Made some small adjustments to e7da8c9443

- Roles are not hardcoded anymore (closes #4)

.gitignore

@@ -2,3 +2,4 @@ appdata
 .idea
 *.exe
 *.cmd
+.run

Dockerfile

@@ -1,24 +1,19 @@
-# Wir sagen Docker: Der Builder soll IMMER auf der Architektur deines PCs laufen (schnell!)
 FROM --platform=$BUILDPLATFORM golang:1.26-alpine AS builder
 
 RUN apk add --no-cache git
 WORKDIR /app
 
-# Cache für Module nutzen
 COPY go.mod go.sum ./
 RUN go mod download
 
 COPY . .
 
-# buildx übergibt diese Variablen automatisch
 ARG TARGETOS
 ARG TARGETARCH
 
-# Hier passiert die Magie: Go kompiliert NATIV für das Ziel (Cross-Compilation)
 RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH \
     go build -ldflags "-s -w" -o shap-planner-backend .
 
-# Final Stage (bleibt gleich klein)
 FROM scratch
 COPY --from=builder /app/shap-planner-backend /shap-planner-backend
 ENTRYPOINT ["/shap-planner-backend"]

README.md

@@ -62,8 +62,8 @@ go run main.go
 ### Environment Variables
 
 | Variable          | Description                                           | Example          |
-|----------------|-------------------------------------------------------|----------------|
+|-------------------|-------------------------------------------------------|----------------|
-| `SHAP-JWT_SECRET`   | Secret used to sign JWT tokens                        | `superrandomsecret123` |
+| `SHAP_JWT_SECRET` | Secret used to sign JWT tokens                        | `superrandomsecret123` |
 
 ---
 

config/config.go

@@ -12,6 +12,8 @@ type Config struct {
 	HouseholdName   string `yaml:"household_name"`
 	Port            string `yaml:"port"`
 	DatabasePath    string `yaml:"database_path"`
+	CertificatePath string `yaml:"certificate_path"`
+	PrivateKeyPath  string `yaml:"private_key_path"`
 }
 
 const configPath = "./appdata/config.yaml"
@@ -36,6 +38,8 @@ func CheckIfExists() error {
 		Port:            "8080",
 		DatabasePath:    "./appdata/database.db",
 		HouseholdName:   "Example-Household",
+		CertificatePath: "./appdata/cert.pem",
+		PrivateKeyPath:  "./appdata/key.pem",
 	}
 
 	data, err := yaml.Marshal(defaultConfig)

handlers/account.go

@@ -18,30 +18,35 @@ var cfg, _ = config.LoadConfig()
 func Register(w http.ResponseWriter, r *http.Request) {
 	var user models.User
 	if err := json.NewDecoder(r.Body).Decode(&user); err != nil {
+		log.Println("POST [api/register] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "Invalid request body", http.StatusBadRequest)
 		return
 	}
 
 	if user.Username == "" || user.Password == "" {
+		log.Println("POST [api/register] " + r.RemoteAddr + ": Username or Password is empty")
 		http.Error(w, "username and password required", http.StatusBadRequest)
 		return
 	}
 
 	hashed, err := auth.HashPassword(user.Password)
 	if err != nil {
+		log.Println("POST [api/register] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "internal error", http.StatusInternalServerError)
 		return
 	}
 	user.Password = hashed
 	user.ID = utils.GenerateUUID()
-	user.Role = "user"
+	user.Role = models.RoleUser
 
-	if err := storage.AddUser(user); err != nil {
+	if err := storage.AddUser(&user); err != nil {
+		log.Println("POST [api/register] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "user already exists", http.StatusBadRequest)
 		return
 	}
 
 	w.WriteHeader(http.StatusCreated)
+	log.Println("POST [api/register] " + r.RemoteAddr + ": Successfully created user")
 }
 func Login(w http.ResponseWriter, r *http.Request) {
 	var creds struct {
@@ -49,36 +54,41 @@ func Login(w http.ResponseWriter, r *http.Request) {
 		Password string `json:"password"`
 	}
 	if err := json.NewDecoder(r.Body).Decode(&creds); err != nil {
+		log.Println("POST [api/login] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "Invalid request", http.StatusBadRequest)
 		return
 	}
 
