npm - @actual-app/sync-server - Versions diffs - 25.4.0-alpha.0 - Mend

@actual-app/sync-server 25.4.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (137) hide show

package/.dockerignore +12 -0
package/README.md +19 -0
package/app.js +11 -0
package/babel.config.json +3 -0
package/bin/@actual-app/sync-server +55 -0
package/docker/alpine.Dockerfile +62 -0
package/docker/ubuntu.Dockerfile +63 -0
package/docker-compose.yml +29 -0
package/jest.config.json +19 -0
package/jest.global-setup.js +101 -0
package/jest.global-teardown.js +6 -0
package/migrations/1694360000000-create-folders.js +25 -0
package/migrations/1694360479680-create-account-db.js +30 -0
package/migrations/1694362247011-create-secret-table.js +16 -0
package/migrations/1702667624000-rename-nordigen-secrets.js +19 -0
package/migrations/1718889148000-openid.js +41 -0
package/migrations/1719409568000-multiuser.js +116 -0
package/package.json +64 -0
package/src/account-db.js +239 -0
package/src/accounts/openid.js +361 -0
package/src/accounts/password.js +149 -0
package/src/app-account.js +155 -0
package/src/app-admin.js +410 -0
package/src/app-admin.test.js +381 -0
package/src/app-gocardless/README.md +198 -0
package/src/app-gocardless/app-gocardless.js +274 -0
package/src/app-gocardless/bank-factory.js +91 -0
package/src/app-gocardless/banks/abanca_caglesmm.js +22 -0
package/src/app-gocardless/banks/abnamro_abnanl2a.js +57 -0
package/src/app-gocardless/banks/american_express_aesudef1.js +40 -0
package/src/app-gocardless/banks/bancsabadell_bsabesbbb.js +31 -0
package/src/app-gocardless/banks/bank.interface.ts +51 -0
package/src/app-gocardless/banks/bank_of_ireland_b365_bofiie2d.js +39 -0
package/src/app-gocardless/banks/bankinter_bkbkesmm.js +24 -0
package/src/app-gocardless/banks/belfius_gkccbebb.js +17 -0
package/src/app-gocardless/banks/berliner_sparkasse_beladebexxx.js +61 -0
package/src/app-gocardless/banks/bnp_be_gebabebb.js +73 -0
package/src/app-gocardless/banks/cbc_cregbebb.js +34 -0
package/src/app-gocardless/banks/commerzbank_cobadeff.js +51 -0
package/src/app-gocardless/banks/danskebank_dabno22.js +39 -0
package/src/app-gocardless/banks/direkt_heladef1822.js +18 -0
package/src/app-gocardless/banks/easybank_bawaatww.js +50 -0
package/src/app-gocardless/banks/entercard_swednokk.js +40 -0
package/src/app-gocardless/banks/fortuneo_ftnofrp1xxx.js +46 -0
package/src/app-gocardless/banks/hype_hyeeit22.js +74 -0
package/src/app-gocardless/banks/ing_ingbrobu.js +70 -0
package/src/app-gocardless/banks/ing_ingddeff.js +47 -0
package/src/app-gocardless/banks/ing_pl_ingbplpw.js +46 -0
package/src/app-gocardless/banks/integration-bank.js +115 -0
package/src/app-gocardless/banks/isybank_itbbitmm.js +18 -0
package/src/app-gocardless/banks/kbc_kredbebb.js +33 -0
package/src/app-gocardless/banks/lhv-lhvbee22.js +36 -0
package/src/app-gocardless/banks/mbank_retail_brexplpw.js +56 -0
package/src/app-gocardless/banks/nationwide_naiagb21.js +46 -0
package/src/app-gocardless/banks/nbg_ethngraaxxx.js +51 -0
package/src/app-gocardless/banks/norwegian_xx_norwnok1.js +74 -0
package/src/app-gocardless/banks/revolut_revolt21.js +37 -0
package/src/app-gocardless/banks/sandboxfinance_sfin0000.js +28 -0
package/src/app-gocardless/banks/seb_kort_bank_ab.js +58 -0
package/src/app-gocardless/banks/seb_privat.js +29 -0
package/src/app-gocardless/banks/sparnord_spnodk22.js +24 -0
package/src/app-gocardless/banks/spk_karlsruhe_karsde66.js +61 -0
package/src/app-gocardless/banks/spk_marburg_biedenkopf_heladef1mar.js +30 -0
package/src/app-gocardless/banks/spk_worms_alzey_ried_malade51wor.js +19 -0
package/src/app-gocardless/banks/ssk_dusseldorf_dussdeddxxx.js +50 -0
package/src/app-gocardless/banks/swedbank_habalv22.js +47 -0
package/src/app-gocardless/banks/tests/abanca_caglesmm.spec.js +21 -0
package/src/app-gocardless/banks/tests/abnamro_abnanl2a.spec.js +61 -0
package/src/app-gocardless/banks/tests/bancsabadell_bsabesbbb.spec.js +53 -0
package/src/app-gocardless/banks/tests/belfius_gkccbebb.spec.js +22 -0
package/src/app-gocardless/banks/tests/cbc_cregbebb.spec.js +34 -0
