Removed comments from Dockerfile

Dockerfile

@@ -1,24 +1,19 @@
-# Wir sagen Docker: Der Builder soll IMMER auf der Architektur deines PCs laufen (schnell!)
 FROM --platform=$BUILDPLATFORM golang:1.26-alpine AS builder
 
 RUN apk add --no-cache git
 WORKDIR /app
 
-# Cache für Module nutzen
 COPY go.mod go.sum ./
 RUN go mod download
 
 COPY . .
 
-# buildx übergibt diese Variablen automatisch
 ARG TARGETOS
 ARG TARGETARCH
 
-# Hier passiert die Magie: Go kompiliert NATIV für das Ziel (Cross-Compilation)
 RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH \
     go build -ldflags "-s -w" -o shap-planner-backend .
 
-# Final Stage (bleibt gleich klein)
 FROM scratch
 COPY --from=builder /app/shap-planner-backend /shap-planner-backend
 ENTRYPOINT ["/shap-planner-backend"]

handlers/account.go

@@ -18,20 +18,20 @@ var cfg, _ = config.LoadConfig()
 func Register(w http.ResponseWriter, r *http.Request) {
 	var user models.User
 	if err := json.NewDecoder(r.Body).Decode(&user); err != nil {
-		log.Println("[api/register] " + r.RemoteAddr + ": " + err.Error())
+		log.Println("POST [api/register] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "Invalid request body", http.StatusBadRequest)
 		return
 	}
 
 	if user.Username == "" || user.Password == "" {
-		log.Println("[api/register] " + r.RemoteAddr + ": Username or Password is empty")
+		log.Println("POST [api/register] " + r.RemoteAddr + ": Username or Password is empty")
 		http.Error(w, "username and password required", http.StatusBadRequest)
 		return
 	}
 
 	hashed, err := auth.HashPassword(user.Password)
 	if err != nil {
-		log.Println("[api/register] " + r.RemoteAddr + ": " + err.Error())
+		log.Println("POST [api/register] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "internal error", http.StatusInternalServerError)
 		return
 	}
@@ -40,13 +40,13 @@ func Register(w http.ResponseWriter, r *http.Request) {
 	user.Role = "user"
 
 	if err := storage.AddUser(&user); err != nil {
-		log.Println("[api/register] " + r.RemoteAddr + ": " + err.Error())
+		log.Println("POST [api/register] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "user already exists", http.StatusBadRequest)
 		return
 	}
 
 	w.WriteHeader(http.StatusCreated)
-	log.Println("[api/register] " + r.RemoteAddr + ": Successfully created user")
+	log.Println("POST [api/register] " + r.RemoteAddr + ": Successfully created user")
 }
 func Login(w http.ResponseWriter, r *http.Request) {
 	var creds struct {
@@ -54,41 +54,41 @@ func Login(w http.ResponseWriter, r *http.Request) {
 		Password string `json:"password"`
 	}
 	if err := json.NewDecoder(r.Body).Decode(&creds); err != nil {
-		log.Println("[api/login] " + r.RemoteAddr + ": " + err.Error())
+		log.Println("POST [api/login] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "Invalid request", http.StatusBadRequest)
 		return
 	}
 
 	user, err := storage.GetUserByUsername(creds.Username)
 	if err != nil {
-		log.Println("[api/login] " + r.RemoteAddr + ": " + err.Error())
+		log.Println("POST [api/login] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "Invalid credentials", http.StatusUnauthorized)
 		return
 	}
 
 	if !auth.CheckPasswordHash(creds.Password, user.Password) {
-		log.Println("[api/login] " + r.RemoteAddr + ": Invalid credentials")
+		log.Println("POST [api/login] " + r.RemoteAddr + ": Invalid credentials")
 		http.Error(w, "Invalid credentials", http.StatusUnauthorized)
 		return
 	}
 
