npm - create-vrrsystem-app - Versions diffs - 1.0.0 - Mend

create-vrrsystem-app 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (64) hide show

package/bin/index.js ADDED Viewed

@@ -0,0 +1,30 @@
+#!/usr/bin/env node
+const fs = require("fs-extra");
+const path = require("path");
+const projectName = process.argv[2];
+if (!projectName) {
+  console.log("Please provide project name");
+  process.exit(1);
+}
+const templateDir = path.join(
+  __dirname,
+  "../templates/VehicleRentalReservationSystem"
+);
+const targetDir = path.join(process.cwd(), projectName);
+fs.copySync(templateDir, targetDir);
+console.log("");
+console.log(" Project created successfully!");
+console.log(`📁 ${projectName}`);
+console.log("");
+console.log("Next steps:");
+console.log(`cd ${projectName}`);
+console.log("cd backend-project && npm install");
+console.log("cd frontend-project && npm install");
+console.log("");

package/package.json ADDED Viewed

@@ -0,0 +1,29 @@
+{
+  "name": "create-vrrsystem-app",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "bin": {
+    "create-vrrs-app": "bin/index.js"
+  },
+  "files": [
+    "bin",
+    "templates"
+  ],
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [
+    "react",
+    "nodejs",
+    "mongodb",
+    "vrr",
+    "vehicle-rental"
+  ],
+  "author": "Teta",
+  "license": "MIT",
+  "type": "commonjs",
+  "dependencies": {
+    "fs-extra": "^11.3.5"
+  }
+}

package/templates/VehicleRentalReservationSystem/Documentation/API.md ADDED Viewed

@@ -0,0 +1,57 @@
+# API Documentation
+Base URL: `http://localhost:5000/api`
+All endpoints (except `/auth/login`, `/auth/register`, `/auth/refresh`) require:
+```
+Authorization: Bearer <accessToken>
+```
+## Auth
+### POST /auth/login
+Body:
+```json
+{ "username": "admin", "password": "admin123" }
+```
+Response:
+```json
+{
+  "user": { "_id": "...", "username": "admin", "role": "ADMIN" },
+  "accessToken": "...",
+  "refreshToken": "..."
+}
+```
+### POST /auth/register
+Body: `{ username, password, fullName?, email?, role? }`
+### POST /auth/refresh
+Body: `{ refreshToken }`
+## Customers
+- `GET /customers?search=&page=1&limit=10`
+- `POST /customers` — `{ fullName, nationalId, phone, email, address }`
+- `PUT /customers/:id`
+- `DELETE /customers/:id` (ADMIN)
+## Vehicles
+- `GET /vehicles?search=&status=AVAILABLE&page=1&limit=10`
+- `POST /vehicles` (ADMIN) — `{ plateNumber, brand, model, year, vehicleType, purchasePrice, dailyRate }`
+## Reservations
+- `GET /reservations?status=PENDING`
+- `POST /reservations` — `{ customerId, vehicleId, startDate, endDate }`
+- `PATCH /reservations/:id/approve`  (ADMIN/MANAGER)
+- `PATCH /reservations/:id/reject`   (ADMIN/MANAGER)
+- `PATCH /reservations/:id/pickup`   (ADMIN/STAFF)
+- `PATCH /reservations/:id/return`   (ADMIN/STAFF)
+## Reports
+- `GET /reports?period=monthly` — period ∈ `daily|weekly|monthly|yearly|all`
+- Returns: `{ period, from, to, count, totalRevenue, rows[] }`
+## Dashboard
+- `GET /dashboard` — full stats payload
+## Users (ADMIN)
+- `GET/POST/PUT/DELETE /users[/:id]`

package/templates/VehicleRentalReservationSystem/Documentation/DFD.md ADDED Viewed

