bg-gradient-to-r from-purple-600 to-blue-600 text-white hover:shadow-xl'
}`}
>
{copied ? (
<>
<Check className="w-5 h-5" />
Скопировано!
</>
) : (
<>
<Copy className="w-5 h-5" />
Скопировать ссылку
</>
)}
</button>
</div>
)}
</div>
</div>
)}
</div> </div>
); );
} }

230
frontend/src/pages/Home.tsx
View File

@@ -1,230 +0,0 @@
import { useEffect, useState } from 'react';
import { useNavigate } from 'react-router-dom';
import { familyApi, categoryApi } from '../api/client';
import { useStore } from '../store/useStore';
import type { Family } from '../types';
import { Users, Settings, Lock, Loader2, X } from 'lucide-react';
export default function Home() {
const navigate = useNavigate();
const { families, setFamilies, setSelectedFamily } = useStore();
const [loading, setLoading] = useState(true);
const [error, setError] = useState('');
const [showPasswordDialog, setShowPasswordDialog] = useState(false);
const [selectedFamilyForAuth, setSelectedFamilyForAuth] = useState<Family | null>(null);
const [familyPassword, setFamilyPassword] = useState('');
const [passwordError, setPasswordError] = useState('');
useEffect(() => {
loadFamilies();
}, []);
const loadFamilies = async () => {
try {
setLoading(true);
const response = await familyApi.getAll();
setFamilies(response.data);
} catch (err) {
setError('Ошибка загрузки списка семей');
console.error(err);
} finally {
setLoading(false);
}
};
const handleSelectFamily = async (family: Family) => {
try {
await categoryApi.getAllByFamily(family.id);
setSelectedFamily(family);
navigate(`/family/${family.id}`);
} catch (err: any) {
if (err.response?.status === 403) {
setSelectedFamilyForAuth(family);
setShowPasswordDialog(true);
setPasswordError('');
setFamilyPassword('');
} else {
setError('Ошибка доступа к семье');
}
}
};
const handleVerifyPassword = async () => {
if (!selectedFamilyForAuth || !familyPassword.trim()) {
setPasswordError('Введите пароль');
return;
}
try {
const response = await familyApi.verifyPassword(selectedFamilyForAuth.id, {
password: familyPassword,
});
if (response.data.valid) {
setSelectedFamily(selectedFamilyForAuth);
setShowPasswordDialog(false);
navigate(`/family/${selectedFamilyForAuth.id}`);
}
} catch (err: any) {
if (err.response?.status === 401) {
setPasswordError('Неверный пароль');
} else {
setPasswordError('Ошибка проверки пароля');
}
console.error(err);
}
};
const handleCancelPasswordDialog = () => {
setShowPasswordDialog(false);
setSelectedFamilyForAuth(null);
setFamilyPassword('');
setPasswordError('');
};
const handleGoToAdmin = () => {
navigate('/adminpanel');
};
if (loading) {
return (
<div className="min-h-screen flex items-center justify-center gradient-bg">
<div className="flex items-center gap-3 text-white">
<Loader2 className="w-8 h-8 animate-spin" />
<span className="text-xl font-medium">Загрузка...</span>
</div>
</div>
);
}
return (
<div className="min-h-screen gradient-bg py-8 sm:py-12 px-4 flex items-center justify-center">
<div className="w-full max-w-2xl">
<div className="text-center mb-8">
<h1 className="text-4xl sm:text-5xl md:text-6xl font-bold text-white mb-3">
Семейный бюджет
</h1>
<button
onClick={handleGoToAdmin}
className="inline-flex items-center gap-2 px-6 py-3 bg-linear-to-r from-orange-400 via-pink-500 to-purple-500 hover:from-orange-500 hover:via-pink-600 hover:to-purple-600 text-white rounded-2xl shadow-lg hover:shadow-xl transition-all duration-300 font-semibold"
>
<Settings className="w-5 h-5" />
<span className="font-medium">Админка</span>
</button>
</div>
{error && (
<div className="mb-6 p-4 bg-red-500/90 backdrop-blur-md border border-red-300/50 text-white rounded-2xl shadow-lg">