 	secret := []byte(os.Getenv("SHAP_JWT_SECRET"))
 	if len(secret) == 0 {
-		log.Println("[api/login] " + r.RemoteAddr + ": Server misconfiguration")
+		log.Println("POST [api/login] " + r.RemoteAddr + ": Server misconfiguration")
 		http.Error(w, "Server misconfiguration", http.StatusInternalServerError)
 		return
 	}
 
 	accessToken, err := auth.GenerateJWT(user.ID, user.Role, secret)
 	if err != nil {
-		log.Println("[api/login] " + r.RemoteAddr + ": " + err.Error())
+		log.Println("POST [api/login] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "Could not generate token", http.StatusInternalServerError)
 		return
 	}
 
 	refreshTokenPlain, err := utils.GenerateRefreshToken()
 	if err != nil {
-		log.Println("[api/login] " + r.RemoteAddr + ": " + err.Error())
+		log.Println("POST [api/login] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "could not generate refresh token", http.StatusInternalServerError)
 		return
 	}
@@ -107,7 +107,7 @@ func Login(w http.ResponseWriter, r *http.Request) {
 		CreatedAt:  time.Now().Unix(),
 		Revoked:    false,
 	}); err != nil {
-		log.Println("[api/login] " + r.RemoteAddr + ": " + err.Error())
+		log.Println("POST [api/login] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "could not save refresh token", http.StatusInternalServerError)
 		return
 	}
@@ -127,17 +127,17 @@ func Login(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	err = json.NewEncoder(w).Encode(resp)
 	if err != nil {
-		log.Println("[api/login] " + r.RemoteAddr + ": " + err.Error())
+		log.Println("POST [api/login] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "Something went wrong", http.StatusInternalServerError)
 		return
 	}
-	log.Println("[api/login] " + r.RemoteAddr + ": Successfully logged in")
+	log.Println("POST [api/login] " + r.RemoteAddr + ": Successfully logged in")
 }
 func Logout(w http.ResponseWriter, r *http.Request) {
 	claims := r.Context().Value(auth.UserContextKey).(*auth.Claims)
 	err := storage.RevokeAllRefreshTokensForUser(claims.UserID)
 	if err != nil {
-		log.Println("[api/logout] " + r.RemoteAddr + ": " + err.Error())
+		log.Println("GET [api/logout] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "Internal server error", http.StatusInternalServerError)
 		return
 	}
@@ -150,20 +150,20 @@ func TestHandler(w http.ResponseWriter, r *http.Request) {
 	err := json.NewEncoder(w).Encode(map[string]interface{}{
 		"user_id": claims.UserID,
 		"role":    claims.Role,
-		"msg":     "access granted to protected endpoint",
+		"msg":     "Authentication successful",
 	})
 	if err != nil {
-		log.Println("[api/ping] " + r.RemoteAddr + ": " + err.Error())
+		log.Println("GET [api/ping] " + r.RemoteAddr + ": " + err.Error())
 		return
 	}
-	log.Println("[api/login] " + r.RemoteAddr + ": Successfully tested connection")
+	log.Println("GET [api/login] " + r.RemoteAddr + ": Successfully tested connection")
 }
 func RefreshToken(w http.ResponseWriter, r *http.Request) {
 	var req struct {
 		RefreshToken string `json:"refresh_token"`
 	}
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
-		log.Println("[api/refresh] " + r.RemoteAddr + ": " + err.Error())
+		log.Println("POST [api/refresh] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "Invalid request", http.StatusBadRequest)
 		return
 	}
@@ -172,7 +172,7 @@ func RefreshToken(w http.ResponseWriter, r *http.Request) {
 