@@ -0,0 +1,62 @@
+# Data Flow Diagram (DFD)
+## External Entities
+- **Customer** — provides personal info, requests reservations
+- **Staff** — creates reservations, performs pickup/return
+- **Manager** — approves/rejects, reviews reports
+- **Admin** — manages users and master data
+## Data Stores
+- D1: Customers
+- D2: Vehicles
+- D3: Reservations / Rentals
+- D4: Users
+## Context Diagram (Level 0 — single process)
+```mermaid
+flowchart LR
+    C[Customer] -->|Reservation Request| VRS((Vehicle Rental & Reservation System))
+    S[Staff] -->|Customer & Reservation Data| VRS
+    M[Manager] -->|Approvals / Report Requests| VRS
+    A[Admin] -->|User & Master Data Mgmt| VRS
+    VRS -->|Receipts / Confirmations| C
+    VRS -->|Operational Lists| S
+    VRS -->|Reports / Analytics| M
+    VRS -->|System Configurations| A
+```
+## Level 0 DFD (decomposition)
+```mermaid
+flowchart TB
+    C[Customer] --> P1[1.0 Manage Customers]
+    S[Staff] --> P1
+    P1 <--> D1[(D1 Customers)]
+    A[Admin] --> P2[2.0 Manage Vehicles]
+    P2 <--> D2[(D2 Vehicles)]
+    S --> P3[3.0 Manage Reservations]
+    P3 <--> D1
+    P3 <--> D2
+    P3 <--> D3[(D3 Reservations/Rentals)]
+    S --> P4[4.0 Manage Rentals]
+    P4 <--> D2
+    P4 <--> D3
+    M[Manager] --> P5[5.0 Approvals]
+    P5 <--> D3
+    M --> P6[6.0 Reports & Analytics]
+    P6 <--> D1
+    P6 <--> D2
+    P6 <--> D3
+    A --> P7[7.0 Manage Users]
+    P7 <--> D4[(D4 Users)]
+    P6 -->|PDF / Excel / CSV| M
+    P3 -->|Confirmation| C
+```

package/templates/VehicleRentalReservationSystem/Documentation/ERD.md ADDED Viewed

@@ -0,0 +1,109 @@
+# Entity Relationship Diagram (ERD)
+## Entities
+### CUSTOMER
+| Field        | Type    | Key |
+|--------------|---------|-----|
+| customerId   | ObjectId| PK  |
+| fullName     | String  |     |
+| nationalId   | String  | UQ  |
+| phone        | String  |     |
+| email        | String  |     |
+| address      | String  |     |
+### VEHICLE
+| Field         | Type     | Key |
+|---------------|----------|-----|
+| vehicleId     | ObjectId | PK  |
+| plateNumber   | String   | UQ  |
+| brand         | String   |     |
+| model         | String   |     |
+| year          | Number   |     |
+| vehicleType   | String   |     |
+| purchasePrice | Number   |     |
+| dailyRate     | Number   |     |
+| status        | Enum     |     |
+### RESERVATION_RENTAL
+| Field               | Type     | Key       |
+|---------------------|----------|-----------|
+| reservationRentalId | ObjectId | PK        |
+| customerId          | ObjectId | FK→CUSTOMER|
+| vehicleId           | ObjectId | FK→VEHICLE |
+| userId              | ObjectId | FK→USERS   |
+| reservationDate     | Date     |           |
+| startDate           | Date     |           |
+| endDate             | Date     |           |
+| reservationStatus   | Enum     |           |
+| rentalDate          | Date     |           |
+| returnDate          | Date     |           |
+| rentalFee           | Number   |           |
+| rentalStatus        | Enum     |           |
+### USERS
+| Field    | Type     | Key |
+|----------|----------|-----|
+| userId   | ObjectId | PK  |
+| username | String   | UQ  |
+| password | String   |     |
+| role     | Enum     |     |
+## Cardinalities
+- CUSTOMER (1) ──< (N) RESERVATION_RENTAL
+- VEHICLE  (1) ──< (N) RESERVATION_RENTAL
+- USERS    (1) ──< (N) RESERVATION_RENTAL
+## Mermaid ERD
+```mermaid
+erDiagram
+    CUSTOMER ||--o{ RESERVATION_RENTAL : "places"
+    VEHICLE  ||--o{ RESERVATION_RENTAL : "is reserved in"
+    USERS    ||--o{ RESERVATION_RENTAL : "creates"
+    CUSTOMER {
+        ObjectId customerId PK
+        string fullName
+        string nationalId UK
+        string phone
+        string email
+        string address
+    }
+    VEHICLE {
+        ObjectId vehicleId PK
+        string plateNumber UK
+        string brand
+        string model
+        int year
+        string vehicleType
+        float purchasePrice
+        float dailyRate
+        string status
+    }
+    RESERVATION_RENTAL {
+        ObjectId reservationRentalId PK
+        ObjectId customerId FK
+        ObjectId vehicleId FK
+        ObjectId userId FK
+        date reservationDate
+        date startDate
+        date endDate
+        string reservationStatus
+        date rentalDate
+        date returnDate
+        float rentalFee
+        string rentalStatus
+    }
+    USERS {
+        ObjectId userId PK
+        string username UK
+        string password
+        string role
+    }
+```
+## Draw.io compatible (text)
+Use Draw.io → Extras → Edit Diagram with the Mermaid snippet above (Draw.io supports Mermaid import directly).