<div className="flex items-center gap-2">
<X className="w-5 h-5 flex-shrink-0" />
<span>{error}</span>
</div>
</div>
)}
<div className="text-center mb-6">
<div className="inline-flex items-center gap-3 mb-6">
<div className="p-3 bg-white/20 backdrop-blur-md rounded-2xl">
<Users className="w-8 h-8 text-white" />
</div>
<h2 className="text-2xl sm:text-3xl font-bold text-white">
Выберите семью
</h2>
</div>
</div>
{families.length === 0 ? (
<div className="glass-effect rounded-3xl shadow-2xl p-10 text-center">
<div className="inline-flex p-6 bg-linear-to-br from-purple-100 to-blue-100 rounded-3xl mb-6">
<Users className="w-20 h-20 text-purple-400" />
</div>
<p className="text-gray-600 text-lg sm:text-xl mb-2 font-semibold">
Семьи не найдены
</p>
<p className="text-gray-500 text-sm sm:text-base">
Создайте семью в админ панели
</p>
</div>
) : (
<div className="flex flex-row flex-wrap gap-4 justify-center">
{families.map((family) => (
<button
key={family.id}
onClick={() => handleSelectFamily(family)}
className="group w-80 p-8 bg-linear-to-br from-pink-200 via-purple-200 to-indigo-200 border-2 border-pink-400 rounded-3xl hover:border-pink-500 hover:shadow-2xl transition-all duration-300 text-center card-hover hover:from-pink-300 hover:via-purple-300 hover:to-indigo-300"
>
<div className="flex flex-col items-center gap-4">
<div className="p-4 bg-linear-to-br from-purple-500 to-blue-500 text-white rounded-2xl group-hover:scale-110 transition-transform duration-300 shadow-lg">
<Users className="w-10 h-10" />
</div>
<div>
<h3 className="text-xl sm:text-2xl font-bold text-gray-900 mb-2">
{family.name}
</h3>
<p className="text-sm text-gray-500">
Нажмите для просмотра
</p>
</div>
</div>
</button>
))}
</div>
)}
{showPasswordDialog && selectedFamilyForAuth && (
<div className="fixed inset-0 bg-black/60 backdrop-blur-sm flex items-center justify-center p-4 z-50 animate-fadeIn">
<div className="glass-effect rounded-3xl shadow-2xl p-8 sm:p-10 max-w-md w-full animate-scaleIn">
<div className="flex flex-col items-center text-center mb-6">
<div className="p-4 bg-linear-to-br from-purple-500 to-blue-500 text-white rounded-2xl mb-4 shadow-lg">
<Lock className="w-10 h-10" />
</div>
<h2 className="text-2xl sm:text-3xl font-bold text-gray-900 mb-2">
Защищённая семья
</h2>
<p className="text-gray-600 text-sm sm:text-base">
<span className="font-semibold text-purple-600">{selectedFamilyForAuth.name}</span>
</p>
</div>
{passwordError && (
<div className="mb-6 p-4 bg-red-100 border-l-4 border-red-500 text-red-700 rounded-xl">
<div className="flex items-center gap-2">
<X className="w-5 h-5 flex-shrink-0" />
<span className="text-sm font-medium">{passwordError}</span>
</div>
</div>
)}
<input
type="password"
placeholder="Введите пароль"
value={familyPassword}
onChange={(e) => setFamilyPassword(e.target.value)}
onKeyDown={(e) => e.key === 'Enter' && handleVerifyPassword()}
className="w-full px-5 py-4 border-2 border-gray-300 rounded-2xl focus:ring-2 focus:ring-purple-500 focus:border-purple-500 transition-all mb-6 text-base text-center font-medium"
autoFocus
/>
<div className="flex flex-col gap-3">
<button
onClick={handleVerifyPassword}
className="flex items-center justify-center gap-2 px-6 py-4 bg-linear-to-r from-purple-600 to-blue-600 text-white rounded-2xl hover:shadow-xl transition-all duration-300 font-semibold text-base"
>
<Lock className="w-5 h-5" />
Войти
</button>
<button
onClick={handleCancelPasswordDialog}
className="px-6 py-3 bg-gray-200 hover:bg-gray-300 text-gray-700 rounded-2xl transition-all duration-300 font-medium"
>
Отмена
</button>
</div>
</div>
</div>
)}
</div>
</div>
);
}

