project-startup 1.0.2 → 1.1.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "project-startup",
-  "version": "1.0.2",
+  "version": "1.1.0",
   "description": "Minimal session-based auth starter using Express, MySQL, React, Vite, and React Router.",
   "main": "index.js",
   "bin": {

package/template/Logics/Booking/controllers/bookingController.js

@@ -1,41 +1,23 @@
 const db = require("../config/db");
 
 // GET /api/bookings
-// Manager → all bookings with customer + bus details
-// Customer → only their own bookings
 exports.getBookings = async (req, res) => {
     if (req.user.role === "manager") {
         const [bookings] = await db.query(
-            `SELECT
-                bk.id,
-                bk.seats,
-                bk.total_rwf,
-                bk.booked_at,
-                u.name  AS customer_name,
-                u.email AS customer_email,
-                b.plate_number,
-                b.destination,
-                b.departure_time,
-                b.price_rwf
-                FROM bookings bk
-                JOIN users u ON u.id = bk.customer_id
-                JOIN buses  b ON b.id = bk.bus_id
-                ORDER BY bk.booked_at DESC`
+            `SELECT bk.id, bk.seats, bk.total_rwf, bk.booked_at,
+                    u.name AS customer_name, u.email AS customer_email,
+                    b.plate_number, b.destination, b.departure_time, b.price_rwf
+             FROM bookings bk
+             JOIN users u ON u.id = bk.customer_id
+             JOIN buses b ON b.id = bk.bus_id
+             ORDER BY bk.booked_at DESC`
         );
         return res.json(bookings);
     }
 
-    // Customer: only their rows
     const [bookings] = await db.query(
-        `SELECT
-            bk.id,
-            bk.seats,
-            bk.total_rwf,
-            bk.booked_at,
-            b.plate_number,
-            b.destination,
-            b.departure_time,
-            b.price_rwf
+        `SELECT bk.id, bk.seats, bk.total_rwf, bk.booked_at,
+                b.plate_number, b.destination, b.departure_time, b.price_rwf
          FROM bookings bk
          JOIN buses b ON b.id = bk.bus_id
          WHERE bk.customer_id = ?
@@ -46,131 +28,90 @@ exports.getBookings = async (req, res) => {
     res.json(bookings);
 };
 
-// POST /api/bookings  (customer only)
+// POST /api/bookings (customer only) — SIMPLIFIED
 exports.createBooking = async (req, res) => {
     const { busId, seats } = req.body;
 
     if (!busId || !seats || seats < 1) {
-        return res.status(400).json({ error: "busId and seats (≥ 1) are required." });
+        return res.status(400).json({ error: "busId and seats required" });
     }
 
-    // ── Critical section: read and update in one atomic step ───────────────
-    // We use a transaction so two customers can't both grab the last seat.
-    const conn = await db.getConnection();
+    // 1. Get the bus
+    const [buses] = await db.query(
+        "SELECT * FROM buses WHERE id = ?",
+        [busId]
+    );
 
-    try {
-        await conn.beginTransaction();
+    if (buses.length === 0) {
+        return res.status(404).json({ error: "Bus not found" });
+    }
 
-        // Lock this bus row for the duration of the transaction (FOR UPDATE)
-        // This prevents another request from reading stale available_seats
-        const [rows] = await conn.query(
-            "SELECT * FROM buses WHERE id = ? FOR UPDATE",
-            [busId]
-        );
+    const bus = buses[0];
 
-        if (rows.length === 0) {
-            await conn.rollback();
-            return res.status(404).json({ error: "Bus not found." });
-        }
-
-        const bus = rows[0];
-
-        if (new Date(bus.departure_time) <= new Date()) {
-            await conn.rollback();
-            return res.status(400).json({ error: "This bus has already departed." });
-        }
-
-        if (seats > bus.available_seats) {
-            await conn.rollback();
-            return res.status(400).json({
-                error: `Only ${bus.available_seats} seat(s) available.`,
-            });
-        }
-
-        // Decrement available_seats
-        await conn.query(
-            "UPDATE buses SET available_seats = available_seats - ? WHERE id = ?",
-            [seats, busId]
-        );
+    // 2. Check departure time
+    if (new Date(bus.departure_time) <= new Date()) {
+        return res.status(400).json({ error: "Bus already departed" });
+    }
 