 	user, err := storage.GetUserByUsername(creds.Username)
 	if err != nil {
+		log.Println("POST [api/login] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "Invalid credentials", http.StatusUnauthorized)
 		return
 	}
 
 	if !auth.CheckPasswordHash(creds.Password, user.Password) {
-		println("invalid password")
+		log.Println("POST [api/login] " + r.RemoteAddr + ": Invalid credentials")
 		http.Error(w, "Invalid credentials", http.StatusUnauthorized)
 		return
 	}
 
 	secret := []byte(os.Getenv("SHAP_JWT_SECRET"))
 	if len(secret) == 0 {
+		log.Println("POST [api/login] " + r.RemoteAddr + ": Server misconfiguration")
 		http.Error(w, "Server misconfiguration", http.StatusInternalServerError)
 		return
 	}
 
 	accessToken, err := auth.GenerateJWT(user.ID, user.Role, secret)
 	if err != nil {
+		log.Println("POST [api/login] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "Could not generate token", http.StatusInternalServerError)
 		return
 	}
 
 	refreshTokenPlain, err := utils.GenerateRefreshToken()
 	if err != nil {
+		log.Println("POST [api/login] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "could not generate refresh token", http.StatusInternalServerError)
 		return
 	}
@@ -88,7 +98,7 @@ func Login(w http.ResponseWriter, r *http.Request) {
 
 	deviceInfo := r.Header.Get("User-Agent")
 
-	if err := storage.AddRefreshToken(models.RefreshToken{
+	if err := storage.AddRefreshToken(&models.RefreshToken{
 		ID:         refreshID,
 		UserID:     user.ID,
 		Token:      refreshHash,
@@ -97,6 +107,7 @@ func Login(w http.ResponseWriter, r *http.Request) {
 		CreatedAt:  time.Now().Unix(),
 		Revoked:    false,
 	}); err != nil {
+		log.Println("POST [api/login] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "could not save refresh token", http.StatusInternalServerError)
 		return
 	}
@@ -114,38 +125,45 @@ func Login(w http.ResponseWriter, r *http.Request) {
 	}
 
 	w.Header().Set("Content-Type", "application/json")
-	json.NewEncoder(w).Encode(resp)
+	err = json.NewEncoder(w).Encode(resp)
+	if err != nil {
+		log.Println("POST [api/login] " + r.RemoteAddr + ": " + err.Error())
+		http.Error(w, "Something went wrong", http.StatusInternalServerError)
+		return
+	}
+	log.Println("POST [api/login] " + r.RemoteAddr + ": Successfully logged in")
 }
 func Logout(w http.ResponseWriter, r *http.Request) {
 	claims := r.Context().Value(auth.UserContextKey).(*auth.Claims)
-	storage.RevokeAllRefreshTokensForUser(claims.UserID)
+	err := storage.RevokeAllRefreshTokensForUser(claims.UserID)
+	if err != nil {
+		log.Println("GET [api/logout] " + r.RemoteAddr + ": " + err.Error())
+		http.Error(w, "Internal server error", http.StatusInternalServerError)
+		return
+	}
 	w.WriteHeader(204)
 }
 func TestHandler(w http.ResponseWriter, r *http.Request) {
-	claimsRaw := r.Context().Value(auth.UserContextKey)
+	claims, _ := utils.IsLoggedIn(w, r)
-	if claimsRaw == nil {
-		http.Error(w, "No claims in context", http.StatusUnauthorized)
-		return
-	}
-
-	claims, ok := claimsRaw.(*auth.Claims)
-	if !ok {
-		http.Error(w, "Invalid claims", http.StatusUnauthorized)
-		return
-	}
 
 	w.Header().Set("Content-Type", "application/json")
-	json.NewEncoder(w).Encode(map[string]interface{}{
+	err := json.NewEncoder(w).Encode(map[string]interface{}{
 		"user_id": claims.UserID,
 		"role":    claims.Role,
-		"msg":     "access granted to protected endpoint",
+		"msg":     "Authentication successful",
 	})
+	if err != nil {
+		log.Println("GET [api/ping] " + r.RemoteAddr + ": " + err.Error())
+		return
+	}
+	log.Println("GET [api/login] " + r.RemoteAddr + ": Successfully tested connection")
 }
 func RefreshToken(w http.ResponseWriter, r *http.Request) {
 	var req struct {
 		RefreshToken string `json:"refresh_token"`
 	}
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		log.Println("POST [api/refresh] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "Invalid request", http.StatusBadRequest)
 		return
 	}
@@ -154,6 +172,7 @@ func RefreshToken(w http.ResponseWriter, r *http.Request) {
 