153
frontend/src/pages/InvitePage.tsx Normal file
View File

@@ -0,0 +1,153 @@
import { useEffect, useState } from 'react';
import { useParams, useNavigate } from 'react-router-dom';
import { inviteLinkApi, authApi } from '../api/client';
import { useStore } from '../store/useStore';
import { Loader2, Users, UserPlus, AlertCircle } from 'lucide-react';
export default function InvitePage() {
const { token } = useParams<{ token: string }>();
const navigate = useNavigate();
const { isAuthenticated, setUser } = useStore();
const [loading, setLoading] = useState(true);
const [joining, setJoining] = useState(false);
const [error, setError] = useState('');
const [familyName, setFamilyName] = useState<string | null>(null);
const [isValid, setIsValid] = useState(false);
useEffect(() => {
if (token) {
validateInvite();
}
}, [token]);
useEffect(() => {
if (isAuthenticated && isValid && token) {
joinFamily();
}
}, [isAuthenticated, isValid]);
const validateInvite = async () => {
if (!token) return;
try {
setLoading(true);
const response = await inviteLinkApi.validate(token);
if (response.data.valid) {
setIsValid(true);
setFamilyName(response.data.family_name);
} else {
setError('Ссылка недействительна или срок её действия истёк');
}
} catch (err) {
setError('Ссылка не найдена');
} finally {
setLoading(false);
}
};
const joinFamily = async () => {
if (!token) return;
try {
setJoining(true);
const response = await inviteLinkApi.join(token);
if (response.data.success) {
const meResponse = await authApi.me();
setUser(meResponse.data);
navigate(`/family/${response.data.family_id}`);
} else {
setError(response.data.message);
}
} catch (err: any) {
if (err.response?.status === 400) {
setError('Вы уже состоите в семье');
} else {
setError('Ошибка при присоединении к семье');
}
} finally {
setJoining(false);
}
};
const handleGoogleLogin = async () => {
if (token) {
localStorage.setItem('pendingInviteToken', token);
}
try {
const response = await authApi.getGoogleAuthUrl(window.location.href);
window.location.href = response.data.url;
} catch (err) {
setError('Ошибка при получении ссылки для авторизации');
}
};
if (loading) {
return (
<div className="min-h-screen flex items-center justify-center gradient-bg">
<div className="flex items-center gap-3 text-white">
<Loader2 className="w-8 h-8 animate-spin" />
<span className="text-xl font-medium">Проверка приглашения...</span>
</div>
</div>
);
}
if (joining) {
return (
<div className="min-h-screen flex items-center justify-center gradient-bg">
<div className="flex items-center gap-3 text-white">
<Loader2 className="w-8 h-8 animate-spin" />
<span className="text-xl font-medium">Присоединение к семье...</span>
</div>
</div>
);
}
if (error) {
return (
<div className="min-h-screen flex items-center justify-center gradient-bg px-4">
<div className="bg-white rounded-3xl shadow-2xl p-8 max-w-md w-full text-center">
<div className="p-4 bg-red-100 rounded-2xl inline-block mb-6">
<AlertCircle className="w-12 h-12 text-red-500" />
</div>
<h1 className="text-2xl font-bold text-gray-800 mb-4">Ошибка</h1>
<p className="text-gray-600 mb-6">{error}</p>
<button
onClick={() => navigate('/')}
className="px-6 py-3 bg-gradient-to-r from-purple-600 to-blue-600 text-white rounded-2xl font-semibold hover:shadow-xl transition-all"
>
На главную
</button>
</div>
</div>
);
}
return (
<div className="min-h-screen flex items-center justify-center gradient-bg px-4">
<div className="bg-white rounded-3xl shadow-2xl p-8 max-w-md w-full text-center">
<div className="p-4 bg-gradient-to-br from-purple-500 to-blue-500 rounded-2xl inline-block mb-6">
<Users className="w-12 h-12 text-white" />
</div>
<h1 className="text-2xl font-bold text-gray-800 mb-2">
Приглашение в семью
</h1>
<p className="text-3xl font-bold text-purple-600 mb-6">
{familyName}
</p>
<p className="text-gray-600 mb-8">
Вас пригласили присоединиться к семейному бюджету.
Войдите через Google, чтобы принять приглашение.
</p>
<button
onClick={handleGoogleLogin}
className="w-full flex items-center justify-center gap-3 px-6 py-4 bg-gradient-to-r from-purple-600 to-blue-600 text-white rounded-2xl font-semibold hover:shadow-xl transition-all"
>
<UserPlus className="w-5 h-5" />
Войти и присоединиться
</button>
</div>
</div>
);
}

