Eisbear/Interbend
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: Eisbear:dev
Branches Tags
Eisbear:main
Eisbear:dev
..
compare: Eisbear:main
Branches Tags
Eisbear:dev
Eisbear:main

No commits in common. "dev" and "main" have entirely different histories.
dev ... main

9 changed files with 43 additions and 221 deletions
Download patch file Download diff file Expand all files Collapse all files

18
README.md
View file

@ -2,9 +2,6 @@
Interbend is a Flask-based web application that provides a backend API for managing user balances and transactions. It features a robust authentication system using JWT and includes a separate set of administrative endpoints for system management. The application is designed to be extensible and can be used as a foundation for a variety of financial applications.
### Note
The GitHub branch may lag behind the development branch. For the most up-to-date code and pull requests, please visit [https://git.albioncloud.de/Eisbear/Interbend](https://git.albioncloud.de/Eisbear/Interbend).
## Installation
1. **Clone the repository:**
@ -28,14 +25,13 @@ The GitHub branch may lag behind the development branch. For the most up-to-date
Create a `.env` file in the root directory of the project and add the following variables:
```
JWT_KEY=your_secret_jwt_key
JWT_EXPIRATION=30 // jwt experation duration in days
JWT_EXPIRATION=30
DB_HOST=your_database_host
DB_USER=your_database_user
DB_PASSWORD=your_database_password
DB_NAME=your_database_name
ADMIN_KEY=your_secret_admin_key
COLLECT_COOLDOWN=24 // collect cooldown in hours
TAX_ACCOUNT_BID=BUSINESS_BID_HERE // tax account bid here
COLLECT_COOLDOWN=30
```
## Usage
@ -72,10 +68,6 @@ The application will start in debug mode on `http://127.0.0.1:5000`.
- **Request Body**: `{ "to": "recipient_bid", "amount": 50.00, "note": "Payment for services" }`
- **Response**: A success message.
- **`POST /transfer-business`**: Transfers a specified amount from the authenticated user to another user with an appled tax.
- **Authentication**: JWT token required.
- **Request Body**: `{ "to": "recipient_bid", "amount": 50.00, "note": "Payment for services" }`
- **Response**: A success message.
### Admin
All admin endpoints require an admin key in the request body.
@ -91,9 +83,3 @@ All admin endpoints require an admin key in the request body.
- **`POST /admin/change-password`**: Changes the password for a user.
- **Request Body**: `{ "bid": "user_bid", "password": "new_password", "key": "your_admin_key" }`
- **Response**: A success message.
### Bot
All bot endpoints require a bot key in the request body. These endpoints are designed with the InterBot discordbot in mind.
You should never use these manually because they trust the discord bot for authentication and are therefore insecure.
(i dont think thats best practice?)
// TODO - Add Discord End Points here \/