-        // Insert the booking record
-        const [result] = await conn.query(
-            `INSERT INTO bookings (bus_id, customer_id, seats, total_rwf)
-             VALUES (?, ?, ?, ?)`,
-            [busId, req.user.id, seats, seats * bus.price_rwf]
-        );
+    // 3. Check seats (simple check, no lock)
+    if (seats > bus.available_seats) {
+        return res.status(400).json({
+            error: `Only ${bus.available_seats} seat(s) available`
+        });
+    }
 
-        await conn.commit();
-
-        // Return the new booking with bus details attached
-        const [booking] = await conn.query(
-            `SELECT
-                bk.id,
-                bk.seats,
-                bk.total_rwf,
-                bk.booked_at,
-                b.plate_number,
-                b.destination,
-                b.departure_time
-             FROM bookings bk
-             JOIN buses b ON b.id = bk.bus_id
-             WHERE bk.id = ?`,
-            [result.insertId]
-        );
+    // 4. Decrement seats AND insert booking (two separate queries)
+    await db.query(
+        "UPDATE buses SET available_seats = available_seats - ? WHERE id = ?",
+        [seats, busId]
+    );
 
-        res.status(201).json(booking[0]);
+    const [result] = await db.query(
+        `INSERT INTO bookings (bus_id, customer_id, seats, total_rwf)
+         VALUES (?, ?, ?, ?)`,
+        [busId, req.user.id, seats, seats * bus.price_rwf]
+    );
 
-    } catch (err) {
-        await conn.rollback();
-        throw err;
-    } finally {
-        conn.release();  // always return connection to pool
-    }
+    // 5. Return the new booking
+    res.status(201).json({
+        id: result.insertId,
+        bus_id: busId,
+        customer_id: req.user.id,
+        seats,
+        total_rwf: seats * bus.price_rwf,
+        plate_number: bus.plate_number,
+        destination: bus.destination,
+        departure_time: bus.departure_time
+    });
 };
 
-// DELETE /api/bookings/:id  (customer only — own bookings)
+// DELETE /api/bookings/:id — SIMPLIFIED
 exports.cancelBooking = async (req, res) => {
-    const conn = await db.getConnection();
-
-    try {
-        await conn.beginTransaction();
-
-        // Find the booking AND confirm it belongs to this customer
-        const [rows] = await conn.query(
-            "SELECT * FROM bookings WHERE id = ? AND customer_id = ?",
-            [req.params.id, req.user.id]
-        );
+    // 1. Find booking and check it belongs to user
+    const [bookings] = await db.query(
+        `SELECT bk.*, b.departure_time
+        FROM bookings bk
+        JOIN buses b ON b.id = bk.bus_id
+        WHERE bk.id = ? AND bk.customer_id = ?`,
+        [req.params.id, req.user.id]
+    );
 
-        if (rows.length === 0) {
-            await conn.rollback();
-            return res.status(404).json({ error: "Booking not found." });
-        }
+    if (bookings.length === 0) {
+        return res.status(404).json({ error: "Booking not found" });
+    }
 
-        const booking = rows[0];
+    const booking = bookings[0];
 
-        // Restore seats only if bus hasn't departed yet
-        const [busRows] = await conn.query(
-            "SELECT departure_time FROM buses WHERE id = ?",
-            [booking.bus_id]
+    // 2. Restore seats only if bus hasn't departed
+    if (new Date(booking.departure_time) > new Date()) {
+        await db.query(
+            "UPDATE buses SET available_seats = available_seats + ? WHERE id = ?",
+            [booking.seats, booking.bus_id]
         );
+    }
 
