create-ishvexa-app 1.0.0

package/templates/sfms-app/backend-mongodb/package.json

@@ -0,0 +1,23 @@
+{
+  "name": "sfms-backend-mongodb",
+  "version": "1.0.0",
+  "description": "SFMS API — Express + MongoDB",
+  "type": "module",
+  "main": "src/server.js",
+  "scripts": {
+    "start": "node src/server.js",
+    "dev": "nodemon src/server.js"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "dependencies": {
+    "bcryptjs": "^2.4.3",
+    "cors": "^2.8.5",
+    "dotenv": "^16.4.5",
+    "express": "^4.21.0",
+    "jsonwebtoken": "^9.0.2",
+    "mongoose": "^8.7.0",
+    "nodemon": "^3.1.14"
+  }
+}

package/templates/sfms-app/backend-mongodb/src/config/database.js

@@ -0,0 +1,7 @@
+import mongoose from 'mongoose';
+
+export async function connectMongo(uri) {
+  mongoose.set('strictQuery', true);
+  await mongoose.connect(uri);
+  return mongoose.connection;
+}

package/templates/sfms-app/backend-mongodb/src/config/env.js

@@ -0,0 +1,35 @@
+/** Central env with fallbacks (||) so missing vars degrade to safe defaults where possible. */
+
+const DEFAULT_BACKEND_PORT = 5000;
+
+function parsePort(raw, fallback) {
+  const n = Number(raw);
+  return Number.isFinite(n) && n > 0 ? n : fallback;
+}
+
+export const env = {
+  port: parsePort(
+    process.env.PORT || process.env.SFMS_BACKEND_PORT,
+    DEFAULT_BACKEND_PORT
+  ),
+  mongodbUri:
+    process.env.MONGODB_URI?.trim() ||
+    process.env.MONGO_URL?.trim() ||
+    process.env.DATABASE_URL?.trim() ||
+    '',
+  jwtSecret:
+    process.env.JWT_SECRET?.trim() ||
+    process.env.JWT_INGUFU?.trim() ||
+    '',
+  nodeEnv: process.env.NODE_ENV || 'development',
+};
+
+export function requireMongoUri() {
+  if (!env.mongodbUri) {
+    console.error(
+      'Missing MongoDB connection string. Set MONGODB_URI (or MONGO_URL / DATABASE_URL) in .env'
+    );
+    process.exit(1);
+  }
+  return env.mongodbUri;
+}

package/templates/sfms-app/backend-mongodb/src/middleware/authMiddleware.js

@@ -0,0 +1,32 @@
+import jwt from 'jsonwebtoken';
+import { env } from '../config/env.js';
+import { User } from '../models/User.js';
+
+function jwtSecret() {
+  return env.jwtSecret;
+}
+
+/** Validates Bearer JWT and attaches req.user */
+export async function protect(req, res, next) {
+  const header = req.headers.authorization;
+  const token = header?.startsWith('Bearer ') ? header.slice(7) : null;
+
+  if (!token) {
+    return res.status(401).json({ message: 'No token provided' });
+  }
+
+  try {
+    const secret = jwtSecret();
+    if (!secret) throw new Error('JWT_SECRET missing');
+
+    const payload = jwt.verify(token, secret);
+    const user = await User.findById(payload.id);
+    if (!user) {
+      return res.status(401).json({ message: 'User not found' });
+    }
+    req.user = { id: String(user._id), role: user.role };
+    next();
+  } catch {
+    return res.status(401).json({ message: 'Invalid or expired token' });
+  }
+}

package/templates/sfms-app/backend-mongodb/src/models/Payment.js

@@ -0,0 +1,12 @@
+import mongoose from 'mongoose';
+
+const paymentSchema = new mongoose.Schema(
+  {
+    student: { type: mongoose.Schema.Types.ObjectId, ref: 'Student', required: true },
+    amount: { type: Number, required: true, min: 0 },
+    paymentDate: { type: Date, required: true },
+  },
+  { timestamps: { createdAt: 'created_at', updatedAt: false } }
+);
+
+export const Payment = mongoose.model('Payment', paymentSchema);