 	tokenRow, err := storage.GetRefreshToken(hashed)
 	if err != nil || tokenRow.Revoked || tokenRow.ExpiresAt < time.Now().Unix() {
-		log.Println("[api/refresh] " + r.RemoteAddr + ": Invalid refresh token")
+		log.Println("POST [api/refresh] " + r.RemoteAddr + ": Invalid refresh token")
 		http.Error(w, "Invalid refresh token", http.StatusUnauthorized)
 		return
 	}
@@ -195,7 +195,7 @@ func RefreshToken(w http.ResponseWriter, r *http.Request) {
 		Revoked:    false,
 		DeviceInfo: deviceInfo,
 	}); err != nil {
-		log.Println("[api/refresh] " + r.RemoteAddr + ": " + err.Error())
+		log.Println("POST [api/refresh] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "Could not generate new refresh token", http.StatusInternalServerError)
 		return
 	}
@@ -206,7 +206,7 @@ func RefreshToken(w http.ResponseWriter, r *http.Request) {
 		"access_token":  accessToken,
 		"refresh_token": newToken,
 	}); err != nil {
-		log.Println("[api/refresh] " + r.RemoteAddr + ": " + err.Error())
+		log.Println("POST [api/refresh] " + r.RemoteAddr + ": " + err.Error())
 		http.Error(w, "Internal server error", http.StatusInternalServerError)
 		return
 	}

handlers/balance.go

@@ -1,12 +1,32 @@
 package handlers
 
-import "net/http"
+import (
+	"encoding/json"
+	"log"
+	"net/http"
+	"shap-planner-backend/storage"
+)
 
 func GetBalance(w http.ResponseWriter, r *http.Request) {
 	query := r.URL.Query()
 	userParam := query.Get("user")
 
-	if userParam == "" {
-
+	if userParam == "all" {
+		// TODO: add later
+	} else {
+		balance, err := storage.ComputeBalance(userParam)
+		if err != nil {
+			log.Println("GET [api/balance] " + r.RemoteAddr + ": " + err.Error())
+			http.Error(w, "Invalid request query", http.StatusBadRequest)
+			return
+		}
+		err = json.NewEncoder(w).Encode(map[string]interface{}{
+			"balance": balance,
+		})
+		if err != nil {
+			log.Println("GET [api/balance] " + r.RemoteAddr + ": " + err.Error())
+			return
+		}
+		log.Println("GET [api/balance] " + r.RemoteAddr + ": Successfully retrieved balance")
 	}
 }

handlers/expenses.go

@@ -2,10 +2,12 @@ package handlers
 
 import (
 	"encoding/json"
+	"log"
 	"net/http"
 	"shap-planner-backend/models"
 	"shap-planner-backend/storage"
 	"shap-planner-backend/utils"
+	"time"
 )
 