 	tokenRow, err := storage.GetRefreshToken(hashed)
 	if err != nil || tokenRow.Revoked || tokenRow.ExpiresAt < time.Now().Unix() {
+		log.Println("POST [api/refresh] " + r.RemoteAddr + ": Invalid refresh token")
 		http.Error(w, "Invalid refresh token", http.StatusUnauthorized)
 		return
 	}
@@ -167,7 +186,7 @@ func RefreshToken(w http.ResponseWriter, r *http.Request) {
 	newExpires := time.Now().Add(7 * 24 * time.Hour).Unix() //7 days
 	newID := utils.GenerateUUID()
 	deviceInfo := r.Header.Get("User-Agent")
-	if err = storage.AddRefreshToken(models.RefreshToken{
+	if err = storage.AddRefreshToken(&models.RefreshToken{
 		ID:         newID,
 		UserID:     tokenRow.UserID,
 		Token:      newHash,
@@ -176,15 +195,52 @@ func RefreshToken(w http.ResponseWriter, r *http.Request) {
 		Revoked:    false,
 		DeviceInfo: deviceInfo,
 	}); err != nil {
+		log.Println("POST [api/refresh] " + r.RemoteAddr + ": " + err.Error())
+		http.Error(w, "Could not generate new refresh token", http.StatusInternalServerError)
 		return
 	}
 
-	accessToken, _ := auth.GenerateJWT(tokenRow.UserID, "", []byte(os.Getenv("SHAP_JWT_SECRET")))
+	user, err := storage.GetUserById(tokenRow.UserID)
+	if err != nil {
+		log.Println("POST [api/refresh] " + r.RemoteAddr + ": " + err.Error())
+		http.Error(w, "Internal server error", http.StatusInternalServerError)
+		return
+	}
+	accessToken, _ := auth.GenerateJWT(tokenRow.UserID, user.Role, []byte(os.Getenv("SHAP_JWT_SECRET")))
 
 	if err = json.NewEncoder(w).Encode(map[string]string{
 		"access_token":  accessToken,
 		"refresh_token": newToken,
 	}); err != nil {
+		log.Println("POST [api/refresh] " + r.RemoteAddr + ": " + err.Error())
+		http.Error(w, "Internal server error", http.StatusInternalServerError)
 		return
 	}
+	log.Println("POST [api/refresh] " + r.RemoteAddr + ": Successfully refreshed token")
+}
+func UserInfo(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodGet {
+		log.Println("GET [api/userinfo] " + r.RemoteAddr + ": Method " + r.Method + " not allowed")
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+	query := r.URL.Query()
+	idParam := query.Get("id")
+	user, err := storage.GetUserById(idParam)
+	if err != nil {
+		log.Println("GET [api/userinfo] " + r.RemoteAddr + ": User " + idParam + " not found")
+		http.Error(w, "User not found", http.StatusNotFound)
+		return
+	}
+	w.Header().Set("Content-Type", "application/json")
+	err = json.NewEncoder(w).Encode(map[string]interface{}{
+		"id":         user.ID,
+		"name":       user.Username,
+		"avatar_url": nil,
+	})
+	if err != nil {
+		log.Println("GET [api/userinfo] " + r.RemoteAddr + ": " + err.Error())
+		return
+	}
+	log.Println("GET [api/userinfo] " + r.RemoteAddr + ": Successfully retrieved user info")
 }