package/templates/sfms-app/backend-mongodb/src/models/Student.js

@@ -0,0 +1,12 @@
+import mongoose from 'mongoose';
+
+const studentSchema = new mongoose.Schema(
+  {
+    fullName: { type: String, required: true, trim: true },
+    className: { type: String, required: true, trim: true },
+    parentPhone: { type: String, required: true, trim: true },
+  },
+  { timestamps: { createdAt: 'created_at', updatedAt: false } }
+);
+
+export const Student = mongoose.model('Student', studentSchema);

package/templates/sfms-app/backend-mongodb/src/models/User.js

@@ -0,0 +1,14 @@
+import mongoose from 'mongoose';
+
+const userSchema = new mongoose.Schema(
+  {
+    username: { type: String, required: true, unique: true, trim: true },
+    name: { type: String, required: true, trim: true },
+    email: { type: String, required: true, unique: true, lowercase: true, trim: true },
+    password: { type: String, required: true, minlength: 6, select: false },
+    role: { type: String, enum: ['admin', 'staff'], default: 'admin' },
+  },
+  { timestamps: { createdAt: 'created_at', updatedAt: false } }
+);
+
+export const User = mongoose.model('User', userSchema);

package/templates/sfms-app/backend-mongodb/src/routes/authRoutes.js

@@ -0,0 +1,140 @@
+import { Router } from 'express';
+import bcrypt from 'bcryptjs';
+import jwt from 'jsonwebtoken';
+import { env } from '../config/env.js';
+import { User } from '../models/User.js';
+
+const router = Router();
+
+const normalizeEmail = (email) => String(email || '').trim().toLowerCase();
+
+function jwtSecret() {
+  return env.jwtSecret;
+}
+
+function signToken(user) {
+  const secret = jwtSecret();
+  if (!secret) throw new Error('JWT_SECRET');
+  return jwt.sign({ id: String(user._id), role: user.role }, secret, { expiresIn: '7d' });
+}
+
+router.post('/register', async (req, res) => {
+  try {
+    const { username, email, password, role } = req.body;
+    if (!username || !email || !password) {
+      return res.status(400).json({ message: 'Username, email and password are required' });
+    }
+    if (String(password).length < 6) {
+      return res.status(400).json({ message: 'Password must be at least 6 characters' });
+    }
+
+    const usernameNorm = String(username).trim();
+    const emailNorm = normalizeEmail(email);
+    if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(emailNorm)) {
+      return res.status(400).json({ message: 'Enter a valid email address.' });
+    }
+
+    const existingUser = await User.findOne({ username: usernameNorm });
+    if (existingUser) {
+      return res.status(409).json({ message: 'Username already exists' });
+    }
+    const exists = await User.findOne({ email: emailNorm });
+    if (exists) {
+      return res.status(409).json({ message: 'Email already registered' });
+    }
+
+    const hash = await bcrypt.hash(String(password), 12);
+    const user = await User.create({
+      username: usernameNorm,
+      name: usernameNorm,
+      email: emailNorm,
+      password: hash,
+      role: role === 'staff' ? 'staff' : 'admin',
+    });
+
+    const token = signToken(user);
+    return res.status(201).json({
+      token,
+      user: {
+        id: user._id,
+        username: user.username,
+        name: user.name,
+        email: user.email,
+        role: user.role,
+        created_at: user.created_at,
+      },
+    });
+  } catch (err) {
+    console.error(err);
+    return res.status(500).json({ message: 'Registration failed' });
+  }
+});
+
+router.post('/login', async (req, res) => {
+  try {
+    const { username, password } = req.body;
+    if (!username || !password) {
+      return res.status(400).json({ message: 'Username and password are required' });
+    }
+
+    const user = await User.findOne({ username: String(username).trim() }).select('+password');
+    if (!user) {
+      return res.status(401).json({ message: 'Invalid credentials' });
+    }
+
+    const match = await bcrypt.compare(String(password), user.password);
+    if (!match) {
+      return res.status(401).json({ message: 'Invalid credentials' });
+    }
+
+    const token = signToken(user);
+    return res.json({
+      token,
+      user: {
+        id: user._id,
+        username: user.username,
+        name: user.name,
+        email: user.email,
+        role: user.role,
+        created_at: user.created_at,
+      },
+    });
+  } catch (err) {
+    console.error(err);
+    return res.status(500).json({ message: 'Login failed' });
+  }
+});
+
+router.post('/forgot-password', async (req, res) => {
+  try {
+    const { email, newPassword, confirmPassword } = req.body;
+    if (!email) {
+      return res.status(400).json({ success: false, message: 'Email is required.' });
+    }
+    if (!newPassword) {
+      return res.status(400).json({ success: false, message: 'New password is required.' });
+    }
+    if (!confirmPassword) {
+      return res.status(400).json({ success: false, message: 'Confirm password is required.' });
+    }
+    if (newPassword !== confirmPassword) {
+      return res.status(400).json({
+        success: false,
+        message: 'New password and confirm password must match.',
+      });
+    }
+    const emailNorm = normalizeEmail(email);
+    const user = await User.findOne({ email: emailNorm }).select('+password');
+    if (!user) {
+      return res.status(404).json({ success: false, message: 'User not found' });
+    }
+    user.password = await bcrypt.hash(String(newPassword), 12);
+    await user.save();
+    return res.json({ success: true, message: 'Password reset successfully' });
+  } catch (err) {
+    console.error(err);
+    return res.status(500).json({ success: false, message: 'Server error.' });
+  }
+});
+
+export default router;