package/templates/VehicleRentalReservationSystem/Documentation/Installation.md ADDED Viewed

@@ -0,0 +1,40 @@
+# Installation Guide
+## Requirements
+- Node.js ≥ 18
+- npm ≥ 9
+- MongoDB ≥ 6 (running on `mongodb://localhost:27017`)
+## Backend
+```bash
+cd backend-project
+npm install
+# .env is already created from .env.example
+npm run seed     # seed DB (users + customers + vehicles + reservations)
+npm run dev      # http://localhost:5000
+```
+## Frontend
+```bash
+cd frontend-project
+npm install
+npm run dev      # http://localhost:5173
+```
+## Login
+- admin / admin123
+- manager / manager123
+- staff / staff123
+## MongoDB Setup
+- Install MongoDB Community Server (https://www.mongodb.com/try/download/community)
+- Start the service:
+  - macOS: `brew services start mongodb-community`
+  - Linux: `sudo systemctl start mongod`
+  - Windows: MongoDB runs as a service after install
+- The database `VRS` is created automatically on first connection.
+## Deployment
+- **Backend** → deploy to Render / Railway / Heroku / VPS. Set env vars (`MONGO_URI`, `JWT_SECRET`, `JWT_REFRESH_SECRET`, `CLIENT_URL`).
+- **Frontend** → `npm run build` then deploy `dist/` to Netlify / Vercel / static host. Set `VITE_API_URL` and adjust `vite.config.js` proxy or call full URL.
+- **Database** → MongoDB Atlas free tier recommended for production.

