diff --git a/README.md b/README.md index 1924ec1..05ef30d 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,6 @@ Interbend is a Flask-based web application that provides a backend API for managing user balances and transactions. It features a robust authentication system using JWT and includes a separate set of administrative endpoints for system management. The application is designed to be extensible and can be used as a foundation for a variety of financial applications. -### Note -The GitHub branch may lag behind the development branch. For the most up-to-date code and pull requests, please visit [https://git.albioncloud.de/Eisbear/Interbend](https://git.albioncloud.de/Eisbear/Interbend). - ## Installation 1. **Clone the repository:** @@ -28,14 +25,13 @@ The GitHub branch may lag behind the development branch. For the most up-to-date Create a `.env` file in the root directory of the project and add the following variables: ``` JWT_KEY=your_secret_jwt_key - JWT_EXPIRATION=30 // jwt experation duration in days + JWT_EXPIRATION=30 DB_HOST=your_database_host DB_USER=your_database_user DB_PASSWORD=your_database_password DB_NAME=your_database_name ADMIN_KEY=your_secret_admin_key - COLLECT_COOLDOWN=24 // collect cooldown in hours - TAX_ACCOUNT_BID=BUSINESS_BID_HERE // tax account bid here + COLLECT_COOLDOWN=30 ``` ## Usage @@ -72,10 +68,6 @@ The application will start in debug mode on `http://127.0.0.1:5000`. - **Request Body**: `{ "to": "recipient_bid", "amount": 50.00, "note": "Payment for services" }` - **Response**: A success message. -- **`POST /transfer-business`**: Transfers a specified amount from the authenticated user to another user with an appled tax. - - **Authentication**: JWT token required. - - **Request Body**: `{ "to": "recipient_bid", "amount": 50.00, "note": "Payment for services" }` - - **Response**: A success message. ### Admin All admin endpoints require an admin key in the request body. @@ -91,9 +83,3 @@ All admin endpoints require an admin key in the request body. - **`POST /admin/change-password`**: Changes the password for a user. - **Request Body**: `{ "bid": "user_bid", "password": "new_password", "key": "your_admin_key" }` - **Response**: A success message. -### Bot - -All bot endpoints require a bot key in the request body. These endpoints are designed with the InterBot discordbot in mind. -You should never use these manually because they trust the discord bot for authentication and are therefore insecure. -(i dont think thats best practice?) -// TODO - Add Discord End Points here \/ \ No newline at end of file diff --git a/To-Do.md b/To-Do.md index 29ca1fb..238ab43 100644 --- a/To-Do.md +++ b/To-Do.md @@ -4,41 +4,14 @@ This file tracks potential new features and improvements for the Interbend banki ## Feature Suggestions -1. **Automated Payroll System** - * **Description:** Instead of requiring users to manually call the `/collect` endpoint, a scheduled script could run periodically to automatically distribute salaries to all eligible users. - * **Benefits:** Improves user experience, ensures consistent pay, and reduces repeated API calls to the server. - * **Status:** Under Review - * **Note:** Due to system concept, needs to be modified to only pay active users. - * **Alternative:** Implement system to verify host is online; add admin route to control server availability. +1. **Automated Payroll System:** + * **Description:** Instead of requiring users to manually call the `/collect` endpoint, a scheduled script could run periodically (e.g., every 24 hours) to automatically distribute salaries to all eligible users. + * **Benefits:** Improves user experience, ensures consistent pay, and reduces repeated API calls to the server. + * **Important:** Due to the concept of this whole system it needs to be considered to only pay users who are attend. Bad Idea. + * **Alternative:** Implement system to make sure you can only collect if the host is online. Make admin route to open server (set global bool) -2. **User Transaction History** - * **Description:** Create API endpoint for retrieving paginated transaction history. - * **Benefits:** Provides transparency and financial tracking for users. - * **Status:** COMPLETED - * **Note:** Needs