package/src/app-gocardless/banks/tests/commerzbank_cobadeff.spec.js +110 -0
package/src/app-gocardless/banks/tests/easybank_bawaatww.spec.js +54 -0
package/src/app-gocardless/banks/tests/fortuneo_ftnofrp1xxx.spec.js +206 -0
package/src/app-gocardless/banks/tests/ing_ingddeff.spec.js +302 -0
package/src/app-gocardless/banks/tests/ing_pl_ingbplpw.spec.js +202 -0
package/src/app-gocardless/banks/tests/integration_bank.spec.js +158 -0
package/src/app-gocardless/banks/tests/kbc_kredbebb.spec.js +38 -0
package/src/app-gocardless/banks/tests/lhv-lhvbee22.spec.js +68 -0
package/src/app-gocardless/banks/tests/mbank_retail_brexplpw.spec.js +171 -0
package/src/app-gocardless/banks/tests/nationwide_naiagb21.spec.js +105 -0
package/src/app-gocardless/banks/tests/nbg_ethngraaxxx.spec.js +48 -0
package/src/app-gocardless/banks/tests/revolut_revolt21.spec.js +42 -0
package/src/app-gocardless/banks/tests/sandboxfinance_sfin0000.spec.js +133 -0
package/src/app-gocardless/banks/tests/spk_marburg_biedenkopf_heladef1mar.spec.js +256 -0
package/src/app-gocardless/banks/tests/ssk_dusseldorf_dussdeddxxx.spec.js +102 -0
package/src/app-gocardless/banks/tests/swedbank_habalv22.spec.js +57 -0
package/src/app-gocardless/banks/tests/virgin_nrnbgb22.spec.js +54 -0
package/src/app-gocardless/banks/util/extract-payeeName-from-remittanceInfo.js +36 -0
package/src/app-gocardless/banks/virgin_nrnbgb22.js +39 -0
package/src/app-gocardless/errors.js +84 -0
package/src/app-gocardless/gocardless-node.types.ts +497 -0
package/src/app-gocardless/gocardless.types.ts +93 -0
package/src/app-gocardless/link.html +18 -0
package/src/app-gocardless/services/gocardless-service.js +620 -0
package/src/app-gocardless/services/tests/fixtures.js +181 -0
package/src/app-gocardless/services/tests/gocardless-service.spec.js +537 -0
package/src/app-gocardless/tests/bank-factory.spec.js +20 -0
package/src/app-gocardless/tests/utils.spec.js +162 -0
package/src/app-gocardless/util/handle-error.js +16 -0
package/src/app-gocardless/utils.js +45 -0
package/src/app-openid.js +108 -0
package/src/app-pluggyai/app-pluggyai.js +215 -0
package/src/app-pluggyai/pluggyai-service.js +120 -0
package/src/app-secrets.js +61 -0
package/src/app-simplefin/app-simplefin.js +418 -0
package/src/app-sync/errors.js +13 -0
package/src/app-sync/services/files-service.js +243 -0
package/src/app-sync/tests/services/files-service.test.js +250 -0
package/src/app-sync/validation.js +77 -0
package/src/app-sync.js +391 -0
package/src/app-sync.test.js +877 -0
package/src/app.js +145 -0
package/src/config-types.ts +44 -0
package/src/db.js +58 -0
package/src/load-config.js +307 -0
package/src/migrations.js +36 -0
package/src/run-migrations.js +8 -0
package/src/scripts/disable-openid.js +44 -0
package/src/scripts/enable-openid.js +53 -0
package/src/scripts/health-check.js +23 -0
package/src/scripts/reset-password.js +51 -0
package/src/secrets.test.js +83 -0
package/src/services/secrets-service.js +94 -0
package/src/services/user-service.js +272 -0
package/src/sql/messages.sql +9 -0
package/src/sync-simple.js +95 -0
package/src/util/hash.js +5 -0
package/src/util/middlewares.js +62 -0
package/src/util/paths.js +13 -0
package/src/util/payee-name.js +45 -0
package/src/util/prompt.js +88 -0
package/src/util/title/index.js +59 -0
package/src/util/title/lower-case.js +93 -0
package/src/util/title/specials.js +21 -0
package/src/util/validate-user.js +68 -0
package/tsconfig.json +21 -0

package/src/app-secrets.js ADDED Viewed

@@ -0,0 +1,61 @@
+import express from 'express';
+import { getAccountDb, isAdmin } from './account-db.js';
+import { secretsService } from './services/secrets-service.js';
+import {
+  requestLoggerMiddleware,
+  validateSessionMiddleware,
+} from './util/middlewares.js';
+const app = express();
+export { app as handlers };
+app.use(express.json());
+app.use(requestLoggerMiddleware);
+app.use(validateSessionMiddleware);
+app.post('/', async (req, res) => {
+  let method;
+  try {
+    const result = getAccountDb().first(
+      'SELECT method FROM auth WHERE active = 1',
+    );
+    method = result?.method;
+  } catch (error) {