handlers/balance.go

@@ -0,0 +1,32 @@
+package handlers
+
+import (
+	"encoding/json"
+	"log"
+	"net/http"
+	"shap-planner-backend/storage"
+)
+
+func GetBalance(w http.ResponseWriter, r *http.Request) {
+	query := r.URL.Query()
+	userParam := query.Get("user")
+
+	if userParam == "all" {
+		// TODO: add later
+	} else {
+		balance, err := storage.ComputeBalance(userParam)
+		if err != nil {
+			log.Println("GET [api/balance] " + r.RemoteAddr + ": " + err.Error())
+			http.Error(w, "Invalid request query", http.StatusBadRequest)
+			return
+		}
+		err = json.NewEncoder(w).Encode(map[string]interface{}{
+			"balance": balance,
+		})
+		if err != nil {
+			log.Println("GET [api/balance] " + r.RemoteAddr + ": " + err.Error())
+			return
+		}
+		log.Println("GET [api/balance] " + r.RemoteAddr + ": Successfully retrieved balance")
+	}
+}

handlers/expenses.go

@@ -1,7 +1,105 @@
 package handlers
 
-import "net/http"
+import (
+	"encoding/json"
+	"log"
+	"net/http"
+	"shap-planner-backend/models"
+	"shap-planner-backend/storage"
+	"shap-planner-backend/utils"
+	"time"
+)
 
-func GetExpenses(w http.ResponseWriter, r *http.Request) {}
+func Expenses(w http.ResponseWriter, r *http.Request) {
+	claims, _ := utils.IsLoggedIn(w, r)
 
+	switch r.Method {
+	case http.MethodGet: // -> Get Expenses
+		expenses, err := storage.GetAllExpenses()
+		if err != nil {
+			log.Println("GET [api/expense] " + r.RemoteAddr + ": " + err.Error())
+			http.Error(w, "Something went wrong", http.StatusInternalServerError)
+			return
+		}
+		err = json.NewEncoder(w).Encode(expenses)
+		if err != nil {
+			log.Println("GET [api/expense] " + r.RemoteAddr + ": " + err.Error())
+			return
+		}
+		log.Println("GET [api/expense] " + r.RemoteAddr + ": Successfully retrieved expenses")
+		break
+	case http.MethodPost: // -> Create Expense
+		var body struct {
+			Expense models.Expense        `json:"expense"`
+			Shares  []models.ExpenseShare `json:"shares"`
+		}
+		if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
+			log.Println("POST [api/expense] " + r.RemoteAddr + ": " + err.Error())
+			http.Error(w, "Invalid request body", http.StatusBadRequest)
+			return
+		}
+		if claims.UserID != body.Expense.PayerID { // You cannot create an expense in the name of another user
+			log.Println("POST [api/expense] " + r.RemoteAddr + ": claims.UserID and expense.PayerID does not match")
+			http.Error(w, "Invalid request", http.StatusBadRequest)
+			return
+		}
+		// Set ExpenseID
+		if body.Expense.ID != "" {
+			log.Println("POST [api/expense] " + r.RemoteAddr + ": Expense ID must be empty")
+			http.Error(w, "Invalid request", http.StatusBadRequest)
+			return
+		}
+		body.Expense.ID = utils.GenerateUUID()
+		if body.Expense.CreatedAt == 0 {
+			body.Expense.CreatedAt = time.Now().Unix()
+		}
+		if body.Expense.Amount <= 0 {
+			log.Println("POST [api/expense] " + r.RemoteAddr + ": Amount must be greater than zero")
+			http.Error(w, "Invalid request", http.StatusBadRequest)
+			return
+		}
+		// Set ShareIDs and save them
+		for _, share := range body.Shares {
+			if share.ID != "" {
+				log.Println("POST [api/expense] " + r.RemoteAddr + ": Share ID must be empty")
+				http.Error(w, "Invalid request", http.StatusBadRequest)
+				return
+			}
+			if share.ExpenseID != "" {
+				log.Println("POST [api/expense] " + r.RemoteAddr + ": Expense ID of Share must be empty")
+				http.Error(w, "Invalid request", http.StatusBadRequest)
+				return
+			}
+			share.ExpenseID = body.Expense.ID
+			share.ID = utils.GenerateUUID()
+			err := storage.AddShare(&share)
+			if err != nil {
+				log.Println("POST [api/expense] " + r.RemoteAddr + ": " + err.Error())
+				http.Error(w, "Error adding expense", http.StatusBadRequest) // Should never happen
+				return
+			}
+		}
+		err := storage.AddExpense(&body.Expense)
+		if err != nil {
+			log.Println("POST [api/expense] " + r.RemoteAddr + ": " + err.Error())
+			http.Error(w, "Error adding expense", http.StatusBadRequest)
+			return
+		}
+		err = json.NewEncoder(w).Encode(map[string]interface{}{
+			"expense": body.Expense,
+			"shares":  body.Shares,
+		})
+		if err != nil {
+			log.Println("POST [api/expense] " + r.RemoteAddr + ": " + err.Error())
+			return
+		}
+		log.Println("POST [api/expense] " + r.RemoteAddr + ": Successfully added expense and its shares")
+		break
+	case http.MethodPut: // -> Update Expense
+		break
+	case http.MethodDelete: // -> Delete Expense
+	default:
+		http.Error(w, "Invalid request method", http.StatusMethodNotAllowed)
+	}
+}
 func AdminPanel(w http.ResponseWriter, r *http.Request) {}