80
frontend/src/pages/Login.tsx Normal file
View File

@@ -0,0 +1,80 @@
import { useState } from 'react';
import { authApi } from '../api/client';
import { Loader2, Wallet } from 'lucide-react';
export default function Login() {
const [loading, setLoading] = useState(false);
const [error, setError] = useState('');
const handleGoogleLogin = async () => {
try {
setLoading(true);
setError('');
const currentUrl = window.location.origin;
const response = await authApi.getGoogleAuthUrl(currentUrl);
window.location.href = response.data.url;
} catch (err) {
setError('Ошибка при получении ссылки для авторизации');
console.error(err);
setLoading(false);
}
};
return (
<div className="min-h-screen gradient-bg flex items-center justify-center px-4">
<div className="w-full max-w-md">
<div className="glass-effect rounded-3xl shadow-2xl p-8 sm:p-10">
<div className="flex flex-col items-center text-center mb-8">
<div className="p-4 bg-linear-to-br from-purple-500 to-blue-500 text-white rounded-2xl mb-4 shadow-lg">
<Wallet className="w-12 h-12" />
</div>
<h1 className="text-3xl sm:text-4xl font-bold text-gray-900 mb-2">
Семейный бюджет
</h1>
<p className="text-gray-600">
Войдите, чтобы продолжить
</p>
</div>
{error && (
<div className="mb-6 p-4 bg-red-100 border-l-4 border-red-500 text-red-700 rounded-xl">
<span className="text-sm font-medium">{error}</span>
</div>
)}
<button
onClick={handleGoogleLogin}
disabled={loading}
className="w-full flex items-center justify-center gap-3 px-6 py-4 bg-white border-2 border-gray-300 rounded-2xl hover:bg-gray-50 hover:border-gray-400 transition-all duration-300 font-semibold text-gray-700 disabled:opacity-50 disabled:cursor-not-allowed"
>
{loading ? (
<Loader2 className="w-6 h-6 animate-spin" />
) : (
<>
<svg className="w-6 h-6" viewBox="0 0 24 24">
<path
fill="#4285F4"
d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"
/>
<path
fill="#34A853"
d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"
/>
<path
fill="#FBBC05"
d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"
/>
<path
fill="#EA4335"
d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"
/>
</svg>
Войти через Google
</>
)}
</button>
</div>
</div>
</div>
);
}