package/templates/sfms-app/backend-mongodb/src/routes/paymentRoutes.js

@@ -0,0 +1,117 @@
+import { Router } from 'express';
+import mongoose from 'mongoose';
+import { Payment } from '../models/Payment.js';
+import { Student } from '../models/Student.js';
+import { protect } from '../middleware/authMiddleware.js';
+
+const router = Router();
+router.use(protect);
+
+function toApi(doc) {
+  if (!doc) return null;
+  const o = doc.toObject ? doc.toObject() : doc;
+  const st = o.student && typeof o.student === 'object' ? o.student : null;
+  return {
+    id: o._id,
+    student_id: o.student?._id ?? o.student,
+    amount: o.amount,
+    payment_date: o.paymentDate?.toISOString?.().slice(0, 10) ?? o.paymentDate,
+    created_at: o.created_at,
+    student: st
+      ? {
+          id: st._id,
+          full_name: st.fullName,
+          class: st.className,
+          parent_phone: st.parentPhone,
+        }
+      : undefined,
+  };
+}
+
+router.get('/', async (req, res) => {
+  try {
+    const rows = await Payment.find()
+      .populate('student', 'fullName className parentPhone')
+      .sort({ paymentDate: -1 });
+    return res.json(rows.map(toApi));
+  } catch (err) {
+    console.error(err);
+    return res.status(500).json({ message: 'Failed to list payments' });
+  }
+});
+
+router.post('/', async (req, res) => {
+  try {
+    const { student_id, amount, payment_date } = req.body;
+    if (!student_id || amount === undefined || amount === null || !payment_date) {
+      return res.status(400).json({ message: 'Student, amount and payment date are required' });
+    }
+    if (!mongoose.Types.ObjectId.isValid(student_id)) {
+      return res.status(400).json({ message: 'Invalid student id' });
+    }
+    const student = await Student.findById(student_id);
+    if (!student) return res.status(404).json({ message: 'Student not found' });
+
+    const num = Number(amount);
+    if (Number.isNaN(num) || num < 0) {
+      return res.status(400).json({ message: 'Amount must be a valid non-negative number' });
+    }
+
+    const payment = await Payment.create({
+      student: student_id,
+      amount: num,
+      paymentDate: new Date(payment_date),
+    });
+    await payment.populate('student', 'fullName className parentPhone');
+    return res.status(201).json(toApi(payment));
+  } catch (err) {
+    console.error(err);
+    return res.status(500).json({ message: 'Failed to create payment' });
+  }
+});
+
+router.put('/:id', async (req, res) => {
+  try {
+    const { student_id, amount, payment_date } = req.body;
+    const patch = {};
+    if (student_id !== undefined) {
+      if (!mongoose.Types.ObjectId.isValid(student_id)) {
+        return res.status(400).json({ message: 'Invalid student id' });
+      }
+      const student = await Student.findById(student_id);
+      if (!student) return res.status(404).json({ message: 'Student not found' });
+      patch.student = student_id;
+    }
+    if (amount !== undefined) {
+      const num = Number(amount);
+      if (Number.isNaN(num) || num < 0) {
+        return res.status(400).json({ message: 'Amount must be a valid non-negative number' });
+      }
+      patch.amount = num;
+    }
+    if (payment_date !== undefined) patch.paymentDate = new Date(payment_date);
+
+    const payment = await Payment.findByIdAndUpdate(req.params.id, patch, {
+      new: true,
+      runValidators: true,
+    }).populate('student', 'fullName className parentPhone');
+    if (!payment) return res.status(404).json({ message: 'Payment not found' });
+    return res.json(toApi(payment));
+  } catch (err) {
+    console.error(err);
+    return res.status(500).json({ message: 'Failed to update payment' });
+  }
+});
+
+router.delete('/:id', async (req, res) => {
+  try {
+    const payment = await Payment.findByIdAndDelete(req.params.id);
+    if (!payment) return res.status(404).json({ message: 'Payment not found' });
+    return res.json({ message: 'Deleted', id: req.params.id });
+  } catch (err) {
+    console.error(err);
+    return res.status(500).json({ message: 'Failed to delete' });
+  }
+});
+
+export default router;