-        if (busRows.length > 0 && new Date(busRows[0].departure_time) > new Date()) {
-            await conn.query(
-                "UPDATE buses SET available_seats = available_seats + ? WHERE id = ?",
-                [booking.seats, booking.bus_id]
-            );
-        }
-
-        await conn.query("DELETE FROM bookings WHERE id = ?", [booking.id]);
-
-        await conn.commit();
-
-        res.json({ message: "Booking cancelled. Seats have been restored." });
+    // 3. Delete booking
+    await db.query("DELETE FROM bookings WHERE id = ?", [req.params.id]);
 
-    } catch (err) {
-        await conn.rollback();
-        throw err;
-    } finally {
-        conn.release();
-    }
-};
+    res.json({ message: "Booking cancelled" });
+};

package/template/Logics/Booking/controllers/busController.js

@@ -10,124 +10,76 @@ exports.getAllBuses = async (req, res) => {
 
 // GET /api/buses/:id
 exports.getBusById = async (req, res) => {
-    const [rows] = await db.query(
+    const [buses] = await db.query(
         "SELECT * FROM buses WHERE id = ?",
         [req.params.id]
     );
 
-    if (rows.length === 0) {
-        return res.status(404).json({ error: "Bus not found." });
+    if (buses.length === 0) {
+        return res.status(404).json({ error: "Bus not found" });
     }
 
-    res.json(rows[0]);
+    res.json(buses[0]);
 };
 
-// POST /api/buses  (manager only)
+// POST /api/buses (manager only) — SIMPLIFIED
 exports.createBus = async (req, res) => {
     const { plateNumber, destination, maxSeats, departureTime, priceRwf } = req.body;
 
     if (!plateNumber || !destination || !maxSeats || !departureTime || !priceRwf) {
-        return res.status(400).json({ error: "All fields are required." });
-    }
-
-    if (new Date(departureTime) <= new Date()) {
-        return res.status(400).json({ error: "Departure time must be in the future." });
+        return res.status(400).json({ error: "All fields required" });
     }
 
-    // Check for duplicate plate number
-    const [existing] = await db.query(
-        "SELECT id FROM buses WHERE plate_number = ?",
-        [plateNumber]
-    );
-
-    if (existing.length > 0) {
-        return res.status(400).json({ error: "Plate number already exists." });
+    if (new Date(deploymentTime) <= new Date()) {
+        return res.status(400).json({ error: "Departure time must be in future" });
     }
 
     const [result] = await db.query(
-        `INSERT INTO buses
-            (plate_number, destination, max_seats, available_seats, departure_time, price_rwf)
+        `INSERT INTO buses 
+         (plate_number, destination, max_seats, available_seats, departure_time, price_rwf)
          VALUES (?, ?, ?, ?, ?, ?)`,
         [plateNumber, destination, maxSeats, maxSeats, departureTime, priceRwf]
-        //                                   ^ available_seats starts equal to max_seats
     );
 
-    // Fetch and return the newly created row
-    const [rows] = await db.query(
+    const [buses] = await db.query(
         "SELECT * FROM buses WHERE id = ?",
         [result.insertId]
     );
 
-    res.status(201).json(rows[0]);
+    res.status(201).json(buses[0]);
 };
 
-// PUT /api/buses/:id  (manager only)
+// PUT /api/buses/:id (manager only) — SIMPLIFIED
 exports.updateBus = async (req, res) => {
-    const { plateNumber, destination, maxSeats, departureTime, priceRwf } = req.body;
-
-    // Fetch current state first so we can calculate available_seats correctly
-    const [rows] = await db.query(
-        "SELECT * FROM buses WHERE id = ?",
-        [req.params.id]
-    );
-
-    if (rows.length === 0) {
-        return res.status(404).json({ error: "Bus not found." });
-    }
-
-    const bus = rows[0];
-
-    // If maxSeats is being changed, recalculate available_seats:
-    //   available = newMax - (oldMax - oldAvailable)  ← keeps already-booked seats
-    let newAvailable = bus.available_seats;
-
-    if (maxSeats) {
-        const booked = bus.max_seats - bus.available_seats;
-        if (parseInt(maxSeats) < booked) {
-            return res.status(400).json({
-                error: `Cannot reduce max seats below already booked count (${booked}).`,
-            });
-        }
-        newAvailable = parseInt(maxSeats) - booked;
-    }
+    const { plateNumber, destination, departureTime, priceRwf } = req.body;
 
