peterwood/finance
1
0
Fork 0
mirror of https://github.com/acedanger/finance.git synced 2025-12-05 22:50:12 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
f67980a35ece135b72e763974a723bff56a2cf2a
finance/src/pages/api/transactions/index.ts

76 lines
2.2 KiB
TypeScript
Raw Blame History

// TODO: Security Improvements
// - Add input validation and sanitization
// - Implement rate limiting for API endpoints
// - Add request authentication
// - Implement CSRF protection
// - Add request logging and monitoring
// - Implement secure session management
// - Add API versioning
// - Set up proper CORS configuration
import type { APIRoute } from "astro";
import { transactions, accounts } from "../../../data/store";
import type { Transaction } from "../../../types";
// TODO: API Improvements
// - Add request rate limiting
// - Implement proper API authentication
// - Add input sanitization
// - Implement request validation middleware
// - Add API versioning
// - Consider implementing GraphQL for more flexible queries
// - Add proper logging and monitoring
export const POST: APIRoute = async ({ request }) => {
try {
const transaction = (await request.json()) as Omit<Transaction, "id">;
// Validate required fields
if (
!transaction.accountId ||
!transaction.date ||
!transaction.description ||
transaction.amount === undefined
) {
return new Response(
JSON.stringify({ error: "Missing required fields" }),
{
status: 400,
headers: { "Content-Type": "application/json" },
}
);
}
// Validate account exists
const account = accounts.find((a) => a.id === transaction.accountId);
if (!account) {
return new Response(JSON.stringify({ error: "Account not found" }), {
status: 404,
headers: { "Content-Type": "application/json" },
});
}
// Create new transaction with generated ID
const newTransaction: Transaction = {
...transaction,
id: (transactions.length + 1).toString(), // Simple ID generation for demo
};
// Update account balance
account.balance += transaction.amount;
// Add to transactions array
transactions.push(newTransaction);
return new Response(JSON.stringify(newTransaction), {
status: 201,
headers: { "Content-Type": "application/json" },
});
} catch (error) {
return new Response(JSON.stringify({ error: "Invalid request body" }), {
status: 400,
headers: { "Content-Type": "application/json" },
});
}
};
Reference in New Issue View Git Blame Copy Permalink