package/templates/sfms-app/backend-mongodb/src/routes/reportRoutes.js

@@ -0,0 +1,59 @@
+import { Router } from 'express';
+import { Payment } from '../models/Payment.js';
+import { protect } from '../middleware/authMiddleware.js';
+
+const router = Router();
+router.use(protect);
+
+function toApi(doc) {
+  const o = doc.toObject ? doc.toObject() : doc;
+  const st = o.student && typeof o.student === 'object' ? o.student : null;
+  return {
+    id: o._id,
+    student_id: o.student?._id ?? o.student,
+    amount: o.amount,
+    payment_date: o.paymentDate?.toISOString?.().slice(0, 10) ?? o.paymentDate,
+    created_at: o.created_at,
+    student: st
+      ? { id: st._id, full_name: st.fullName, class: st.className }
+      : undefined,
+  };
+}
+
+router.get('/', async (req, res) => {
+  try {
+    const { start, end } = req.query;
+    if (!start || !end) {
+      return res.status(400).json({ message: 'Query params start and end (yyyy-mm-dd) are required' });
+    }
+
+    const startDate = new Date(String(start));
+    const endDate = new Date(String(end));
+    if (Number.isNaN(startDate.getTime()) || Number.isNaN(endDate.getTime())) {
+      return res.status(400).json({ message: 'Invalid date format; use yyyy-mm-dd' });
+    }
+
+    // Iherezo ry'itariki: umunsi wuzura (intera ndangagaciro)
+    endDate.setHours(23, 59, 59, 999);
+
+    const rows = await Payment.find({
+      paymentDate: { $gte: startDate, $lte: endDate },
+    })
+      .populate('student', 'fullName className')
+      .sort({ paymentDate: -1 });
+
+    const total = rows.reduce((sum, row) => sum + (row.amount || 0), 0);
+
+    return res.json({
+      start: String(start),
+      end: String(end),
+      payments: rows.map(toApi),
+      total_amount_paid: total,
+    });
+  } catch (err) {
+    console.error(err);
+    return res.status(500).json({ message: 'Failed to build report' });
+  }
+});
+
+export default router;

package/templates/sfms-app/backend-mongodb/src/routes/studentRoutes.js

@@ -0,0 +1,79 @@
+import { Router } from 'express';
+import { Student } from '../models/Student.js';
+import { protect } from '../middleware/authMiddleware.js';
+
+const router = Router();
+router.use(protect);
+
+function toApi(doc) {
+  if (!doc) return null;
+  const o = doc.toObject ? doc.toObject() : doc;
+  return {
+    id: o._id,
+    full_name: o.fullName,
+    class: o.className,
+    parent_phone: o.parentPhone,
+    created_at: o.created_at,
+  };
+}
+
+router.get('/', async (req, res) => {
+  try {
+    const rows = await Student.find().sort({ created_at: -1 });
+    return res.json(rows.map(toApi));
+  } catch (err) {
+    console.error(err);
+    return res.status(500).json({ message: 'Failed to list students' });
+  }
+});
+
+router.post('/', async (req, res) => {
+  try {
+    const { full_name, class: className, parent_phone } = req.body;
+    if (!full_name || !className || !parent_phone) {
+      return res.status(400).json({ message: 'Full name, class and parent phone are required' });
+    }
+    const student = await Student.create({
+      fullName: String(full_name).trim(),
+      className: String(className).trim(),
+      parentPhone: String(parent_phone).trim(),
+    });
+    return res.status(201).json(toApi(student));
+  } catch (err) {
+    console.error(err);
+    return res.status(500).json({ message: 'Failed to create student' });
+  }
+});
+
+router.put('/:id', async (req, res) => {
+  try {
+    const { full_name, class: className, parent_phone } = req.body;
+    const patch = {};
+    if (full_name !== undefined) patch.fullName = String(full_name).trim();
+    if (className !== undefined) patch.className = String(className).trim();
+    if (parent_phone !== undefined) patch.parentPhone = String(parent_phone).trim();
+
+    const student = await Student.findByIdAndUpdate(req.params.id, patch, {
+      new: true,
+      runValidators: true,
+    });
+    if (!student) return res.status(404).json({ message: 'Student not found' });
+    return res.json(toApi(student));
+  } catch (err) {
+    console.error(err);
+    return res.status(500).json({ message: 'Failed to update student' });
+  }
+});
+
+router.delete('/:id', async (req, res) => {
+  try {
+    const student = await Student.findByIdAndDelete(req.params.id);
+    if (!student) return res.status(404).json({ message: 'Student not found' });
+    return res.json({ message: 'Deleted', id: req.params.id });
+  } catch (err) {
+    console.error(err);
+    return res.status(500).json({ message: 'Failed to delete' });
+  }
+});
+
+export default router;