main.go

@@ -7,16 +7,13 @@ import (
 )
 
 func main() {
-	var SERVER = server.InitServer()
+	var _server = server.InitServer()
 
-	err := storage.InitDB(SERVER.DatabasePath)
+	err := storage.InitDB(_server.DatabasePath)
 	if err != nil {
 		log.Fatal(err)
+		return
 	}
 
-	SERVER.Run()
+	_server.Run()
-}
-
-func Setup() {
-	//TODO: first configuration
 }

models/dbmodels.go

@@ -9,9 +9,23 @@ type User struct {
 
 type Expense struct {
 	ID            string   `json:"id"`
-	Amount      int    `json:"amt"`
+	PayerID       string   `json:"payer_id"`
-	Description string `json:"desc"`
+	Amount        int64    `json:"amount"`
-
+	Title         string   `json:"title"`
-	Payer   User   `json:"payer"`
+	Description   string   `json:"description"`
-	Debtors []User `json:"debtors"`
+	Attachments   []string `json:"attachments"`
+	CreatedAt     int64    `json:"created_at"`
+	LastUpdatedAt int64    `json:"last_updated_at"`
 }
+
+type ExpenseShare struct {
+	ID         string `json:"id"`
+	ExpenseID  string `json:"expense_id"`
+	UserID     string `json:"user_id"`
+	ShareCents int64  `json:"share_cents"`
+}
+
+const (
+	RoleUser  = "user"
+	RoleAdmin = "admin"
+)

server/server.go

@@ -13,38 +13,45 @@ type Server struct {
 	Port            string
 	JWTSecret       []byte
 	DatabasePath    string
+	CertificatePath string
+	PrivateKeyPath  string
 }
 
-var cfg, _ = config.LoadConfig()
-
 func InitServer() *Server {
 
 	err := config.CheckIfExists()
 	if err != nil {
 		log.Fatal(err)
+		return nil
 	}
 
 	cfg, err := config.LoadConfig()
 	if err != nil {
 		log.Fatal(err)
+		return nil
 	}
 
 	jwtSecret := os.Getenv("SHAP_JWT_SECRET")
 	if jwtSecret == "" {
 		log.Fatal("SHAP_JWT_SECRET environment variable not set.")
+		return nil
 	}
 	if len(jwtSecret) < 32 {
 		log.Fatal("SHAP_JWT_SECRET must be at least 32 characters long.")
+		return nil
 	}
 
 	return &Server{
 		Port:            cfg.Port,
 		JWTSecret:       []byte(jwtSecret),
 		DatabasePath:    cfg.DatabasePath,
+		CertificatePath: cfg.CertificatePath,
+		PrivateKeyPath:  cfg.PrivateKeyPath,
 	}
 }
 
 func (server *Server) Run() {
+	log.Println("Starting server...")
 	mux := http.NewServeMux()
 
 	// Public
@@ -54,12 +61,14 @@ func (server *Server) Run() {
 	mux.HandleFunc("/api/logout", handlers.Logout)
 
 	// Login required
-	mux.Handle("/api/expenses", auth.AuthMiddleware(server.JWTSecret)(http.HandlerFunc(handlers.GetExpenses)))
+	mux.Handle("/api/expenses", auth.AuthMiddleware(server.JWTSecret)(http.HandlerFunc(handlers.Expenses)))
+	mux.Handle("/api/balance", auth.AuthMiddleware(server.JWTSecret)(http.HandlerFunc(handlers.GetBalance)))
 	mux.Handle("/api/ping", auth.AuthMiddleware(server.JWTSecret)(http.HandlerFunc(handlers.TestHandler)))
+	mux.Handle("/api/userinfo", auth.AuthMiddleware(server.JWTSecret)(http.HandlerFunc(handlers.UserInfo)))
 
