iulian/fina
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
fina/app/routes/expenses.py
iulian 983cee0320 Initial commit
2025-12-26 00:52:56 +00:00

570 lines
20 KiB
Python
Raw Blame History

from flask import Blueprint, request, jsonify, send_file, current_app
from flask_login import login_required, current_user
from app import db
from app.models import Expense, Category, Tag
from werkzeug.utils import secure_filename
import os
import csv
import io
from datetime import datetime
from app.ocr import extract_text_from_file
from app.auto_tagger import suggest_tags_for_expense
bp = Blueprint('expenses', __name__, url_prefix='/api/expenses')
ALLOWED_EXTENSIONS = {'png', 'jpg', 'jpeg', 'pdf'}
def allowed_file(filename):
return '.' in filename and filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS
@bp.route('/', methods=['GET'])
@login_required
def get_expenses():
page = request.args.get('page', 1, type=int)
per_page = request.args.get('per_page', 20, type=int)
category_id = request.args.get('category_id', type=int)
start_date = request.args.get('start_date')
end_date = request.args.get('end_date')
search = request.args.get('search', '')
tag_ids = request.args.get('tag_ids', '') # Comma-separated tag IDs
query = Expense.query.filter_by(user_id=current_user.id)
if category_id:
query = query.filter_by(category_id=category_id)
if start_date:
query = query.filter(Expense.date >= datetime.fromisoformat(start_date))
if end_date:
query = query.filter(Expense.date <= datetime.fromisoformat(end_date))
if search:
query = query.filter(Expense.description.ilike(f'%{search}%'))
# Filter by tags
if tag_ids:
try:
tag_id_list = [int(tid.strip()) for tid in tag_ids.split(',') if tid.strip()]
if tag_id_list:
# Join with expense_tags to filter by tag IDs
# Security: Tags are already filtered by user through Tag.user_id
from app.models import ExpenseTag
query = query.join(ExpenseTag).filter(ExpenseTag.tag_id.in_(tag_id_list))
except ValueError:
pass # Invalid tag IDs, ignore filter
pagination = query.order_by(Expense.date.desc()).paginate(
page=page, per_page=per_page, error_out=False
)
return jsonify({
'expenses': [expense.to_dict() for expense in pagination.items],
'total': pagination.total,
'pages': pagination.pages,
'current_page': page
})
@bp.route('/', methods=['POST'])
@login_required
def create_expense():
# Handle both FormData and JSON requests
# When FormData is sent (even without files), request.form will have the data
# When JSON is sent, request.form will be empty
data = request.form if request.form else request.get_json()
# Validate required fields
if not data or not data.get('amount') or not data.get('category_id') or not data.get('description'):
return jsonify({'success': False, 'message': 'Missing required fields'}), 400
# Security: Verify category belongs to current user
category = Category.query.filter_by(id=int(data.get('category_id')), user_id=current_user.id).first()
if not category:
return jsonify({'success': False, 'message': 'Invalid category'}), 400
# Handle receipt upload
receipt_path = None
receipt_ocr_text = ""
if 'receipt' in request.files:
file = request.files['receipt']
if file and file.filename and allowed_file(file.filename):
filename = secure_filename(f"{current_user.id}_{datetime.utcnow().timestamp()}_{file.filename}")
receipts_dir = os.path.join(current_app.config['UPLOAD_FOLDER'], 'receipts')
filepath = os.path.join(receipts_dir, filename)
file.save(filepath)
receipt_path = f'receipts/{filename}'
# Process OCR for image receipts
file_ext = filename.rsplit('.', 1)[1].lower() if '.' in filename else ''
if file_ext in ['png', 'jpg', 'jpeg', 'pdf']:
try:
abs_filepath = os.path.abspath(filepath)
receipt_ocr_text = extract_text_from_file(abs_filepath, file_ext)
print(f"OCR extracted {len(receipt_ocr_text)} characters from receipt {filename}")
except Exception as e:
print(f"OCR processing failed for receipt {filename}: {str(e)}")
# Create expense
expense = Expense(
amount=float(data.get('amount')),
currency=data.get('currency', current_user.currency),
description=data.get('description'),
category_id=int(data.get('category_id')),
user_id=current_user.id,
receipt_path=receipt_path,
receipt_ocr_text=receipt_ocr_text,