package/templates/VehicleRentalReservationSystem/README.md ADDED Viewed

@@ -0,0 +1,165 @@
+# 🚗 Vehicle Rental & Reservation System (VRS)
+**SwiftWheels Enterprises — Huye City, Southern Province, Rwanda**
+A complete production-ready MERN stack web application that digitizes SwiftWheels' previously paper-based operations: vehicle reservations, rentals, customers, vehicles, staff activities, and management reporting.
+---
+## 🧱 Tech Stack
+**Frontend:** React 18, Vite, Tailwind CSS, Axios, React Router DOM, Framer Motion, React Hook Form, Recharts, React Icons, React Toastify, jsPDF, xlsx
+**Backend:** Node.js, Express, MongoDB, Mongoose, JWT, bcryptjs, Helmet, CORS, Express Validator, express-rate-limit
+**Database:** MongoDB (database name: `VRS`)
+---
+## 📁 Project Structure
+```
+VehicleRentalReservationSystem/
+├── backend-project/        Express + MongoDB API (MVC)
+├── frontend-project/       React + Vite + Tailwind UI
+├── Documentation/          ERD, DFD, API docs, deployment guide
+└── README.md
+```
+---
+## ⚙️ Installation
+### 1. Prerequisites
+- Node.js ≥ 18
+- MongoDB running locally on `mongodb://localhost:27017`
+- Git
+### 2. Backend
+```bash
+cd backend-project
+npm install
+cp .env.example .env       # already provided
+npm run seed               # creates default users + 20 customers + 20 vehicles + 30 reservations
+npm run dev                # starts API at http://localhost:5000
+```
+### 3. Frontend
+```bash
+cd frontend-project
+npm install
+npm run dev                # starts UI at http://localhost:5173
+```
+The frontend proxies `/api/*` to the backend, so no extra config is needed.
+---
+## 🔐 Default Accounts
+| Role     | Username | Password    |
+|----------|----------|-------------|
+| Admin    | admin    | admin123    |
+| Manager  | manager  | manager123  |
+| Staff    | staff    | staff123    |
+---
+## 👥 Roles & Permissions
+| Module        | ADMIN | MANAGER | STAFF |
+|---------------|:-----:|:-------:|:-----:|
+| Dashboard     |   ✅  |    ✅   |   ✅  |
+| Customers     |   ✅  |    👁   |   ✅  |
+| Vehicles      |   ✅  |    👁   |   👁  |
+| Reservations  |   ✅  |  approve|   ✅  |
+| Rentals       |   ✅  |    👁   |   ✅  |
+| Reports       |   ✅  |    ✅   |   ✅  |
+| Users         |   ✅  |    —    |   —   |
+---
+## 🌟 Features
+- 🔐 **JWT Authentication** with refresh tokens, password hashing (bcrypt), protected routes
+- 👤 **Role-Based Access Control** (ADMIN / MANAGER / STAFF)
+- 📊 **Analytics Dashboard** — total/available/reserved/rented vehicles, customers, revenue, recent activity, charts (Recharts)
+- 🚗 **Vehicles Module** — CRUD, status management (AVAILABLE / RESERVED / RENTED / MAINTENANCE), search, filter, pagination
+- 👥 **Customers Module** — CRUD, validation (NID/phone/email), search, pagination
+- 📅 **Reservations Module** — create, approve, reject, pickup, return; automatic fee calculation; late-return surcharge (1.5×)
+- 🔑 **Rentals Module** — pickup/return workflow tracking
+- 📑 **Reports Module** — Daily / Weekly / Monthly / Yearly / All-time
+- 📥 **Export** — PDF (jsPDF), Excel (xlsx), CSV, Print
+- 🌗 **Dark / Light Mode** with persistence
+- 💎 **Premium Glassmorphism UI** with Tailwind + Framer Motion animations
+- 🛡 **Security** — Helmet, CORS, rate limiting, input validation, sanitization
+---
+## 🌐 API Endpoints
+### Auth
+- `POST /api/auth/register` — register user
+- `POST /api/auth/login` — login (returns `accessToken`, `refreshToken`)
+- `POST /api/auth/refresh` — refresh access token
+- `POST /api/auth/logout`
+- `GET  /api/auth/me`
+### Customers
+- `GET    /api/customers`   `?search=&page=&limit=`
+- `GET    /api/customers/:id`
+- `POST   /api/customers`
+- `PUT    /api/customers/:id`
+- `DELETE /api/customers/:id`
+### Vehicles
+- `GET    /api/vehicles`   `?search=&status=&page=&limit=`
+- `GET    /api/vehicles/:id`
+- `POST   /api/vehicles`
+- `PUT    /api/vehicles/:id`
+- `DELETE /api/vehicles/:id`
+### Reservations / Rentals
+- `GET    /api/reservations`
+- `POST   /api/reservations`
+- `PUT    /api/reservations/:id`
+- `DELETE /api/reservations/:id`
+- `PATCH  /api/reservations/:id/approve`
+- `PATCH  /api/reservations/:id/reject`
+- `PATCH  /api/reservations/:id/pickup`
+- `PATCH  /api/reservations/:id/return`
+### Reports
+- `GET /api/reports?period=daily|weekly|monthly|yearly|all`
+### Dashboard
+- `GET /api/dashboard`
+### Users (ADMIN only)
+- `GET / POST / PUT / DELETE  /api/users[/:id]`
+---
+## 🗄 Database (MongoDB — `VRS`)
+Collections: `users`, `customers`, `vehicles`, `reservationrentals`
+See **Documentation/ERD.md** and **Documentation/DFD.md** for full diagrams.
+---
+## 🎨 Design Tokens
+| Token       | Value     |
+|-------------|-----------|
+| Primary     | `#1E293B` |
+| Secondary   | `#334155` |
+| Accent      | `#2563EB` |
+| Background  | `#F8FAFC` |
+| Dark BG     | `#0F172A` |
+---
+## 📜 License
+Proprietary — © SwiftWheels Enterprises, Huye, Rwanda.

package/templates/VehicleRentalReservationSystem/backend-project/.env.example ADDED Viewed

@@ -0,0 +1,8 @@
+PORT=5000
+MONGO_URI=mongodb://localhost:27017/VRS
+JWT_SECRET=swiftwheels_super_secret_key_change_me
+JWT_REFRESH_SECRET=swiftwheels_refresh_secret_key_change_me
+JWT_EXPIRES_IN=1d
+JWT_REFRESH_EXPIRES_IN=7d
+NODE_ENV=development
+CLIENT_URL=http://localhost:5173

package/templates/VehicleRentalReservationSystem/backend-project/config/db.js ADDED Viewed