45
To-Do.md
View file

@ -4,41 +4,14 @@ This file tracks potential new features and improvements for the Interbend banki
## Feature Suggestions
1. **Automated Payroll System**
* **Description:** Instead of requiring users to manually call the `/collect` endpoint, a scheduled script could run periodically to automatically distribute salaries to all eligible users.
* **Benefits:** Improves user experience, ensures consistent pay, and reduces repeated API calls to the server.
* **Status:** Under Review
* **Note:** Due to system concept, needs to be modified to only pay active users.
* **Alternative:** Implement system to verify host is online; add admin route to control server availability.
1. **Automated Payroll System:**
* **Description:** Instead of requiring users to manually call the `/collect` endpoint, a scheduled script could run periodically (e.g., every 24 hours) to automatically distribute salaries to all eligible users.
* **Benefits:** Improves user experience, ensures consistent pay, and reduces repeated API calls to the server.
* **Important:** Due to the concept of this whole system it needs to be considered to only pay users who are attend. Bad Idea.
* **Alternative:** Implement system to make sure you can only collect if the host is online. Make admin route to open server (set global bool)
2. **User Transaction History**
* **Description:** Create API endpoint for retrieving paginated transaction history.
* **Benefits:** Provides transparency and financial tracking for users.
* **Status:** COMPLETED
* **Note:** Needs verification testing.
2. **User Transaction History:**
* **Description:** Create a new API endpoint (e.g., `GET /transactions`) that allows an authenticated user to retrieve a paginated list of their own transaction history.
* **Benefits:** Provides users with transparency and a way to track their finances, which is a core feature of any banking application.
3. **Changeable Tax Rate**
* **Description:** Add system for dynamic tax rate adjustment through admin interface.
* **Benefits:** Allows economic control and flexibility for different transaction types.
* **Status:** In Progress
* **Implementation:** Store in database for persistence, add admin routes for modification.
4. **User Roles System**
* **Description:** Implement comprehensive role-based access control (RBAC).
* **Benefits:** Enables different permissions for police, government, admin, and regular users.
* **Status:** Not Started
* **Required Features:**
- Role assignment and management
- Permission hierarchy
- Role-specific interfaces
- Audit logging for role changes
5. **Frontend Development**
* **Description:** Create user interface for the banking system.
* **Benefits:** Provides intuitive access to banking features.
* **Status:** Not Started
* **Components Needed:**
- User dashboard
- Transaction interface
- Admin control panel
- Role-specific views
* FINISHED: PLEASE CHECK IF WORKING!

4
config.py
View file

@ -9,9 +9,6 @@ class Config:
# General Config
JWT_KEY = os.getenv('JWT_KEY')
JWT_EXPIRE = int(os.getenv('JWT_EXPIRATION', 30))
# Gets the Key to ensure discord bot requests are being done by the discord bot
BOT_KEY = os.getenv('BOT_KEY')
# Database
DB_HOST = os.getenv('DB_HOST')
@ -22,4 +19,3 @@ class Config:
# Admin
ADMIN_KEY = os.getenv('ADMIN_KEY')
COLLECT_COOLDOWN = int(os.getenv('COLLECT_COOLDOWN', 24))
TAX_ACCOUNT_BID = os.getenv('TAX_ACCOUNT_BID')

2
interbend/__init__.py
View file

@ -8,10 +8,8 @@ def create_app(config_class=Config):
from .routes.auth_routes import auth_bp
from .routes.transaction_routes import transactions_bp
from .routes.admin_routes import admin_bp
from .routes.discord_routes import discord_bp
app.register_blueprint(auth_bp)
app.register_blueprint(transactions_bp)
app.register_blueprint(admin_bp, url_prefix='/admin')
app.register_blueprint(discord_bp, url_prefix='/discord')
return app

16
interbend/auth.py
View file

@ -40,18 +40,4 @@ def token_gen(bid):
{"bid": bid, "exp": exptime},
jwt_key,
algorithm="HS256")
return token
def botKey(input_key):
bot_key = current_app.config['BOT_KEY']
if input_key != bot_key:
return False
if input_key == bot_key: # Extra Security which doesnt actually add anything but peace of mind.
return True
return "OhShit" # This should never happen??
# I dont think I should be a programmer, I dont even understand python and prefer golang or java or C#. ANYTHING THAT HAS {}
def bot_key(input_key):
return botKey(input_key)
# Legacy, decaprecated (wait I didnt even implement this so why do I even keep this?)
# Random bloat :3
return token

0
interbend/routes/__init__.py Normal file
View file

2
interbend/routes/admin_routes.py
View file

@ -41,7 +41,7 @@ def add_money():
bid = data.get('bid')
amount = data.get('amount')
key = data.get('key')
if not bid or not amount or not key:
if not bid or not money or not key:
return jsonify({"error": "BID, Amount and AdminKey are required"}), 400
if not _keychecker(key):
return jsonify({"error":"Admin Key required"}), 403