225
frontend/src/pages/NoFamily.tsx Normal file
View File

@@ -0,0 +1,225 @@
import { useState, useEffect } from 'react';
import { useNavigate } from 'react-router-dom';
import { useStore } from '../store/useStore';
import { authApi, familyApi, inviteLinkApi } from '../api/client';
import { Users, LogOut, Settings, Plus, Loader2, Eye, EyeOff } from 'lucide-react';
export default function NoFamily() {
const navigate = useNavigate();
const { user, logout, setUser } = useStore();
const [familyName, setFamilyName] = useState('');
const [password, setPassword] = useState('');
const [showPassword, setShowPassword] = useState(false);
const [loading, setLoading] = useState(false);
const [error, setError] = useState('');
const [joiningFamily, setJoiningFamily] = useState(false);
useEffect(() => {
checkPendingInvite();
}, []);
const checkPendingInvite = async () => {
const pendingToken = localStorage.getItem('pendingInviteToken');
if (!pendingToken) return;
localStorage.removeItem('pendingInviteToken');
try {
setJoiningFamily(true);
const response = await inviteLinkApi.join(pendingToken);
if (response.data.success) {
const meResponse = await authApi.me();
setUser(meResponse.data);
navigate(`/family/${response.data.family_id}`);
} else {
setError(response.data.message);
}
} catch (err: any) {
if (err.response?.status === 400) {
setError('Ссылка-приглашение недействительна или истекла');
} else {
setError('Ошибка при присоединении к семье');
}
} finally {
setJoiningFamily(false);
}
};
const handleLogout = async () => {
try {
await authApi.logout();
logout();
} catch (err) {
console.error(err);
logout();
}
};
const handleGoToAdmin = () => {
navigate('/adminpanel');
};
const handleCreateFamily = async (e: React.FormEvent) => {
e.preventDefault();
if (!familyName.trim()) {
setError('Введите название семьи');
return;
}
try {
setLoading(true);
setError('');
const response = await familyApi.createMyFamily({
name: familyName.trim(),
password: password || undefined,
});
setUser({
...user!,
family_id: response.data.family_id,
});
navigate(`/family/${response.data.family_id}`);
} catch (err: unknown) {
if (err && typeof err === 'object' && 'response' in err) {
const axiosError = err as { response?: { status?: number } };
if (axiosError.response?.status === 409) {
setError('Вы уже состоите в семье');
} else {
setError('Ошибка при создании семьи');
}
} else {
setError('Ошибка при создании семьи');
}
console.error(err);
} finally {
setLoading(false);
}
};
if (joiningFamily) {
return (
<div className="min-h-screen flex items-center justify-center gradient-bg">
<div className="flex items-center gap-3 text-white">
<Loader2 className="w-8 h-8 animate-spin" />
<span className="text-xl font-medium">Присоединение к семье...</span>
</div>
</div>
);
}
return (
<div className="min-h-screen gradient-bg flex items-center justify-center px-4">
<div className="w-full max-w-md">
<div className="glass-effect rounded-3xl shadow-2xl p-8 sm:p-10">
<div className="flex flex-col items-center text-center mb-6">
<div className="p-4 bg-linear-to-br from-purple-500 to-blue-500 text-white rounded-2xl mb-4 shadow-lg">
<Users className="w-12 h-12" />
</div>
<h1 className="text-2xl sm:text-3xl font-bold text-gray-900 mb-2">
Добро пожаловать!
</h1>
<p className="text-gray-600">
<span className="font-semibold text-purple-600">{user?.email || user?.username}</span>
</p>
</div>
<form onSubmit={handleCreateFamily} className="mb-6">
<h2 className="text-lg font-semibold text-gray-800 mb-4 text-center">
Создайте свою семью
</h2>
{error && (
<div className="mb-4 p-3 bg-red-100 border-l-4 border-red-500 text-red-700 rounded-lg">
<span className="text-sm font-medium">{error}</span>
</div>
)}
<div className="space-y-4">
<div>
<label htmlFor="familyName" className="block text-sm font-medium text-gray-700 mb-1">
Название семьи *
</label>
<input
type="text"
id="familyName"
value={familyName}
onChange={(e) => setFamilyName(e.target.value)}
placeholder="Например: Семья Ивановых"
className="w-full px-4 py-3 border-2 border-gray-300 rounded-xl focus:border-purple-500 focus:outline-none transition-colors"
disabled={loading}
/>
</div>
<div>
<label htmlFor="password" className="block text-sm font-medium text-gray-700 mb-1">
Пароль <span className="text-gray-400">(необязательно)</span>
</label>
<div className="relative">
<input
type={showPassword ? 'text' : 'password'}
id="password"
value={password}
onChange={(e) => setPassword(e.target.value)}
placeholder="Для защиты доступа"
className="w-full px-4 py-3 pr-12 border-2 border-gray-300 rounded-xl focus:border-purple-500 focus:outline-none transition-colors"
disabled={loading}
/>
<button
type="button"
onClick={() => setShowPassword(!showPassword)}
className="absolute right-3 top-1/2 -translate-y-1/2 text-gray-500 hover:text-gray-700"
>
{showPassword ? <EyeOff className="w-5 h-5" /> : <Eye className="w-5 h-5" />}
</button>
</div>
<p className="mt-1 text-xs text-gray-500">
Пароль понадобится для доступа к бюджету семьи
</p>
</div>
<button
type="submit"
disabled={loading || !familyName.trim()}
className="w-full flex items-center justify-center gap-2 px-6 py-4 bg-linear-to-r from-purple-600 to-blue-600 text-white rounded-2xl hover:shadow-xl transition-all duration-300 font-semibold disabled:opacity-50 disabled:cursor-not-allowed"
>
{loading ? (
<Loader2 className="w-5 h-5 animate-spin" />
) : (
<>
<Plus className="w-5 h-5" />
Создать семью
</>
)}
</button>
</div>
</form>
<div className="border-t border-gray-200 pt-6">
<div className="flex flex-col gap-3">
{user?.is_admin && (
<button
onClick={handleGoToAdmin}
className="w-full flex items-center justify-center gap-2 px-6 py-3 bg-gray-100 hover:bg-gray-200 text-gray-700 rounded-2xl transition-all duration-300 font-medium"
>
<Settings className="w-5 h-5" />
Админ панель
</button>
)}
<button
onClick={handleLogout}
className="w-full flex items-center justify-center gap-2 px-6 py-3 bg-gray-100 hover:bg-gray-200 text-gray-700 rounded-2xl transition-all duration-300 font-medium"
>
<LogOut className="w-5 h-5" />
Выйти
</button>
</div>
</div>
</div>
</div>
</div>
);
}