     await db.query(
         `UPDATE buses SET
-            plate_number    = COALESCE(?, plate_number),
-            destination     = COALESCE(?, destination),
-            max_seats       = COALESCE(?, max_seats),
-            available_seats = ?,
-            departure_time  = COALESCE(?, departure_time),
-            price_rwf       = COALESCE(?, price_rwf)
+            plate_number  = COALESCE(?, plate_number),
+            destination   = COALESCE(?, destination),
+            departure_time = COALESCE(?, departure_time),
+            price_rwf     = COALESCE(?, price_rwf)
          WHERE id = ?`,
-        [
-            plateNumber  || null,
-            destination  || null,
-            maxSeats     || null,
-            newAvailable,
-            departureTime|| null,
-            priceRwf     || null,
-            req.params.id,
-        ]
+        [plateNumber, destination, departureTime, priceRwf, req.params.id]
     );
 
-    // Return updated row
-    const [updated] = await db.query("SELECT * FROM buses WHERE id = ?", [req.params.id]);
-    res.json(updated[0]);
+    const [buses] = await db.query(
+        "SELECT * FROM buses WHERE id = ?",
+        [req.params.id]
+    );
+
+    res.json(buses[0]);
 };
 
-// DELETE /api/buses/:id  (manager only)
+// DELETE /api/buses/:id (manager only)
 exports.deleteBus = async (req, res) => {
-    // Check if any bookings exist for this bus
     const [bookings] = await db.query(
         "SELECT id FROM bookings WHERE bus_id = ?",
         [req.params.id]
     );
 
     if (bookings.length > 0) {
-        return res.status(400).json({
-            error: "Cannot delete a bus that has existing bookings.",
-        });
+        return res.status(400).json({ error: "Cannot delete bus with bookings" });
     }
 
     const [result] = await db.query(
@@ -136,8 +88,8 @@ exports.deleteBus = async (req, res) => {
     );
 
     if (result.affectedRows === 0) {
-        return res.status(404).json({ error: "Bus not found." });
+        return res.status(404).json({ error: "Bus not found" });
     }
 
-    res.json({ message: "Bus deleted." });
-};
+    res.json({ message: "Bus deleted" });
+};