date=datetime.fromisoformat(data.get('date')) if data.get('date') else datetime.utcnow()
)
# Handle legacy JSON tags
if data.get('tags'):
if isinstance(data.get('tags'), str):
import json
tags = json.loads(data.get('tags'))
else:
tags = data.get('tags')
expense.set_tags(tags)
db.session.add(expense)
db.session.flush() # Get expense ID before handling tag objects
# Auto-suggest tags based on description and OCR text
enable_auto_tags = data.get('enable_auto_tags', True) # Default to True
if enable_auto_tags:
suggested_tags = suggest_tags_for_expense(
description=data.get('description'),
ocr_text=receipt_ocr_text,
category_name=category.name
)
# Create or get tags and associate with expense
for tag_data in suggested_tags:
# Check if tag exists for user
tag = Tag.query.filter_by(
user_id=current_user.id,
name=tag_data['name']
).first()
if not tag:
# Create new auto-generated tag
tag = Tag(
name=tag_data['name'],
color=tag_data['color'],
icon=tag_data['icon'],
user_id=current_user.id,
is_auto=True,
use_count=0
)
db.session.add(tag)
db.session.flush()
# Associate tag with expense
expense.add_tag(tag)
# Handle manual tag associations (tag IDs passed from frontend)
if data.get('tag_ids'):
tag_ids = data.get('tag_ids')
if isinstance(tag_ids, str):
import json
tag_ids = json.loads(tag_ids)
for tag_id in tag_ids:
# Security: Verify tag belongs to user
tag = Tag.query.filter_by(id=tag_id, user_id=current_user.id).first()
if tag:
expense.add_tag(tag)
db.session.commit()
return jsonify({
'success': True,
'expense': expense.to_dict()
}), 201
@bp.route('/<int:expense_id>', methods=['PUT'])
@login_required
def update_expense(expense_id):
expense = Expense.query.filter_by(id=expense_id, user_id=current_user.id).first()
if not expense:
return jsonify({'success': False, 'message': 'Expense not found'}), 404
# Handle both FormData and JSON requests
data = request.form if request.form else request.get_json()
# Update fields
if data.get('amount'):
expense.amount = float(data.get('amount'))
if data.get('currency'):
expense.currency = data.get('currency')
if data.get('description'):
expense.description = data.get('description')
if data.get('category_id'):
# Security: Verify category belongs to current user
category = Category.query.filter_by(id=int(data.get('category_id')), user_id=current_user.id).first()
if not category:
return jsonify({'success': False, 'message': 'Invalid category'}), 400
expense.category_id = int(data.get('category_id'))
if data.get('date'):
expense.date = datetime.fromisoformat(data.get('date'))
if data.get('tags') is not None:
if isinstance(data.get('tags'), str):
import json
tags = json.loads(data.get('tags'))
else:
tags = data.get('tags')
expense.set_tags(tags)
# Handle receipt upload
if 'receipt' in request.files:
file = request.files['receipt']
if file and file.filename and allowed_file(file.filename):
# Delete old receipt
if expense.receipt_path:
clean_path = expense.receipt_path.replace('/uploads/', '').lstrip('/')
old_path = os.path.join(current_app.config['UPLOAD_FOLDER'], clean_path)
if os.path.exists(old_path):
os.remove(old_path)
filename = secure_filename(f"{current_user.id}_{datetime.utcnow().timestamp()}_{file.filename}")
receipts_dir = os.path.join(current_app.config['UPLOAD_FOLDER'], 'receipts')
filepath = os.path.join(receipts_dir, filename)
file.save(filepath)
expense.receipt_path = f'receipts/{filename}'
# Process OCR for new receipt
file_ext = filename.rsplit('.', 1)[1].lower() if '.' in filename else ''
if file_ext in ['png', 'jpg', 'jpeg', 'pdf']:
try:
abs_filepath = os.path.abspath(filepath)
expense.receipt_ocr_text = extract_text_from_file(abs_filepath, file_ext)
print(f"OCR extracted {len(expense.receipt_ocr_text)} characters from receipt {filename}")
except Exception as e:
print(f"OCR processing failed for receipt {filename}: {str(e)}")
db.session.commit()
return jsonify({
'success': True,
'expense': expense.to_dict()
})
@bp.route('/<int:expense_id>', methods=['DELETE'])
@login_required
def delete_expense(expense_id):
expense = Expense.query.filter_by(id=expense_id, user_id=current_user.id).first()
if not expense:
return jsonify({'success': False, 'message': 'Expense not found'}), 404
# Delete receipt file
if expense.receipt_path:
# Remove leading slash and 'uploads/' prefix if present
clean_path = expense.receipt_path.replace('/uploads/', '').lstrip('/')
receipt_file = os.path.join(current_app.config['UPLOAD_FOLDER'], clean_path)
if os.path.exists(receipt_file):
os.remove(receipt_file)
db.session.delete(expense)
db.session.commit()
return jsonify({'success': True, 'message': 'Expense deleted'})
@bp.route('/categories', methods=['GET'])
@login_required
def get_categories():
categories = Category.query.filter_by(user_id=current_user.id).order_by(Category.display_order, Category.created_at).all()
# Also return popular tags for quick selection
popular_tags = Tag.query.filter_by(user_id=current_user.id)\
.filter(Tag.use_count > 0)\
.order_by(Tag.use_count.desc())\
.limit(10)\
.all()
return jsonify({
'categories': [cat.to_dict() for cat in categories],
'popular_tags': [tag.to_dict() for tag in popular_tags]
})
@bp.route('/suggest-tags', methods=['POST'])
@login_required
def suggest_tags():
"""
Get tag suggestions for an expense based on description and category
"""
data = request.get_json()
description = data.get('description', '')
category_id = data.get('category_id')
ocr_text = data.get('ocr_text', '')
category_name = None
if category_id:
category = Category.query.filter_by(id=category_id, user_id=current_user.id).first()
if category:
category_name = category.name
# Get suggestions from auto-tagger
suggestions = suggest_tags_for_expense(description, ocr_text, category_name)
# Check which tags already exist for this user
existing_tags = []
if suggestions:
tag_names = [s['name'] for s in suggestions]
existing = Tag.query.filter(
Tag.user_id == current_user.id,
Tag.name.in_(tag_names)
).all()
existing_tags = [tag.to_dict() for tag in existing]
return jsonify({
'success': True,
'suggested_tags': suggestions,
'existing_tags': existing_tags
})
@bp.route('/categories', methods=['POST'])
@login_required
def create_category():
data = request.get_json()
if not data.get('name'):
return jsonify({'success': False, 'message': 'Name is required'}), 400
# Sanitize inputs
name = str(data.get('name')).strip()[:50] # Limit to 50 chars
color = str(data.get('color', '#2b8cee')).strip()[:7] # Hex color format
icon = str(data.get('icon', 'category')).strip()[:50] # Limit to 50 chars, alphanumeric and underscore only
# Validate color format (must be hex)
if not color.startswith('#') or len(color) != 7:
color = '#2b8cee'
# Validate icon (alphanumeric and underscore only for security)
if not all(c.isalnum() or c == '_' for c in icon):
icon = 'category'
# Get max display_order for user's categories
max_order = db.session.query(db.func.max(Category.display_order)).filter_by(user_id=current_user.id).scalar() or 0
category = Category(
name=name,
color=color,
icon=icon,
display_order=max_order + 1,
user_id=current_user.id
)
db.session.add(category)
db.session.commit()
return jsonify({
'success': True,
'category': category.to_dict()
}), 201
@bp.route('/categories/<int:category_id>', methods=['PUT'])
@login_required
def update_category(category_id):
category = Category.query.filter_by(id=category_id, user_id=current_user.id).first()
if not category:
return jsonify({'success': False, 'message': 'Category not found'}), 404
data = request.get_json()
if data.get('name'):
category.name = str(data.get('name')).strip()[:50]
if data.get('color'):
color = str(data.get('color')).strip()[:7]
if color.startswith('#') and len(color) == 7:
category.color = color
if data.get('icon'):
icon = str(data.get('icon')).strip()[:50]
# Validate icon (alphanumeric and underscore only for security)
if all(c.isalnum() or c == '_' for c in icon):
category.icon = icon
if 'display_order' in data:
category.display_order = int(data.get('display_order'))
db.session.commit()
return jsonify({
'success': True,
'category': category.to_dict()
})
@bp.route('/categories/<int:category_id>', methods=['DELETE'])
@login_required
def delete_category(category_id):
category = Category.query.filter_by(id=category_id, user_id=current_user.id).first()
if not category:
return jsonify({'success': False, 'message': 'Category not found'}), 404
data = request.get_json(silent=True) or {}
move_to_category_id = data.get('move_to_category_id')