20
frontend/src/store/useStore.ts
View File

@@ -1,13 +1,16 @@
import { create } from 'zustand'; import { create } from 'zustand';
import type { Family, Category } from '../types'; import type { Family, Category, User } from '../types';
interface AppState { interface AppState {
isAdmin: boolean; user: User | null;
isAuthenticated: boolean;
isLoading: boolean;
selectedFamily: Family | null; selectedFamily: Family | null;
families: Family[]; families: Family[];
categories: Category[]; categories: Category[];
setIsAdmin: (isAdmin: boolean) => void; setUser: (user: User | null) => void;
setIsLoading: (loading: boolean) => void;
setSelectedFamily: (family: Family | null) => void; setSelectedFamily: (family: Family | null) => void;
setFamilies: (families: Family[]) => void; setFamilies: (families: Family[]) => void;
setCategories: (categories: Category[]) => void; setCategories: (categories: Category[]) => void;
@@ -15,12 +18,16 @@ interface AppState {
} }
export const useStore = create<AppState>((set) => ({ export const useStore = create<AppState>((set) => ({
isAdmin: false, user: null,
isAuthenticated: false,
isLoading: true,
selectedFamily: null, selectedFamily: null,
families: [], families: [],
categories: [], categories: [],
setIsAdmin: (isAdmin) => set({ isAdmin }), setUser: (user) => set({ user, isAuthenticated: !!user }),
setIsLoading: (isLoading) => set({ isLoading }),
setSelectedFamily: (family) => set({ selectedFamily: family }), setSelectedFamily: (family) => set({ selectedFamily: family }),
@@ -29,7 +36,8 @@ export const useStore = create<AppState>((set) => ({
setCategories: (categories) => set({ categories }), setCategories: (categories) => set({ categories }),
logout: () => set({ logout: () => set({
isAdmin: false, user: null,
isAuthenticated: false,
selectedFamily: null, selectedFamily: null,
families: [], families: [],
categories: [] categories: []

50
frontend/src/types/index.ts
View File

@@ -3,6 +3,18 @@ export interface Family {
name: string; name: string;
} }
export interface User {
id: number;
username: string | null;
email: string | null;
is_admin: boolean;
family_id: number | null;
}
export interface OAuthUrlResponse {
url: string;
}
export interface Category { export interface Category {
id: number; id: number;
family_id: number; family_id: number;
@@ -39,6 +51,17 @@ export interface CreateFamilyRequest {
password: string; password: string;
} }
export interface CreateMyFamilyRequest {
name: string;
password?: string;
}
export interface CreateMyFamilyResponse {
family: Family;
user_id: number;
family_id: number;
}
export interface VerifyFamilyPasswordRequest { export interface VerifyFamilyPasswordRequest {
password: string; password: string;
} }
@@ -80,3 +103,30 @@ export interface MarkAsPurchasedRequest {
export interface BulkOperationResponse { export interface BulkOperationResponse {
affected_rows: number; affected_rows: number;
} }
export interface CreateInviteLinkRequest {
expires_in_hours?: number;
max_uses?: number;
}
export interface InviteLinkResponse {
id: number;
family_id: number;
token: string;
invite_url: string;
expires_at: string | null;
max_uses: number | null;
uses_count: number;
}
export interface ValidateInviteResponse {
valid: boolean;
family_id: number | null;
family_name: string | null;
}
export interface JoinFamilyResponse {
success: boolean;
family_id: number;
message: string;
}