verification testing. +2. **User Transaction History:** + * **Description:** Create a new API endpoint (e.g., `GET /transactions`) that allows an authenticated user to retrieve a paginated list of their own transaction history. + * **Benefits:** Provides users with transparency and a way to track their finances, which is a core feature of any banking application. -3. **Changeable Tax Rate** - * **Description:** Add system for dynamic tax rate adjustment through admin interface. - * **Benefits:** Allows economic control and flexibility for different transaction types. - * **Status:** In Progress - * **Implementation:** Store in database for persistence, add admin routes for modification. - -4. **User Roles System** - * **Description:** Implement comprehensive role-based access control (RBAC). - * **Benefits:** Enables different permissions for police, government, admin, and regular users. - * **Status:** Not Started - * **Required Features:** - - Role assignment and management - - Permission hierarchy - - Role-specific interfaces - - Audit logging for role changes - -5. **Frontend Development** - * **Description:** Create user interface for the banking system. - * **Benefits:** Provides intuitive access to banking features. - * **Status:** Not Started - * **Components Needed:** - - User dashboard - - Transaction interface - - Admin control panel - - Role-specific views \ No newline at end of file + * FINISHED: PLEASE CHECK IF WORKING! \ No newline at end of file diff --git a/config.py b/config.py index 1acde42..62a2adf 100644 --- a/config.py +++ b/config.py @@ -9,9 +9,6 @@ class Config: # General Config JWT_KEY = os.getenv('JWT_KEY') JWT_EXPIRE = int(os.getenv('JWT_EXPIRATION', 30)) - - # Gets the Key to ensure discord bot requests are being done by the discord bot - BOT_KEY = os.getenv('BOT_KEY') # Database DB_HOST = os.getenv('DB_HOST') @@ -22,4 +19,3 @@ class Config: # Admin ADMIN_KEY = os.getenv('ADMIN_KEY') COLLECT_COOLDOWN = int(os.getenv('COLLECT_COOLDOWN', 24)) - TAX_ACCOUNT_BID = os.getenv('TAX_ACCOUNT_BID') \ No newline at end of file diff --git a/interbend/__init__.py b/interbend/__init__.py index 620b6ac..bb81e6b 100644 --- a/interbend/__init__.py +++ b/interbend/__init__.py @@ -8,10 +8,8 @@ def create_app(config_class=Config): from .routes.auth_routes import auth_bp from .routes.transaction_routes import transactions_bp from .routes.admin_routes import admin_bp - from .routes.discord_routes import discord_bp app.register_blueprint(auth_bp) app.register_blueprint(transactions_bp) app.register_blueprint(admin_bp, url_prefix='/admin') - app.register_blueprint(discord_bp, url_prefix='/discord') return app \ No newline at end of file diff --git a/interbend/auth.py b/interbend/auth.py index 32d740e..dcf65ae 100644 --- a/interbend/auth.py +++ b/interbend/auth.py @@ -40,18 +40,4 @@ def token_gen(bid): {"bid": bid, "exp": exptime}, jwt_key, algorithm="HS256") - return token - -def botKey(input_key): - bot_key = current_app.config['BOT_KEY'] - if input_key != bot_key: - return False - if input_key == bot_key: # Extra Security which doesnt actually add anything but peace of mind. - return True - return "OhShit" # This should never happen?? -# I dont think I should be a programmer, I dont even understand python and prefer golang or java or C#. ANYTHING THAT HAS {} - -def bot_key(input_key): - return botKey(input_key) -# Legacy, decaprecated (wait I didnt even implement this so why do I even keep this?) -# Random bloat :3 \ No newline at end of file + return token \ No newline at end of file diff --git a/interbend/routes/__init__.py b/interbend/routes/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/interbend/routes/admin_routes.py b/interbend/routes/admin_routes.py index 6e8a81f..b772692 100644 --- a/interbend/routes/admin_routes.py +++ b/interbend/routes/admin_routes.py @@ -41,7 +41,7 @@ def add_money(): bid = data.get('bid') amount = data.get('amount') key = data.get('key') - if not bid or not amount or not key: + if not bid or not money or not key: return jsonify({"error": "BID, Amount and AdminKey are required"}), 400 if not _keychecker(key): return jsonify({"error":"Admin Key required"}), 403 diff --git a/interbend/routes/discord_routes.py