 func Expenses(w http.ResponseWriter, r *http.Request) {
@@ -20,37 +22,54 @@ func Expenses(w http.ResponseWriter, r *http.Request) {
 			Shares  []models.ExpenseShare `json:"shares"`
 		}
 		if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
+			log.Println("POST [api/expense] " + r.RemoteAddr + ": " + err.Error())
 			http.Error(w, "Invalid request body", http.StatusBadRequest)
 			return
 		}
 		if claims.UserID != body.Expense.PayerID { // You cannot create an expense in the name of another user
-			http.Error(w, "Invalid request", http.StatusUnauthorized)
+			log.Println("POST [api/expense] " + r.RemoteAddr + ": claims.UserID and expense.PayerID does not match")
+			http.Error(w, "Invalid request", http.StatusBadRequest)
 			return
 		}
+		// Set ExpenseID
 		if body.Expense.ID != "" {
-			http.Error(w, "Invalid request", http.StatusUnauthorized)
+			log.Println("POST [api/expense] " + r.RemoteAddr + ": Expense ID must be empty")
+			http.Error(w, "Invalid request", http.StatusBadRequest)
 			return
 		}
 		body.Expense.ID = utils.GenerateUUID()
+		if body.Expense.CreatedAt == 0 {
+			body.Expense.CreatedAt = time.Now().Unix()
+		}
+		if body.Expense.Amount <= 0 {
+			log.Println("POST [api/expense] " + r.RemoteAddr + ": Amount must be greater than zero")
+			http.Error(w, "Invalid request", http.StatusBadRequest)
+			return
+		}
+		// Set ShareIDs and save them
 		for _, share := range body.Shares {
 			if share.ID != "" {
-				http.Error(w, "Invalid request", http.StatusUnauthorized)
+				log.Println("POST [api/expense] " + r.RemoteAddr + ": Share ID must be empty")
+				http.Error(w, "Invalid request", http.StatusBadRequest)
 				return
 			}
 			if share.ExpenseID != "" {
-				http.Error(w, "Invalid request", http.StatusUnauthorized)
+				log.Println("POST [api/expense] " + r.RemoteAddr + ": Expense ID of Share must be empty")
+				http.Error(w, "Invalid request", http.StatusBadRequest)
 				return
 			}
 			share.ExpenseID = body.Expense.ID
 			share.ID = utils.GenerateUUID()
 			err := storage.AddShare(&share)
 			if err != nil {
+				log.Println("POST [api/expense] " + r.RemoteAddr + ": " + err.Error())
 				http.Error(w, "Error adding expense", http.StatusBadRequest) // Should never happen
 				return
 			}
 		}
 		err := storage.AddExpense(&body.Expense)
 		if err != nil {
+			log.Println("POST [api/expense] " + r.RemoteAddr + ": " + err.Error())
 			http.Error(w, "Error adding expense", http.StatusBadRequest)
 			return
 		}
@@ -59,13 +78,16 @@ func Expenses(w http.ResponseWriter, r *http.Request) {
 			"shares":  body.Shares,
 		})
 		if err != nil {
-			println(err.Error())
+			log.Println("POST [api/expense] " + r.RemoteAddr + ": " + err.Error())
 			return
 		}
+		log.Println("POST [api/expense] " + r.RemoteAddr + ": Successfully added expense and its shares")
 		break
 	case http.MethodPut: // -> Update Expense
 		break
 	case http.MethodDelete: // -> Delete Expense
+	default:
+		http.Error(w, "Invalid request method", http.StatusMethodNotAllowed)
 	}
 }
 func AdminPanel(w http.ResponseWriter, r *http.Request) {}

storage/storage.go

@@ -133,6 +133,54 @@ func AddShare(share *models.ExpenseShare) error {
 	return err
 }
 
+// Balances
+func ComputeBalance(userId string) (float64, error) {
+	var balance float64
+	query := `
+		SELECT 
+			COALESCE(p.paid, 0) - COALESCE(s.shared, 0) AS balance
+		FROM (SELECT ? AS id) u
+		LEFT JOIN (
+			SELECT payer_id, SUM(amount_cents) AS paid 
+			FROM expenses 
+			WHERE payer_id = ?
+			GROUP BY payer_id
+		) p ON u.id = p.payer_id
+		LEFT JOIN (
+			SELECT user_id, SUM(share_cents) AS shared 
+			FROM expense_shares 
+			WHERE user_id = ?
+			GROUP BY user_id
+		) s ON u.id = s.user_id`
+	err := DB.QueryRow(query, userId, userId, userId).Scan(&balance)
+	if err != nil {
+		return 0, err
+	}
+	return balance, nil
+}
+func ComputeWGBalance() (float64, error) {
+	var balance float64
+	query := `SELECT u.id AS user_id,
+       COALESCE(p.paid_cents,0) - COALESCE(s.share_cents,0) AS balance_cents
+FROM users u
+LEFT JOIN (
+    SELECT payer_id, SUM(amount_cents) AS paid_cents
+    FROM expenses
+    GROUP BY payer_id
+) p ON u.id = p.payer_id
+LEFT JOIN (
+    SELECT es.user_id, SUM(es.share_cents) AS share_cents
+    FROM expense_shares es
+    JOIN expenses e ON es.expense_id = e.id
+    GROUP BY es.user_id
+) s ON u.id = s.user_id)`
+	err := DB.QueryRow(query).Scan(&balance)
+	if err != nil {
+		return 0, err
+	}
+	return balance, nil
+}
+
 // Users
 func AddUser(user *models.User) error {
 	_, err := DB.Exec("INSERT INTO users(id, username, password, role) VALUES (?, ?, ?, ?)", user.ID, strings.ToLower(user.Username), user.Password, user.Role)