 	// Admin-only
 	mux.Handle("/api/admin", auth.AuthMiddleware(server.JWTSecret)(auth.RequireRole("admin")(http.HandlerFunc(handlers.AdminPanel))))
 
 	log.Printf("Listening on port %s", server.Port)
-	log.Fatal(http.ListenAndServe(":"+server.Port, mux))
+	log.Fatal(http.ListenAndServeTLS(":"+server.Port, server.CertificatePath, server.PrivateKeyPath, mux))
 }

storage/storage.go

@@ -2,6 +2,7 @@ package storage
 
 import (
 	"database/sql"
+	"encoding/json"
 	"errors"
 	"shap-planner-backend/models"
 	"strings"
@@ -51,14 +52,165 @@ func InitDB(filepath string) error {
 
 	//Create Expenses-Table
 	_, err = DB.Exec(`CREATE TABLE IF NOT EXISTS expenses(
-    	id TEXT PRIMARY KEY
+    	id TEXT PRIMARY KEY,
-        
+        payer_id TEXT NOT NULL,
+        amount_cents INTEGER NOT NULL,
+        title TEXT NOT NULL,
+        description TEXT,
+        attachments TEXT,
+        created_at INTEGER NOT NULL,
+        last_updated_at INTEGER NOT NULL,
+        FOREIGN KEY(payer_id) REFERENCES users(id)
 	)`)
+	if err != nil {
+		return err
+	}
+	_, err = DB.Exec(`CREATE TABLE IF NOT EXISTS expense_shares(
+    	id TEXT PRIMARY KEY,
+		expense_id TEXT NOT NULL,
+		user_id TEXT NOT NULL,
+		share_cents INTEGER NOT NULL,
+		FOREIGN KEY(user_id) REFERENCES users(id)
+	)`)
+	if err != nil {
+		return err
+	}
+	_, err = DB.Exec(`CREATE INDEX IF NOT EXISTS idx_shares_expense ON expense_shares(expense_id)`)
+	if err != nil {
+		return err
+	}
+	_, err = DB.Exec(`CREATE INDEX IF NOT EXISTS idx_shares_user ON expense_shares(user_id)`)
 	return err
 }
 