package/templates/sfms-app/backend-mongodb/src/server.js

@@ -0,0 +1,34 @@
+import 'dotenv/config';
+import express from 'express';
+import cors from 'cors';
+import { env, requireMongoUri } from './config/env.js';
+import { connectMongo } from './config/database.js';
+import authRoutes from './routes/authRoutes.js';
+import studentRoutes from './routes/studentRoutes.js';
+import paymentRoutes from './routes/paymentRoutes.js';
+import reportRoutes from './routes/reportRoutes.js';
+
+const app = express();
+
+app.use(cors({ origin: true, credentials: true }));
+app.use(express.json());
+
+app.get('/api/health', (req, res) => {
+  res.json({ ok: true, app: 'SFMS' });
+});
+
+app.use('/api/auth', authRoutes);
+app.use('/api/students', studentRoutes);
+app.use('/api/payments', paymentRoutes);
+app.use('/api/reports', reportRoutes);
+
+app.use((req, res) => {
+  res.status(404).json({ message: 'Not found' });
+});
+
+await connectMongo(requireMongoUri());
+console.log('Database Connected Successfully');
+
+app.listen(env.port, () => {
+  console.log(`Server listening on http://localhost:${env.port}`);
+});

package/templates/sfms-app/backend-mysql/.env

@@ -0,0 +1,7 @@
+PORT=5000
+DB_HOST=localhost
+DB_USER=student
+DB_PASSWORD=
+DB_NAME=SFMS
+DB_PORT=3306
+JWT_SECRET=change-me-in-production

package/templates/sfms-app/backend-mysql/.env.example

@@ -0,0 +1,7 @@
+PORT=5000
+DB_HOST=localhost
+DB_USER=student
+DB_PASSWORD=
+DB_NAME=SFMS
+DB_PORT=3306
+JWT_SECRET=change-me-in-production

package/templates/sfms-app/backend-mysql/database/schema.sql

@@ -0,0 +1,29 @@
+CREATE DATABASE IF NOT EXISTS SFMS;
+USE SFMS;
+
+CREATE TABLE IF NOT EXISTS users (
+  id INT AUTO_INCREMENT PRIMARY KEY,
+  username VARCHAR(50) NOT NULL UNIQUE,
+  name VARCHAR(120) NOT NULL,
+  email VARCHAR(120) NOT NULL UNIQUE,
+  password VARCHAR(255) NOT NULL,
+  role ENUM('admin', 'staff') NOT NULL DEFAULT 'admin',
+  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE TABLE IF NOT EXISTS students (
+  id INT AUTO_INCREMENT PRIMARY KEY,
+  full_name VARCHAR(120) NOT NULL,
+  class_name VARCHAR(60) NOT NULL,
+  parent_phone VARCHAR(30) NOT NULL,
+  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE TABLE IF NOT EXISTS payments (
+  id INT AUTO_INCREMENT PRIMARY KEY,
+  student_id INT NOT NULL,
+  amount DECIMAL(12, 2) NOT NULL,
+  payment_date DATE NOT NULL,
+  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+  FOREIGN KEY (student_id) REFERENCES students(id) ON DELETE RESTRICT
+);