71
interbend/routes/discord_routes.py
View file

@ -1,71 +0,0 @@
from webbrowser import get
from flask import Blueprint, make_response
from interbend.db import db, get_user
from interbend.auth import *
import mysql.connector
import auth # For bot_key function
from werkzeug.security import generate_password_hash, check_password_hash
discord_bp = Blueprint('discord_bp', __name__)
@discord_bp.route('/register-id', methods=['POST'])
def register_id():
data = request.get_json()
bid = data.get('bid')
name = data.get('name')
origin = data.get('origin')
age = data.get('age')
gender = data.get('gender')
bot_key2 = data.get('bot_key')
if bot_key2 != current_app.config['BOT_KEY']:
return jsonify({"error": "Unauthorized"}), 401
if not bid or not name or not origin or not age or not gender:
return jsonify({"error": "BID, name, origin, age, and gender are required"}), 400
user = get_user(bid)
if not user:
return jsonify({"error": "User is not registered"}), 404
# Should the user be automatically registered here?
return jsonify({"error": "Method not implemented"}), 501
@discord_bp.route('/register-2', methods=['POST'])
def register2():
data = request.get_json()
bid = data.get('bid')
# Bid is now generated by API -- Not in this case because this is for the discord bot to register users
username = data.get('username')
email = data.get('email')
# This wont work because the bot wont have access to the email. Its a bot not OAuth, which will be added later.
password = data.get('password') # The bot will generate a random password and send it to the user via DM or something?
bot_key2 = data.get('bot_key')
if not botKey(bot_key2):
return jsonify({"error": "Unauthorized"}), 401
if not username or not password:
return jsonify({"error": "Bot error, did not supply username or password"}), 404
password_hash = generate_password_hash(password)
if email == "example@example.com":
return jsonify({"error": "bro"}), 400
bidf = "D-".join(bid)
try:
with db.cursor(dictionary=True) as cur:
cur.execute("SELECT * FROM users WHERE bid = %s", (bidf,))
if cur.fetchone():
return jsonify({"error": "BID already exists."}), 409
except mysql.connector.Error as err:
db.rollback()
current_app.logger.error(f"Database error in register: {err}")
return jsonify({"error": "Database Error"}), 500
try:
with db.cursor(dictionary=True) as cur:
cur.execute("INSERT INTO users (bid, username, password_hash) VALUES (%s, %s, %s)",
(bid, username, password_hash))
db.commit()
return jsonify({"message": "Creation Successful"}), 201
except mysql.connector.Error as err:
db.rollback()
current_app.logger.error(f"Database error in register: {err}")
return jsonify({"error": "Database Error"}), 500
@discord_bp.route('/balance', methods=['GET'])
def blo_chicken_tiki_masala(): #can I name it like this?
return jsonify({"error": "use normal balance bro"}), 404