package/template/Logics/Stocks/controllers/sparePartController.js

@@ -0,0 +1,104 @@
+const db = require("../db");
+
+// GET /api/parts
+exports.getAllParts = async (req, res) => {
+    const [parts] = await db.query(
+        "SELECT * FROM spare_parts ORDER BY name ASC"
+    );
+    res.json(parts);
+};
+
+// GET /api/parts/:id
+exports.getPartById = async (req, res) => {
+    const [rows] = await db.query(
+        "SELECT * FROM spare_parts WHERE id = ?",
+        [req.params.id]
+    );
+
+    if (rows.length === 0) {
+        return res.status(404).json({ error: "Spare part not found." });
+    }
+
+    res.json(rows[0]);
+};
+
+// POST /api/parts
+exports.createPart = async (req, res) => {
+    const { name, quantity, unitPrice } = req.body;
+
+    if (!name || quantity == null || !unitPrice) {
+        return res.status(400).json({ error: "name, quantity and unitPrice are required." });
+    }
+
+    if (quantity < 0) {
+        return res.status(400).json({ error: "Quantity cannot be negative." });
+    }
+
+    const [result] = await db.query(
+        "INSERT INTO spare_parts (name, quantity, unit_price) VALUES (?, ?, ?)",
+        [name.trim(), quantity, unitPrice]
+    );
+
+    const [rows] = await db.query(
+        "SELECT * FROM spare_parts WHERE id = ?",
+        [result.insertId]
+    );
+
+    res.status(201).json(rows[0]);
+};
+
+// PUT /api/parts/:id
+exports.updatePart = async (req, res) => {
+    const [rows] = await db.query(
+        "SELECT * FROM spare_parts WHERE id = ?",
+        [req.params.id]
+    );
+
+    if (rows.length === 0) {
+        return res.status(404).json({ error: "Spare part not found." });
+    }
+
+    const { name, unitPrice } = req.body;
+    // Note: quantity is managed by stock-in / stock-out, not edited directly
+
+    await db.query(
+        `UPDATE spare_parts SET
+            name       = COALESCE(?, name),
+            unit_price = COALESCE(?, unit_price)
+         WHERE id = ?`,
+        [name || null, unitPrice || null, req.params.id]
+    );
+
+    const [updated] = await db.query(
+        "SELECT * FROM spare_parts WHERE id = ?",
+        [req.params.id]
+    );
+
+    res.json(updated[0]);
+};
+
+// DELETE /api/parts/:id
+exports.deletePart = async (req, res) => {
+    // Block deletion if there are any stock-in records for this part
+    const [stockIns] = await db.query(
+        "SELECT id FROM stock_in WHERE spare_part_id = ?",
+        [req.params.id]
+    );
+
+    if (stockIns.length > 0) {
+        return res.status(400).json({
+            error: "Cannot delete a part that has stock-in records.",
+        });
+    }
+
+    const [result] = await db.query(
+        "DELETE FROM spare_parts WHERE id = ?",
+        [req.params.id]
+    );
+
+    if (result.affectedRows === 0) {
+        return res.status(404).json({ error: "Spare part not found." });
+    }
+
+    res.json({ message: "Spare part deleted." });
+};