@@ -0,0 +1,10 @@
+const mongoose = require('mongoose');
+module.exports = async function connectDB() {
+  try {
+    await mongoose.connect(process.env.MONGO_URI);
+    console.log('✅ MongoDB connected:', mongoose.connection.name);
+  } catch (err) {
+    console.error('❌ MongoDB error:', err.message);
+    process.exit(1);
+  }
+};

package/templates/VehicleRentalReservationSystem/backend-project/controllers/auth.controller.js ADDED Viewed

@@ -0,0 +1,39 @@
+const User = require('../models/User');
+const jwt = require('jsonwebtoken');
+const { signAccess, signRefresh } = require('../utils/token');
+exports.register = async (req, res, next) => {
+  try {
+    const { username, password, fullName, email, role } = req.body;
+    const exists = await User.findOne({ username });
+    if (exists) return res.status(409).json({ message: 'Username already exists' });
+    const user = await User.create({ username, password, fullName, email, role: role || 'STAFF' });
+    res.status(201).json({ user, accessToken: signAccess(user), refreshToken: signRefresh(user) });
+  } catch (e) { next(e); }
+};
+exports.login = async (req, res, next) => {
+  try {
+    const { username, password } = req.body;
+    const user = await User.findOne({ username });
+    if (!user) return res.status(401).json({ message: 'Invalid credentials' });
+    const ok = await user.compare(password);
+    if (!ok) return res.status(401).json({ message: 'Invalid credentials' });
+    if (!user.active) return res.status(403).json({ message: 'Account disabled' });
+    res.json({ user, accessToken: signAccess(user), refreshToken: signRefresh(user) });
+  } catch (e) { next(e); }
+};
+exports.refresh = async (req, res, next) => {
+  try {
+    const { refreshToken } = req.body;
+    if (!refreshToken) return res.status(400).json({ message: 'No refresh token' });
+    const decoded = jwt.verify(refreshToken, process.env.JWT_REFRESH_SECRET);
+    const user = await User.findById(decoded.id);
+    if (!user) return res.status(401).json({ message: 'Invalid token' });
+    res.json({ accessToken: signAccess(user), refreshToken: signRefresh(user) });
+  } catch (e) { res.status(401).json({ message: 'Invalid refresh token' }); }
+};
+exports.logout = (req, res) => res.json({ message: 'Logged out' });
+exports.me = (req, res) => res.json({ user: req.user });

package/templates/VehicleRentalReservationSystem/backend-project/controllers/customer.controller.js ADDED Viewed

@@ -0,0 +1,19 @@
+const Customer = require('../models/Customer');
+exports.list = async (req, res, next) => {
+  try {
+    const { search = '', page = 1, limit = 10 } = req.query;
+    const q = search ? { $or: [
+      { fullName: new RegExp(search, 'i') },
+      { nationalId: new RegExp(search, 'i') },
+      { phone: new RegExp(search, 'i') },
+      { email: new RegExp(search, 'i') }
+    ]} : {};
+    const total = await Customer.countDocuments(q);
+    const items = await Customer.find(q).sort('-createdAt').skip((page-1)*limit).limit(+limit);
+    res.json({ items, total, page: +page, pages: Math.ceil(total/limit) });
+  } catch (e) { next(e); }
+};
+exports.get = async (req, res, next) => { try { const c = await Customer.findById(req.params.id); if(!c) return res.status(404).json({message:'Not found'}); res.json(c);} catch(e){next(e);} };
+exports.create = async (req, res, next) => { try { res.status(201).json(await Customer.create(req.body)); } catch(e){next(e);} };
+exports.update = async (req, res, next) => { try { const c = await Customer.findByIdAndUpdate(req.params.id, req.body, { new: true, runValidators: true }); if(!c) return res.status(404).json({message:'Not found'}); res.json(c);} catch(e){next(e);} };
+exports.remove = async (req, res, next) => { try { await Customer.findByIdAndDelete(req.params.id); res.json({ message: 'Deleted' }); } catch(e){next(e);} };

package/templates/VehicleRentalReservationSystem/backend-project/controllers/dashboard.controller.js ADDED Viewed