+    console.error('Failed to fetch auth method:', error);
+    return res.status(500).send({
+      status: 'error',
+      reason: 'database-error',
+      details: 'Failed to validate authentication method',
+    });
+  }
+  const { name, value } = req.body;
+  if (method === 'openid') {
+    const canSaveSecrets = isAdmin(res.locals.user_id);
+    if (!canSaveSecrets) {
+      res.status(403).send({
+        status: 'error',
+        reason: 'not-admin',
+        details: 'You have to be admin to set secrets',
+      });
+      return;
+    }
+  }
+  secretsService.set(name, value);
+  res.status(200).send({ status: 'ok' });
+});
+app.get('/:name', async (req, res) => {
+  const name = req.params.name;
+  const keyExists = secretsService.exists(name);
+  if (keyExists) {
+    res.sendStatus(204);
+  } else {
+    res.status(404).send('key not found');
+  }
+});

package/src/app-simplefin/app-simplefin.js ADDED Viewed

@@ -0,0 +1,418 @@
+import https from 'https';
+import express from 'express';
+import { handleError } from '../app-gocardless/util/handle-error.js';
+import { SecretName, secretsService } from '../services/secrets-service.js';
+import { requestLoggerMiddleware } from '../util/middlewares.js';
+const app = express();
+export { app as handlers };
+app.use(express.json());
+app.use(requestLoggerMiddleware);
+app.post(
+  '/status',
+  handleError(async (req, res) => {
+    const token = secretsService.get(SecretName.simplefin_token);
+    const configured = token != null && token !== 'Forbidden';
+    res.send({
+      status: 'ok',
+      data: {
+        configured,
+      },
+    });
+  }),
+);
+app.post(
+  '/accounts',
+  handleError(async (req, res) => {
+    let accessKey = secretsService.get(SecretName.simplefin_accessKey);
+    try {
+      if (accessKey == null || accessKey === 'Forbidden') {
+        const token = secretsService.get(SecretName.simplefin_token);
+        if (token == null || token === 'Forbidden') {
+          throw new Error('No token');
+        } else {
+          accessKey = await getAccessKey(token);
+          secretsService.set(SecretName.simplefin_accessKey, accessKey);
+          if (accessKey == null || accessKey === 'Forbidden') {
+            throw new Error('No access key');
+          }
+        }
+      }
+    } catch {
+      invalidToken(res);
+      return;
+    }
+    try {
+      const accounts = await getAccounts(accessKey, null, null, null, true);
+      res.send({
+        status: 'ok',
+        data: {
+          accounts: accounts.accounts,
+        },
+      });
+    } catch (e) {
+      serverDown(e, res);
+      return;
+    }
+  }),
+);
+app.post(
+  '/transactions',
+  handleError(async (req, res) => {
+    const { accountId, startDate } = req.body;
+    const accessKey = secretsService.get(SecretName.simplefin_accessKey);
+    if (accessKey == null || accessKey === 'Forbidden') {
+      invalidToken(res);
+      return;
+    }
+    if (Array.isArray(accountId) !== Array.isArray(startDate)) {
+      console.log({ accountId, startDate });
+      throw new Error(
+        'accountId and startDate must either both be arrays or both be strings',
+      );
+    }
+    if (Array.isArray(accountId) && accountId.length !== startDate.length) {
+      console.log({ accountId, startDate });
+      throw new Error('accountId and startDate arrays must be the same length');
+    }
+    const earliestStartDate = Array.isArray(startDate)
+      ? startDate.reduce((a, b) => (a < b ? a : b))
+      : startDate;
+    let results;
+    try {
+      results = await getTransactions(
+        accessKey,
+        Array.isArray(accountId) ? accountId : [accountId],
+        new Date(earliestStartDate),
+      );
+    } catch (e) {
+      if (e.message === 'Forbidden') {
+        invalidToken(res);
+      } else {
+        serverDown(e, res);
+      }
+      return;
+    }
+    let response = {};
+    if (Array.isArray(accountId)) {
+      for (let i = 0; i < accountId.length; i++) {
+        const id = accountId[i];
+        response[id] = getAccountResponse(results, id, new Date(startDate[i]));