package/template/Logics/Stocks/controllers/stockInController.js

@@ -0,0 +1,159 @@
+const db = require("../db");
+
+// GET /api/stock-in
+// Returns all import records joined with part name
+exports.getAllStockIn = async (req, res) => {
+    const [rows] = await db.query(
+        `SELECT
+            si.id,
+            si.quantity,
+            si.remaining_qty,
+            si.unit_price,
+            si.total_price,
+            si.imported_at,
+            sp.id   AS spare_part_id,
+            sp.name AS spare_part_name
+         FROM stock_in si
+         JOIN spare_parts sp ON sp.id = si.spare_part_id
+         ORDER BY si.imported_at DESC`
+    );
+    res.json(rows);
+};
+
+// GET /api/stock-in/:id
+exports.getStockInById = async (req, res) => {
+    const [rows] = await db.query(
+        `SELECT
+            si.*,
+            sp.name AS spare_part_name
+         FROM stock_in si
+         JOIN spare_parts sp ON sp.id = si.spare_part_id
+         WHERE si.id = ?`,
+        [req.params.id]
+    );
+
+    if (rows.length === 0) {
+        return res.status(404).json({ error: "Stock-in record not found." });
+    }
+
+    res.json(rows[0]);
+};
+
+// POST /api/stock-in
+// Creates a new import batch and increments spare_parts.quantity
+exports.createStockIn = async (req, res) => {
+    const { sparePartId, quantity, unitPrice } = req.body;
+
+    if (!sparePartId || !quantity || !unitPrice) {
+        return res.status(400).json({
+            error: "sparePartId, quantity and unitPrice are required.",
+        });
+    }
+
+    if (quantity < 1) {
+        return res.status(400).json({ error: "Quantity must be at least 1." });
+    }
+
+    // Verify the spare part exists
+    const [partRows] = await db.query(
+        "SELECT * FROM spare_parts WHERE id = ?",
+        [sparePartId]
+    );
+
+    if (partRows.length === 0) {
+        return res.status(404).json({ error: "Spare part not found." });
+    }
+
+    const totalPrice = quantity * unitPrice;
+
+    const conn = await db.getConnection();
+
+    try {
+        await conn.beginTransaction();
+
+        // Insert the stock-in batch
+        // remaining_qty starts equal to quantity — decremented by stock-out later
+        const [result] = await conn.query(
+            `INSERT INTO stock_in
+                (spare_part_id, quantity, remaining_qty, unit_price, total_price)
+             VALUES (?, ?, ?, ?, ?)`,
+            [sparePartId, quantity, quantity, unitPrice, totalPrice]
+        );
+
+        // Increment the part's total stock quantity
+        await conn.query(
+            "UPDATE spare_parts SET quantity = quantity + ? WHERE id = ?",
+            [quantity, sparePartId]
+        );
+
+        await conn.commit();
+
+        // Return the full record with part name
+        const [rows] = await conn.query(
+            `SELECT si.*, sp.name AS spare_part_name
+             FROM stock_in si
+             JOIN spare_parts sp ON sp.id = si.spare_part_id
+             WHERE si.id = ?`,
+            [result.insertId]
+        );
+
+        res.status(201).json(rows[0]);
+
+    } catch (err) {
+        await conn.rollback();
+        throw err;
+    } finally {
+        conn.release();
+    }
+};
+
+// DELETE /api/stock-in/:id
+// Only allowed if no stock-out records reference this batch
+exports.deleteStockIn = async (req, res) => {
+    const [rows] = await db.query(
+        "SELECT * FROM stock_in WHERE id = ?",
+        [req.params.id]
+    );
+
+    if (rows.length === 0) {
+        return res.status(404).json({ error: "Stock-in record not found." });
+    }
+
+    const stockIn = rows[0];
+
+    // Block deletion if sales came out of this batch
+    const [sales] = await db.query(
+        "SELECT id FROM stock_out WHERE stock_in_id = ?",
+        [req.params.id]
+    );
+
+    if (sales.length > 0) {
+        return res.status(400).json({
+            error: "Cannot delete a batch that has stock-out records.",
+        });
+    }
+
+    const conn = await db.getConnection();
+
+    try {
+        await conn.beginTransaction();
+
+        // Give the quantity back to the spare part
+        await conn.query(
+            "UPDATE spare_parts SET quantity = quantity - ? WHERE id = ?",
+            [stockIn.quantity, stockIn.spare_part_id]
+        );
+
+        await conn.query("DELETE FROM stock_in WHERE id = ?", [req.params.id]);
+
+        await conn.commit();
+
+        res.json({ message: "Stock-in record deleted and quantity reversed." });
+
+    } catch (err) {
+        await conn.rollback();
+        throw err;
+    } finally {
+        conn.release();
+    }
+};