b/interbend/routes/discord_routes.py deleted file mode 100644 index 50ed41f..0000000 --- a/interbend/routes/discord_routes.py +++ /dev/null @@ -1,71 +0,0 @@ -from webbrowser import get -from flask import Blueprint, make_response -from interbend.db import db, get_user -from interbend.auth import * -import mysql.connector -import auth # For bot_key function -from werkzeug.security import generate_password_hash, check_password_hash - -discord_bp = Blueprint('discord_bp', __name__) - -@discord_bp.route('/register-id', methods=['POST']) -def register_id(): - data = request.get_json() - bid = data.get('bid') - name = data.get('name') - origin = data.get('origin') - age = data.get('age') - gender = data.get('gender') - bot_key2 = data.get('bot_key') - if bot_key2 != current_app.config['BOT_KEY']: - return jsonify({"error": "Unauthorized"}), 401 - if not bid or not name or not origin or not age or not gender: - return jsonify({"error": "BID, name, origin, age, and gender are required"}), 400 - user = get_user(bid) - if not user: - return jsonify({"error": "User is not registered"}), 404 - # Should the user be automatically registered here? - return jsonify({"error": "Method not implemented"}), 501 - -@discord_bp.route('/register-2', methods=['POST']) -def register2(): - data = request.get_json() - bid = data.get('bid') - # Bid is now generated by API -- Not in this case because this is for the discord bot to register users - username = data.get('username') - email = data.get('email') - # This wont work because the bot wont have access to the email. Its a bot not OAuth, which will be added later. - password = data.get('password') # The bot will generate a random password and send it to the user via DM or something? - bot_key2 = data.get('bot_key') - if not botKey(bot_key2): - return jsonify({"error": "Unauthorized"}), 401 - - if not username or not password: - return jsonify({"error": "Bot error, did not supply username or password"}), 404 - password_hash = generate_password_hash(password) - if email == "example@example.com": - return jsonify({"error": "bro"}), 400 - bidf = "D-".join(bid) - try: - with db.cursor(dictionary=True) as cur: - cur.execute("SELECT * FROM users WHERE bid = %s", (bidf,)) - if cur.fetchone(): - return jsonify({"error": "BID already exists."}), 409 - except mysql.connector.Error as err: - db.rollback() - current_app.logger.error(f"Database error in register: {err}") - return jsonify({"error": "Database Error"}), 500 - try: - with db.cursor(dictionary=True) as cur: - cur.execute("INSERT INTO users (bid, username, password_hash) VALUES (%s, %s, %s)", - (bid, username, password_hash)) - db.commit() - return jsonify({"message": "Creation Successful"}), 201 - except mysql.connector.Error as err: - db.rollback() - current_app.logger.error(f"Database error in register: {err}") - return jsonify({"error": "Database Error"}), 500 - -@discord_bp.route('/balance', methods=['GET']) -def blo_chicken_tiki_masala(): #can I name it like this? - return jsonify({"error": "use normal balance bro"}), 404 \ No newline at end of file diff --git a/interbend/routes/transaction_routes.py b/interbend/routes/transaction_routes.py index 5635e3c..c8a2155 100644 --- a/interbend/routes/transaction_routes.py +++ b/interbend/routes/transaction_routes.py @@ -94,57 +94,7 @@ def get_transactions(): return jsonify({"error": "An unexpected server error occurred."}), 500 -# this should be fine (not) - -def transfer_boilerplate(user_bid, fbid, tbid, amount, note, type): - if not user_bid or not fbid or not tbid or not amount: - return jsonify({"error": "From, To, and amount are required"}), 400 - if not note: - print(f"{type} failed to provide note. No trace available because I am lazy to program such things.") - return jsonify ({"error": "Note shouldve been passed by internal method."}), 500 - if not type in [0, 1, 2, 3, 4, 5, 6, 7, 8]: # 0 = personal, 1 = business, 2 = fine, 3 = salary, 4 = bill, 5 = admin adjustment, 6 = placeholder, 7 = placeholder2, 8 = other - print(f"type was {type}, which is invalid. This is a bug. Internal Method failed to provide a valid type. No trace available because I am lazy to program such things.") - return jsonify({"error": "Internal method failed to provide a valid type."