@@ -0,0 +1,48 @@
+const Vehicle = require('../models/Vehicle');
+const Customer = require('../models/Customer');
+const RR = require('../models/ReservationRental');
+exports.stats = async (req, res, next) => {
+  try {
+    const [totalVehicles, available, reserved, rented, customers, reservations] = await Promise.all([
+      Vehicle.countDocuments(),
+      Vehicle.countDocuments({ status: 'AVAILABLE' }),
+      Vehicle.countDocuments({ status: 'RESERVED' }),
+      Vehicle.countDocuments({ status: 'RENTED' }),
+      Customer.countDocuments(),
+      RR.countDocuments()
+    ]);
+    const revenueAgg = await RR.aggregate([{ $group: { _id: null, total: { $sum: '$rentalFee' } } }]);
+    const totalRevenue = revenueAgg[0]?.total || 0;
+    const startOfMonth = new Date(); startOfMonth.setDate(1); startOfMonth.setHours(0,0,0,0);
+    const monthlyAgg = await RR.aggregate([
+      { $match: { createdAt: { $gte: startOfMonth } } },
+      { $group: { _id: null, total: { $sum: '$rentalFee' } } }
+    ]);
+    const monthlyRevenue = monthlyAgg[0]?.total || 0;
+    const recentReservations = await RR.find().sort('-createdAt').limit(5).populate('customerId').populate('vehicleId');
+    const recentRentals = await RR.find({ rentalDate: { $ne: null } }).sort('-rentalDate').limit(5).populate('customerId').populate('vehicleId');
+    // monthly revenue chart - last 6 months
+    const months = [];
+    for (let i = 5; i >= 0; i--) {
+      const d = new Date(); d.setMonth(d.getMonth() - i); d.setDate(1); d.setHours(0,0,0,0);
+      const end = new Date(d); end.setMonth(end.getMonth() + 1);
+      const agg = await RR.aggregate([
+        { $match: { createdAt: { $gte: d, $lt: end } } },
+        { $group: { _id: null, total: { $sum: '$rentalFee' }, count: { $sum: 1 } } }
+      ]);
+      months.push({ month: d.toLocaleString('en', { month: 'short' }), revenue: agg[0]?.total || 0, count: agg[0]?.count || 0 });
+    }
+    const vehicleTypeAgg = await Vehicle.aggregate([{ $group: { _id: '$vehicleType', count: { $sum: 1 } } }]);
+    res.json({
+      totalVehicles, available, reserved, rented, customers, reservations,
+      totalRevenue, monthlyRevenue,
+      recentReservations, recentRentals, monthlyChart: months,
+      vehicleTypes: vehicleTypeAgg.map(x => ({ type: x._id, count: x.count }))
+    });
+  } catch (e) { next(e); }
+};

package/templates/VehicleRentalReservationSystem/backend-project/controllers/report.controller.js ADDED Viewed

@@ -0,0 +1,45 @@
+const RR = require('../models/ReservationRental');
+function rangeFor(period) {
+  const end = new Date();
+  const start = new Date();
+  if (period === 'daily') start.setHours(0,0,0,0);
+  else if (period === 'weekly') start.setDate(start.getDate() - 7);
+  else if (period === 'monthly') start.setMonth(start.getMonth() - 1);
+  else if (period === 'yearly') start.setFullYear(start.getFullYear() - 1);
+  else start.setFullYear(2000);
+  return { start, end };
+}
+exports.generate = async (req, res, next) => {
+  try {
+    const { period = 'monthly', from, to } = req.query;
+    let start, end;
+    if (from && to) { start = new Date(from); end = new Date(to); }
+    else ({ start, end } = rangeFor(period));
+    const items = await RR.find({ createdAt: { $gte: start, $lte: end } })
+      .populate('customerId').populate('vehicleId').populate('userId', 'username fullName')
+      .sort('-createdAt');
+    const rows = items.map(r => ({
+      customerName: r.customerId?.fullName || '-',
+      nationalId: r.customerId?.nationalId || '-',
+      phone: r.customerId?.phone || '-',
+      plateNumber: r.vehicleId?.plateNumber || '-',
+      brand: r.vehicleId?.brand || '-',
+      model: r.vehicleId?.model || '-',
+      year: r.vehicleId?.year || '-',
+      vehicleType: r.vehicleId?.vehicleType || '-',
+      reservationDate: r.reservationDate,
+      rentalDate: r.rentalDate,
+      returnDate: r.returnDate,
+      reservationStatus: r.reservationStatus,
+      rentalStatus: r.rentalStatus,
+      rentalFee: r.rentalFee
+    }));
+    const totalRevenue = rows.reduce((s, r) => s + (r.rentalFee || 0), 0);
+    res.json({ period, from: start, to: end, count: rows.length, totalRevenue, rows });
+  } catch (e) { next(e); }
+};