package/template/Logics/Stocks/controllers/stockOutController.js

@@ -0,0 +1,183 @@
+const db = require("../db");
+
+// GET /api/stock-out
+exports.getAllStockOut = async (req, res) => {
+    const [rows] = await db.query(
+        `SELECT
+            so.id,
+            so.quantity,
+            so.unit_price,
+            so.total_price,
+            so.sold_at,
+            sp.id   AS spare_part_id,
+            sp.name AS spare_part_name,
+            si.id           AS stock_in_id,
+            si.unit_price   AS import_unit_price,
+            si.imported_at
+         FROM stock_out so
+         JOIN stock_in   si ON si.id = so.stock_in_id
+         JOIN spare_parts sp ON sp.id = so.spare_part_id
+         ORDER BY so.sold_at DESC`
+    );
+    res.json(rows);
+};
+
+// GET /api/stock-out/:id
+exports.getStockOutById = async (req, res) => {
+    const [rows] = await db.query(
+        `SELECT
+            so.*,
+            sp.name AS spare_part_name,
+            si.remaining_qty,
+            si.unit_price AS import_unit_price
+         FROM stock_out so
+         JOIN stock_in   si ON si.id = so.stock_in_id
+         JOIN spare_parts sp ON sp.id = so.spare_part_id
+         WHERE so.id = ?`,
+        [req.params.id]
+    );
+
+    if (rows.length === 0) {
+        return res.status(404).json({ error: "Stock-out record not found." });
+    }
+
+    res.json(rows[0]);
+};
+
+// POST /api/stock-out
+// Validates against stock_in.remaining_qty, then decrements both
+// stock_in.remaining_qty and spare_parts.quantity
+exports.createStockOut = async (req, res) => {
+    const { stockInId, quantity, unitPrice } = req.body;
+
+    if (!stockInId || !quantity || !unitPrice) {
+        return res.status(400).json({
+            error: "stockInId, quantity and unitPrice are required.",
+        });
+    }
+
+    if (quantity < 1) {
+        return res.status(400).json({ error: "Quantity must be at least 1." });
+    }
+
+    const conn = await db.getConnection();
+
+    try {
+        await conn.beginTransaction();
+
+        // Lock the stock_in row so two concurrent sales can't oversell the batch
+        const [siRows] = await conn.query(
+            `SELECT si.*, sp.id AS part_id
+             FROM stock_in si
+             JOIN spare_parts sp ON sp.id = si.spare_part_id
+             WHERE si.id = ?
+             FOR UPDATE`,
+            [stockInId]
+        );
+
+        if (siRows.length === 0) {
+            await conn.rollback();
+            return res.status(404).json({ error: "Stock-in batch not found." });
+        }
+
+        const batch = siRows[0];
+
+        // Quantity sold must not exceed what remains in this specific batch
+        if (quantity > batch.remaining_qty) {
+            await conn.rollback();
+            return res.status(400).json({
+                error: `Only ${batch.remaining_qty} unit(s) remaining in this batch.`,
+            });
+        }
+
+        const totalPrice = quantity * unitPrice;
+
+        // Insert the sale record
+        const [result] = await conn.query(
+            `INSERT INTO stock_out
+                (stock_in_id, spare_part_id, quantity, unit_price, total_price)
+             VALUES (?, ?, ?, ?, ?)`,
+            [stockInId, batch.spare_part_id, quantity, unitPrice, totalPrice]
+        );
+
+        // Decrement remaining units in this import batch
+        await conn.query(
+            "UPDATE stock_in SET remaining_qty = remaining_qty - ? WHERE id = ?",
+            [quantity, stockInId]
+        );
+
+        // Decrement the part's total stock
+        await conn.query(
+            "UPDATE spare_parts SET quantity = quantity - ? WHERE id = ?",
+            [quantity, batch.spare_part_id]
+        );
+
+        await conn.commit();
+
+        // Return full record with names attached
+        const [rows] = await conn.query(
+            `SELECT
+                so.*,
+                sp.name AS spare_part_name,
+                si.unit_price AS import_unit_price,
+                si.remaining_qty
+             FROM stock_out so
+             JOIN stock_in   si ON si.id = so.stock_in_id
+             JOIN spare_parts sp ON sp.id = so.spare_part_id
+             WHERE so.id = ?`,
+            [result.insertId]
+        );
+
+        res.status(201).json(rows[0]);
+
+    } catch (err) {
+        await conn.rollback();
+        throw err;
+    } finally {
+        conn.release();
+    }
+};
+
+// DELETE /api/stock-out/:id
+// Reverses the sale: restores remaining_qty on the batch and quantity on the part
+exports.deleteStockOut = async (req, res) => {
+    const [rows] = await db.query(
+        "SELECT * FROM stock_out WHERE id = ?",
+        [req.params.id]
+    );
+
+    if (rows.length === 0) {
+        return res.status(404).json({ error: "Stock-out record not found." });
+    }
+
+    const sale = rows[0];
+    const conn = await db.getConnection();
+
+    try {
+        await conn.beginTransaction();
+
+        // Restore the batch's remaining quantity
+        await conn.query(
+            "UPDATE stock_in SET remaining_qty = remaining_qty + ? WHERE id = ?",
+            [sale.quantity, sale.stock_in_id]
+        );
+
+        // Restore the part's total stock
+        await conn.query(
+            "UPDATE spare_parts SET quantity = quantity + ? WHERE id = ?",
+            [sale.quantity, sale.spare_part_id]
+        );
+
+        await conn.query("DELETE FROM stock_out WHERE id = ?", [sale.id]);
+
+        await conn.commit();
+
+        res.json({ message: "Stock-out record deleted and quantity restored." });
+
+    } catch (err) {
+        await conn.rollback();
+        throw err;
+    } finally {
+        conn.release();
+    }
+};