}), 500 - try: - amount = float(amount) - if amount <= 0: - raise ValueError - except ValueError: - return jsonify({"error": "Invalid amount","message":"Try to request Money instead"}), 400 - sender = get_user(fbid) - receiver = get_user(tbid) - if not sender or not receiver: - return jsonify({"error":"User not found"}), 404 - # here is space to add tax if its a business transaction. - if type == 1: # Business Transfer - gtax = 0.3 # 30% tax for business transactions - configurable later TO DO - tax = amount * gtax - note += f" (Tax applied: {tax})" - tax_account_bid = Config.TAX_ACCOUNT_BID - if sender["balance"] < amount + tax: - return jsonify({"error": "Insufficient funds"}), 400 - - if sender["balance"] < amount: - return jsonify({"error": "Insufficient funds"}), 400 - try: - db.start_transaction() - with db.cursor(dictionary=True) as cur: - cur.execute("UPDATE users SET balance = balance - %s WHERE bid = %s", (amount, fbid)) - cur.execute("UPDATE users SET balance = balance + %s WHERE bid = %s", (amount, tbid)) - if type == 1: # Business Transfer - cur.execute("UPDATE users SET balance = balance - %s WHERE bid = %s", (tax, fbid)) - cur.execute("UPDATE users SET balance = balance + %s WHERE bid = %s", (tax, tax_account_bid)) - cur.execute("INSERT INTO transactions (source, target, amount, note, type, timestamp, status) VALUES (%s, %s, " - "%s, %s, %s, %s)", fbid, tbid, amount, note, "transfer", datetime.now(timezone.utc), - "completed", ) - db.commit() - return jsonify({"message": "Transfer successful"}), 200 - except mysql.connector.Error as err: - db.rollback() - print(f"Transactional Error: {err}") - return jsonify({"error": "A database error occurred during the transfer."}), 500 - -# PERSONAL TRANSFERS +# this should be fine @transactions_bp.route('/transfer', methods=['POST']) @jwt_required def transfer(): @@ -155,31 +105,35 @@ def transfer(): tbid = data.get('to') amount = data.get('amount') note = data.get('note') - type = int(0) # Personal Transfer + if not tbid or not amount: + return jsonify({"error": "To and amount are required"}), 400 if not fbid: - user_bid = fbid + fbid = user_bid if fbid != user_bid: return jsonify({"error": "Unauthorized transfer from another account"}), 401 - if not note: - note = "No note provided, Personal Transfer from " + fbid - return transfer_boilerplate(user_bid, fbid, tbid, amount, note, type) - -# BUSINESS TRANSFERS -@transactions_bp.route('/transfer-business', methods=['POST']) -@jwt_required -def transfer_business(): - # Ignore warning because it's dynamically added via jwt required. - user_bid = request.bid - data = request.get_json() - fbid = data.get('from') - tbid = data.get('to') - amount = data.get('amount') - note = data.get('note') - type = int(1) # Business Transfer - if not fbid: - user_bid = fbid - if fbid != user_bid: - return jsonify({"error": "Unauthorized transfer from another account"}), 401 - if not note: - note = "No note provided, Business Transfer from " + fbid - return transfer_boilerplate(user_bid, fbid, tbid, amount, note, type) \ No newline at end of file + try: + amount = float(amount) + if amount <= 0: + raise ValueError + except ValueError: + return jsonify({"error": "Invalid amount","message":"Try to request Money instead"}), 400 + sender = get_user(fbid) + receiver = get_user(tbid) + if not sender or not receiver: + return jsonify({"error":"User not found"}), 404 + if sender["balance"] < amount: + return jsonify({"error": "Insufficient funds"}), 400 + try: + db.start_transaction() + with db.cursor(dictionary=True) as cur: + cur.execute("UPDATE users SET balance = balance - %s WHERE bid = %s", (amount, fbid)) + cur.execute("UPDATE users SET balance = balance + %s WHERE bid = %s", (amount, tbid)) + cur.execute("INSERT INTO transactions (source, target, amount, note, type, timestamp, status) VALUES (%s, %s, " + "%s, %s, %s, %s)", fbid, tbid, amount, note, "transfer", datetime.now(timezone.utc), + "completed", ) + db.commit() + return jsonify({"message": "Transfer successful"}), 200 + except mysql.connector.Error as err: + db.rollback() + print(f"Transactional Error: {err}") + return jsonify({"error": "A database error occurred during the transfer."}), 500 \ No newline at end of file