# Count expenses in this category
expense_count = category.expenses.count()
# If category has expenses and no move_to_category_id specified, return error with count
if expense_count > 0 and not move_to_category_id:
return jsonify({
'success': False,
'message': 'Category has expenses',
'expense_count': expense_count,
'requires_reassignment': True
}), 400
# If move_to_category_id specified, reassign expenses
if expense_count > 0 and move_to_category_id:
move_to_category = Category.query.filter_by(id=move_to_category_id, user_id=current_user.id).first()
if not move_to_category:
return jsonify({'success': False, 'message': 'Target category not found'}), 404
# Reassign all expenses to the new category
for expense in category.expenses:
expense.category_id = move_to_category_id
db.session.delete(category)
db.session.commit()
return jsonify({'success': True, 'message': 'Category deleted', 'expenses_moved': expense_count})
@bp.route('/categories/reorder', methods=['PUT'])
@login_required
def reorder_categories():
"""
Reorder categories for the current user
Expects: { "categories": [{"id": 1, "display_order": 0}, {"id": 2, "display_order": 1}, ...] }
Security: Only updates categories belonging to current_user
"""
data = request.get_json()
if not data or 'categories' not in data:
return jsonify({'success': False, 'message': 'Categories array required'}), 400
try:
for cat_data in data['categories']:
category = Category.query.filter_by(id=cat_data['id'], user_id=current_user.id).first()
if category:
category.display_order = cat_data['display_order']
db.session.commit()
return jsonify({'success': True, 'message': 'Categories reordered'})
except Exception as e:
db.session.rollback()
return jsonify({'success': False, 'message': str(e)}), 500
@bp.route('/export/csv', methods=['GET'])
@login_required
def export_csv():
expenses = Expense.query.filter_by(user_id=current_user.id).order_by(Expense.date.desc()).all()
output = io.StringIO()
writer = csv.writer(output)
# Write header
writer.writerow(['Date', 'Description', 'Amount', 'Currency', 'Category', 'Tags'])
# Write data
for expense in expenses:
writer.writerow([
expense.date.strftime('%Y-%m-%d %H:%M:%S'),
expense.description,
expense.amount,
expense.currency,
expense.category.name,
', '.join(expense.get_tags())
])
output.seek(0)
return send_file(
io.BytesIO(output.getvalue().encode('utf-8')),
mimetype='text/csv',
as_attachment=True,
download_name=f'fina_expenses_{datetime.utcnow().strftime("%Y%m%d")}.csv'
)
@bp.route('/import/csv', methods=['POST'])
@login_required
def import_csv():
if 'file' not in request.files:
return jsonify({'success': False, 'message': 'No file provided'}), 400
file = request.files['file']
if file.filename == '':
return jsonify({'success': False, 'message': 'No file selected'}), 400
if not file.filename.endswith('.csv'):
return jsonify({'success': False, 'message': 'File must be CSV'}), 400
try:
stream = io.StringIO(file.stream.read().decode('utf-8'))
reader = csv.DictReader(stream)
imported_count = 0
errors = []
for row in reader:
try:
# Find or create category
category_name = row.get('Category', 'Uncategorized')
category = Category.query.filter_by(user_id=current_user.id, name=category_name).first()
if not category:
category = Category(name=category_name, user_id=current_user.id)
db.session.add(category)
db.session.flush()
# Parse date
date_str = row.get('Date', datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S'))
expense_date = datetime.strptime(date_str, '%Y-%m-%d %H:%M:%S')
# Create expense
expense = Expense(
amount=float(row['Amount']),
currency=row.get('Currency', current_user.currency),
description=row['Description'],
category_id=category.id,
user_id=current_user.id,
date=expense_date
)
# Handle tags
if row.get('Tags'):
tags = [tag.strip() for tag in row['Tags'].split(',')]
expense.set_tags(tags)
db.session.add(expense)
imported_count += 1
except Exception as e:
errors.append(f"Row error: {str(e)}")
db.session.commit()
return jsonify({
'success': True,
'imported': imported_count,
'errors': errors
})
except Exception as e:
db.session.rollback()
return jsonify({'success': False, 'message': f'Import failed: {str(e)}'}), 500
Reference in a new issue View git blame Copy permalink