package/template/Logics/Stocks/schema.sql

@@ -0,0 +1,53 @@
+-- Run once to set up the database:
+--   mysql -u root -p < schema.sql
+
+CREATE DATABASE IF NOT EXISTS spareparts_db;
+USE spareparts_db;
+
+-- ─── Spare Parts ──────────────────────────────────────────────────────────────
+-- Master catalogue of every part.
+-- `quantity` is the current stock level — updated by stock-in and stock-out.
+CREATE TABLE IF NOT EXISTS spare_parts (
+    id         INT PRIMARY KEY AUTO_INCREMENT,
+    name       VARCHAR(150) NOT NULL,
+    quantity   INT NOT NULL DEFAULT 0,   -- current total stock on hand
+    unit_price DECIMAL(12,2) NOT NULL,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
+
+-- ─── Stock In ─────────────────────────────────────────────────────────────────
+-- Each row records one import/purchase transaction.
+-- `remaining_qty` tracks how many units from this specific batch are still
+-- available to sell — decremented by stock-out operations (FIFO model).
+CREATE TABLE IF NOT EXISTS stock_in (
+    id            INT PRIMARY KEY AUTO_INCREMENT,
+    spare_part_id INT NOT NULL,
+    quantity      INT NOT NULL,           -- units imported in this batch
+    remaining_qty INT NOT NULL,           -- units still available from this batch
+    unit_price    DECIMAL(12,2) NOT NULL, -- price paid per unit at import
+    total_price   DECIMAL(12,2) NOT NULL, -- quantity × unit_price
+    imported_at   TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (spare_part_id) REFERENCES spare_parts(id) ON DELETE CASCADE
+);
+
+-- ─── Stock Out ────────────────────────────────────────────────────────────────
+-- Each row records one sale transaction drawn from a specific stock_in batch.
+CREATE TABLE IF NOT EXISTS stock_out (
+    id            INT PRIMARY KEY AUTO_INCREMENT,
+    stock_in_id   INT NOT NULL,           -- which batch was sold from
+    spare_part_id INT NOT NULL,           -- denormalised for easy reporting
+    quantity      INT NOT NULL,           -- units sold
+    unit_price    DECIMAL(12,2) NOT NULL, -- selling price per unit
+    total_price   DECIMAL(12,2) NOT NULL, -- quantity × unit_price
+    sold_at       TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (stock_in_id)   REFERENCES stock_in(id)    ON DELETE CASCADE,
+    FOREIGN KEY (spare_part_id) REFERENCES spare_parts(id) ON DELETE CASCADE
+);
+
+-- ─── Seed data ────────────────────────────────────────────────────────────────
+INSERT IGNORE INTO spare_parts (name, quantity, unit_price) VALUES
+    ('Brake Pads',        50,  12000),
+    ('Oil Filter',        80,   4500),
+    ('Air Filter',        60,   5800),
+    ('Spark Plugs',      120,   2200),
+    ('Timing Belt',       30,  18000);