+// Expenses
+func AddExpense(expense *models.Expense) error {
+	var attachmentsData interface{}
+	if len(expense.Attachments) > 0 {
+		jsonBytes, err := json.Marshal(expense.Attachments)
+		if err != nil {
+			return err
+		}
+		attachmentsData = string(jsonBytes)
+	} else {
+		attachmentsData = nil
+	}
+	_, err := DB.Exec(`INSERT INTO expenses(id, payer_id, amount_cents, title, description, attachments, created_at, last_updated_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
+		expense.ID,
+		expense.PayerID,
+		expense.Amount,
+		expense.Title,
+		expense.Description,
+		attachmentsData,
+		expense.CreatedAt,
+		expense.LastUpdatedAt)
+	return err
+}
+func UpdateExpense(expense *models.Expense) error {
+	return nil
+}
+func DeleteExpense(expense *models.Expense) error {
+	return nil
+}
+
+//	func GetExpenseById(id string) (models.Expense, error) {
+//		return nil, nil
+//	}
+func GetExpensesByUserId(userId string) ([]models.Expense, error) {
+	return nil, nil
+}
+func GetAllExpenses() ([]models.Expense, error) {
+	query := "SELECT * FROM expenses"
+	rows, err := DB.Query(query)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var expenses []models.Expense
+
+	for rows.Next() {
+		var expense models.Expense
+		var attachmentsJSON []byte
+
+		err := rows.Scan(&expense.ID, &expense.PayerID, &expense.Amount, &expense.Title, &expense.Description, &attachmentsJSON, &expense.CreatedAt, &expense.LastUpdatedAt)
+		if err != nil {
+			return nil, err
+		}
+		if len(attachmentsJSON) > 0 {
+			err := json.Unmarshal(attachmentsJSON, &expense.Attachments)
+			if err != nil {
+				return nil, err
+			}
+		}
+		expenses = append(expenses, expense)
+	}
+	if err = rows.Err(); err != nil {
+		return nil, err
+	}
+	return expenses, nil
+}
+
+// Expense Shares
+func AddShare(share *models.ExpenseShare) error {
+	_, err := DB.Exec("INSERT INTO expense_shares(id, expense_id, user_id, share_cents) VALUES (?, ?, ?, ?)",
+		share.ID,
+		share.ExpenseID,
+		share.UserID,
+		share.ShareCents)
+	return err
+}
+
+// Balances
+func ComputeBalance(userId string) (float64, error) {
+	var balance float64
+	query := `
+		SELECT 
+			COALESCE(p.paid, 0) - COALESCE(s.shared, 0) AS balance
+		FROM (SELECT ? AS id) u
+		LEFT JOIN (
+			SELECT payer_id, SUM(amount_cents) AS paid 
+			FROM expenses 
+			WHERE payer_id = ?
+			GROUP BY payer_id
+		) p ON u.id = p.payer_id
+		LEFT JOIN (
+			SELECT user_id, SUM(share_cents) AS shared 
+			FROM expense_shares 
+			WHERE user_id = ?
+			GROUP BY user_id
+		) s ON u.id = s.user_id`
+	err := DB.QueryRow(query, userId, userId, userId).Scan(&balance)
+	if err != nil {
+		return 0, err
+	}
+	return balance, nil
+}
+func ComputeWGBalance() (float64, error) {
+	var balance float64
+	query := `SELECT u.id AS user_id,
+       COALESCE(p.paid_cents,0) - COALESCE(s.share_cents,0) AS balance_cents
+FROM users u
+LEFT JOIN (
+    SELECT payer_id, SUM(amount_cents) AS paid_cents
+    FROM expenses
+    GROUP BY payer_id
+) p ON u.id = p.payer_id
+LEFT JOIN (
+    SELECT es.user_id, SUM(es.share_cents) AS share_cents
+    FROM expense_shares es
+    JOIN expenses e ON es.expense_id = e.id
+    GROUP BY es.user_id
+) s ON u.id = s.user_id)`
+	err := DB.QueryRow(query).Scan(&balance)
+	if err != nil {
+		return 0, err
+	}
+	return balance, nil
+}
+
 // Users
-func AddUser(user models.User) error {
+func AddUser(user *models.User) error {
 	_, err := DB.Exec("INSERT INTO users(id, username, password, role) VALUES (?, ?, ?, ?)", user.ID, strings.ToLower(user.Username), user.Password, user.Role)
 	return err
 }
@@ -76,7 +228,7 @@ func GetUserById(id string) (models.User, error) {
 }
 
 // Refresh Tokens
-func AddRefreshToken(token models.RefreshToken) error {
+func AddRefreshToken(token *models.RefreshToken) error {
 	_, err := DB.Exec("INSERT INTO refresh_tokens(id, user_id, token_hash, expires_at, created_at, revoked, device_info) VALUES (?, ?, ?, ?, ?, ?, ?)",
 		token.ID, token.UserID, token.Token, token.ExpiresAt, token.CreatedAt, token.Revoked, token.DeviceInfo)
 	return err

utils/util.go

@@ -5,6 +5,8 @@ import (
 	"crypto/sha256"
 	"encoding/base64"
 	"encoding/hex"
+	"net/http"
+	"shap-planner-backend/auth"
 
 	"github.com/google/uuid"
 )
@@ -31,3 +33,17 @@ func HashToken(token string) string {
 	hash := sha256.Sum256([]byte(token))
 	return hex.EncodeToString(hash[:])
 }
+func IsLoggedIn(w http.ResponseWriter, r *http.Request) (*auth.Claims, bool) {
+	claimsRaw := r.Context().Value(auth.UserContextKey)
+	if claimsRaw == nil {
+		http.Error(w, "No claims in context", http.StatusUnauthorized)
+		return nil, false
+	}
+
+	claims, ok := claimsRaw.(*auth.Claims)
+	if !ok {
+		http.Error(w, "Invalid claims", http.StatusUnauthorized)
+		return nil, false
+	}
+	return claims, true
+}