+      }
+    } else {
+      response = getAccountResponse(results, accountId, new Date(startDate));
+    }
+    if (results.hasError) {
+      res.send({
+        status: 'ok',
+        data: !Array.isArray(accountId)
+          ? results.errors[accountId][0]
+          : {
+              ...response,
+              errors: results.errors,
+            },
+      });
+      return;
+    }
+    res.send({
+      status: 'ok',
+      data: response,
+    });
+  }),
+);
+function logAccountError(results, accountId, data) {
+  const errors = results.errors[accountId] || [];
+  errors.push(data);
+  results.errors[accountId] = errors;
+  results.hasError = true;
+}
+function getAccountResponse(results, accountId, startDate) {
+  const account =
+    !results?.accounts || results.accounts.find(a => a.id === accountId);
+  if (!account) {
+    console.log(
+      `The account "${accountId}" was not found. Here were the accounts returned:`,
+    );
+    if (results?.accounts) {
+      results.accounts.forEach(a => console.log(`${a.id} - ${a.org.name}`));
+    }
+    logAccountError(results, accountId, {
+      error_type: 'ACCOUNT_MISSING',
+      error_code: 'ACCOUNT_MISSING',
+      reason: `The account "${accountId}" was not found. Try unlinking and relinking the account.`,
+    });
+    return;
+  }
+  const needsAttention = results.sferrors.find(
+    e => e === `Connection to ${account.org.name} may need attention`,
+  );
+  if (needsAttention) {
+    logAccountError(results, accountId, {
+      error_type: 'ACCOUNT_NEEDS_ATTENTION',
+      error_code: 'ACCOUNT_NEEDS_ATTENTION',
+      reason:
+        'The account needs your attention at <a href="https://bridge.simplefin.org/auth/login">SimpleFIN</a>.',
+    });
+  }
+  const startingBalance = parseInt(account.balance.replace('.', ''));
+  const date = getDate(new Date(account['balance-date'] * 1000));
+  const balances = [
+    {
+      balanceAmount: {
+        amount: account.balance,
+        currency: account.currency,
+      },
+      balanceType: 'expected',
+      referenceDate: date,
+    },
+    {
+      balanceAmount: {
+        amount: account.balance,
+        currency: account.currency,
+      },
+      balanceType: 'interimAvailable',
+      referenceDate: date,
+    },
+  ];
+  const all = [];
+  const booked = [];
+  const pending = [];
+  for (const trans of account.transactions) {
+    const newTrans = {};
+    let dateToUse = 0;
+    if (trans.pending ?? trans.posted === 0) {
+      newTrans.booked = false;
+      dateToUse = trans.transacted_at;
+    } else {
+      newTrans.booked = true;
+      dateToUse = trans.posted;
+    }
+    const transactionDate = new Date(dateToUse * 1000);
+    if (transactionDate < startDate) {
+      continue;
+    }
+    newTrans.sortOrder = dateToUse;
+    newTrans.date = getDate(transactionDate);
+    newTrans.payeeName = trans.payee;
+    newTrans.notes = trans.description;
+    newTrans.transactionAmount = { amount: trans.amount, currency: 'USD' };
+    newTrans.transactionId = trans.id;
+    newTrans.valueDate = newTrans.bookingDate;
+    if (trans.transacted_at) {
+      newTrans.transactedDate = getDate(new Date(trans.transacted_at * 1000));
+    }
+    if (trans.posted) {
+      newTrans.postedDate = getDate(new Date(trans.posted * 1000));
+    }
+    if (newTrans.booked) {
+      booked.push(newTrans);
+    } else {
+      pending.push(newTrans);
+    }
+    all.push(newTrans);
+  }
+  const sortFunction = (a, b) => b.sortOrder - a.sortOrder;
+  const bookedSorted = booked.sort(sortFunction);
+  const pendingSorted = pending.sort(sortFunction);
+  const allSorted = all.sort(sortFunction);
+  return {
+    balances,
+    startingBalance,
+    transactions: {
+      all: allSorted,
+      booked: bookedSorted,
+      pending: pendingSorted,
+    },
+  };
+}
+function invalidToken(res) {
+  res.send({
+    status: 'ok',
+    data: {
+      error_type: 'INVALID_ACCESS_TOKEN',
+      error_code: 'INVALID_ACCESS_TOKEN',
+      status: 'rejected',
+      reason:
+        'Invalid SimpleFIN access token.  Reset the token and re-link any broken accounts.',
+    },
+  });
+}
+function serverDown(e, res) {
+  console.log(e);
+  res.send({
+    status: 'ok',
+    data: {
+      error_type: 'SERVER_DOWN',
+      error_code: 'SERVER_DOWN',
+      status: 'rejected',
+      reason: 'There was an error communicating with SimpleFIN.',
+    },
+  });
+}
+function parseAccessKey(accessKey) {
+  let scheme = null;
+  let rest = null;
+  let auth = null;
+  let username = null;
+  let password = null;
+  let baseUrl = null;
+  if (!accessKey || !accessKey.match(/^.*\/\/.*:.*@.*$/)) {
+    console.log(`Invalid SimpleFIN access key: ${accessKey}`);
+    throw new Error(`Invalid access key`);
+  }
+  [scheme, rest] = accessKey.split('//');
+  [auth, rest] = rest.split('@');
+  [username, password] = auth.split(':');
+  baseUrl = `${scheme}//${rest}`;
+  return {
+    baseUrl,
+    username,
+    password,
+  };
+}
+async function getAccessKey(base64Token) {
+  const token = Buffer.from(base64Token, 'base64').toString();
+  const options = {
+    method: 'POST',
+    port: 443,
+    headers: { 'Content-Length': 0 },
+  };
+  return new Promise((resolve, reject) => {
+    const req = https.request(new URL(token), options, res => {
+      res.on('data', d => {
+        resolve(d.toString());
+      });
+    });
+    req.on('error', e => {
+      reject(e);
+    });
+    req.end();
+  });
+}
+async function getTransactions(accessKey, accounts, startDate, endDate) {
+  const now = new Date();
+  startDate = startDate || new Date(now.getFullYear(), now.getMonth(), 1);
+  endDate = endDate || new Date(now.getFullYear(), now.getMonth() + 1, 1);
+  console.log(`${getDate(startDate)} - ${getDate(endDate)}`);
+  return await getAccounts(accessKey, accounts, startDate, endDate);
+}
+function getDate(date) {
+  return date.toISOString().split('T')[0];
+}
+function normalizeDate(date) {
+  return (date.valueOf() - date.getTimezoneOffset() * 60 * 1000) / 1000;
+}
+async function getAccounts(
+  accessKey,
+  accounts,
+  startDate,
+  endDate,
+  noTransactions = false,
+) {
+  const sfin = parseAccessKey(accessKey);
+  const options = {
+    headers: {
+      Authorization: `Basic ${Buffer.from(
+        `${sfin.username}:${sfin.password}`,
+      ).toString('base64')}`,
+    },
+  };
+  const params = [];
+  if (!noTransactions) {
+    if (startDate) {
+      params.push(`start-date=${normalizeDate(startDate)}`);
+    }
+    if (endDate) {
+      params.push(`end-date=${normalizeDate(endDate)}`);
+    }
+    params.push(`pending=1`);
+  } else {
+    params.push(`balances-only=1`);
+  }
+  if (accounts) {
+    accounts.forEach(id => {
+      params.push(`account=${encodeURIComponent(id)}`);
+    });
+  }
+  let queryString = '';
+  if (params.length > 0) {
+    queryString += '?' + params.join('&');
+  }
+  return new Promise((resolve, reject) => {
+    const req = https.request(
+      new URL(`${sfin.baseUrl}/accounts${queryString}`),
+      options,
+      res => {
+        let data = '';
+        res.on('data', d => {
+          data += d;
+        });
+        res.on('end', () => {
+          if (res.statusCode === 403) {
+            reject(new Error('Forbidden'));
+          } else {
+            try {
+              const results = JSON.parse(data);
+              results.sferrors = results.errors;
+              results.hasError = false;
+              results.errors = {};
+              resolve(results);
+            } catch (e) {
+              console.log(`Error parsing JSON response: ${data}`);
+              reject(e);
+            }
+          }
+        });
+      },
+    );
+    req.on('error', e => {
+      reject(e);
+    });
+    req.end();
+  });
+}

package/src/app-sync/errors.js ADDED Viewed

@@ -0,0 +1,13 @@
+export class FileNotFound extends Error {
+  constructor(params = {}) {
+    super("File does not exist or you don't have access to it");
+    this.details = params;
+  }
+}
+export class GenericFileError extends Error {
+  constructor(message, params = {}) {
+    super(message);
+    this.details = params;
+  }
+}