106
interbend/routes/transaction_routes.py
View file

@ -94,57 +94,7 @@ def get_transactions():
return jsonify({"error": "An unexpected server error occurred."}), 500
# this should be fine (not)
def transfer_boilerplate(user_bid, fbid, tbid, amount, note, type):
if not user_bid or not fbid or not tbid or not amount:
return jsonify({"error": "From, To, and amount are required"}), 400
if not note:
print(f"{type} failed to provide note. No trace available because I am lazy to program such things.")
return jsonify ({"error": "Note shouldve been passed by internal method."}), 500
if not type in [0, 1, 2, 3, 4, 5, 6, 7, 8]: # 0 = personal, 1 = business, 2 = fine, 3 = salary, 4 = bill, 5 = admin adjustment, 6 = placeholder, 7 = placeholder2, 8 = other
print(f"type was {type}, which is invalid. This is a bug. Internal Method failed to provide a valid type. No trace available because I am lazy to program such things.")
return jsonify({"error": "Internal method failed to provide a valid type."}), 500
try:
amount = float(amount)
if amount <= 0:
raise ValueError
except ValueError:
return jsonify({"error": "Invalid amount","message":"Try to request Money instead"}), 400
sender = get_user(fbid)
receiver = get_user(tbid)
if not sender or not receiver:
return jsonify({"error":"User not found"}), 404
# here is space to add tax if its a business transaction.
if type == 1: # Business Transfer
gtax = 0.3 # 30% tax for business transactions - configurable later TO DO
tax = amount * gtax
note += f" (Tax applied: {tax})"
tax_account_bid = Config.TAX_ACCOUNT_BID
if sender["balance"] < amount + tax:
return jsonify({"error": "Insufficient funds"}), 400
if sender["balance"] < amount:
return jsonify({"error": "Insufficient funds"}), 400
try:
db.start_transaction()
with db.cursor(dictionary=True) as cur:
cur.execute("UPDATE users SET balance = balance - %s WHERE bid = %s", (amount, fbid))
cur.execute("UPDATE users SET balance = balance + %s WHERE bid = %s", (amount, tbid))
if type == 1: # Business Transfer
cur.execute("UPDATE users SET balance = balance - %s WHERE bid = %s", (tax, fbid))
cur.execute("UPDATE users SET balance = balance + %s WHERE bid = %s", (tax, tax_account_bid))
cur.execute("INSERT INTO transactions (source, target, amount, note, type, timestamp, status) VALUES (%s, %s, "
"%s, %s, %s, %s)", fbid, tbid, amount, note, "transfer", datetime.now(timezone.utc),
"completed", )
db.commit()
return jsonify({"message": "Transfer successful"}), 200
except mysql.connector.Error as err:
db.rollback()
print(f"Transactional Error: {err}")
return jsonify({"error": "A database error occurred during the transfer."}), 500
# PERSONAL TRANSFERS
# this should be fine
@transactions_bp.route('/transfer', methods=['POST'])
@jwt_required
def transfer():
@ -155,31 +105,35 @@ def transfer():
tbid = data.get('to')
amount = data.get('amount')
note = data.get('note')
type = int(0) # Personal Transfer
if not tbid or not amount:
return jsonify({"error": "To and amount are required"}), 400
if not fbid:
user_bid = fbid
fbid = user_bid
if fbid != user_bid:
return jsonify({"error": "Unauthorized transfer from another account"}), 401
if not note:
note = "No note provided, Personal Transfer from " + fbid
return transfer_boilerplate(user_bid, fbid, tbid, amount, note, type)
# BUSINESS TRANSFERS
@transactions_bp.route('/transfer-business', methods=['POST'])
@jwt_required
def transfer_business():
# Ignore warning because it's dynamically added via jwt required.
user_bid = request.bid
data = request.get_json()
fbid = data.get('from')
tbid = data.get('to')
amount = data.get('amount')
note = data.get('note')
type = int(1) # Business Transfer
if not fbid:
user_bid = fbid
if fbid != user_bid:
return jsonify({"error": "Unauthorized transfer from another account"}), 401
if not note:
note = "No note provided, Business Transfer from " + fbid
return transfer_boilerplate(user_bid, fbid, tbid, amount, note, type)
try:
amount = float(amount)
if amount <= 0:
raise ValueError
except ValueError:
return jsonify({"error": "Invalid amount","message":"Try to request Money instead"}), 400
sender = get_user(fbid)
receiver = get_user(tbid)
if not sender or not receiver:
return jsonify({"error":"User not found"}), 404
if sender["balance"] < amount:
return jsonify({"error": "Insufficient funds"}), 400
try:
db.start_transaction()
with db.cursor(dictionary=True) as cur:
cur.execute("UPDATE users SET balance = balance - %s WHERE bid = %s", (amount, fbid))
cur.execute("UPDATE users SET balance = balance + %s WHERE bid = %s", (amount, tbid))
cur.execute("INSERT INTO transactions (source, target, amount, note, type, timestamp, status) VALUES (%s, %s, "
"%s, %s, %s, %s)", fbid, tbid, amount, note, "transfer", datetime.now(timezone.utc),
"completed", )
db.commit()
return jsonify({"message": "Transfer successful"}), 200
except mysql.connector.Error as err:
db.rollback()
print(f"Transactional Error: {err}")
return jsonify({"error": "A database error occurred during the transfer."}), 500