Background Service handling the Fiscalismia infrastructure. Fiscalismia is a Web Service for visualizing, analyzing, aggregating, importing and exporting personal finance data. Data can consist of variable and fixed costs, income, sales and investments. Advanced capabilities are available for dynamically updating supermarket grocery deals via web automation scraping data from supermarket websites.
fiscalismia-backend consists of an express server running a REST API. Requests from the frontend are handled by the backend's REST API querying data from a postgres db. The database runs within a docker container for development. JWT tokens are used for authentication. Local Browser Storage for Session Cookies. The REST API is designed with full CRUD operations in mind, allowing for dynamic user input, sanitized before being commited to the db. In production, we use a cloud-hosted scale-to-zero PostgreSQL database on Neon.tech with a generous free tier. The backend is built in a continuous integration pipeline, tested, scanned for vulnerabilities and published as a docker image to a public docker registry for later deployment in your environment of choice.
- Github Actions: CI/CD Pipeline for automating type checking, eslint analysis, REST API testing, vulnerability scanning, building, publishing and deploying.
- Docker: The final build artifact from compiled src code is a docker image published to a registry and deployed in the cloud.
- TypeScript: Statically typed JS with high strictness level and compile target ESNext. Mid-project Migration from plain JavaScript (ECMAScript 2016).
- Node.js: A JavaScript runtime built on Chrome's V8 JavaScript engine, used for server-side development.
- Express Server: A fast, unopinionated, minimalist web framework for Node.js, used to build the backend server.
- Supertest: A testing library for HTTP assertions, employed for REST API testing to ensure the reliability of the server.
- JWT Auth: JSON Web Token authentication is used for securing and verifying the authenticity of API requests.
- Snyk: Static Code security analysis, dependency security analysis, monitoring and notifications on detected security issues.
- ESLint and Prettier: Linter and Formatter for ensuring code quality and enforcing coding standards.
- Winston Logger: A versatile logging library for Node.js, utilized for logging events and errors in the server.
- Nodemon/ts-node: Hot Reload upon file changes of the server during development, enhancing the development workflow.
-
Triggers:
- Runs on every push and pull request to the
mainbranch.
- Runs on every push and pull request to the
-
Job:
test:- Steps:
- Set up Node.js (v20.12.2), install dependencies and Snyk.
- Run type checks and ESLint analysis.
- Perform Snyk static code and dependency security analysis.
- Publish type check, ESLint, and Snyk reports as artifacts.
- Initialize a fresh Postgres database and seed with DDL/DML scripts.
- Run API tests against the pipeline database using
supertest.
- Steps:
-
Job:
build:- Steps:
- Build Backend Docker image.
- Publish Docker image to GHCR (TODO: Switch to AWS ECR)
- Steps:
-
Job:
deploy:- Steps:
- TODO: Deploy on Hetzner Self Managed Kubernetes via ArgoCD (K3s)
- TODO: Setup AWS S3 bucket for file upload persistence
- Steps:
Dependencies
-
Node.js: Ensure that Node.js is installed on your local machine, with a minimum version of 20.9. You can download Node.js via Node Version Switcher here or directly from the source here.
-
Docker & Docker Compose Ensure that Docker is installed in your local development environment. Get Docker here and Docker Compose here.
-
Clone the Repository: git clone https://github.com/your-username/fiscalismia-backend.git
Installation
-
Navigate to the Project Folder:
cd fiscalismia-backend -
Install Dependencies:
npm install
-
Environment Variables:
Store the
.envin the root folder offiscalismia-backend. Ensure that you never upload this file to Git, as it contains sensitive information!DB_CONNECTION_URLis only required in production, as this points to the cloud hosted db.# App & Server JWT_SECRET=xxx DB_CONNECTION_URL= FRONTEND_PORT=3001 BACKEND_PORT=3002 HOST_ADDRESS=localhost # Local Docker DB Setup POSTGRES_USER=fiscalismia_api POSTGRES_HOST=fiscalismia-postgres POSTGRES_DB=fiscalismia POSTGRES_PASSWORD=xxx POSTGRES_PORT=5432 # PIPELINE INTEGRATIONS SNYK_TOKEN=
-
Github Secrets:
Set up Github Secrets in your Repository Settings, for the pipeline to run successfully. These can and should be the same as in your
.envfile.JWT_SECRET POSTGRES_PASSWORD SNYK_TOKEN
-
Option 1: Docker Compose
To run the entire stack in development mode
docker compose build docker compose up
-
Option 2: Locally
Development Database
docker compose up fiscalismia-postgres
Run only the backend locally pointing to local db defined in
.envfile keys.npm run server
-
Option 3: Docker
Development Database
docker compose up fiscalismia-postgres
Docker Run (Linux Syntax)
Run only the backend dev container pointing to local db defined in
.envfile keys.docker build --pull --no-cache --rm -f "Dockerfile.dev" -t fiscalismia-backend-dev:latest "." docker run -v $PWD/src:/fiscalismia-backend/src -v $PWD/public:/fiscalismia-backend/public --env-file .env --net fiscalismia-network --rm -it -p 3002:3002 --name fiscalismia-backend-dev fiscalismia-backend-dev:latest
Docker Run (Windows Syntax)
Run only the backend dev container pointing to local db defined in
.envfile keys.docker build --pull --no-cache --rm -f "Dockerfile.dev" -t fiscalismia-backend-dev:latest "." docker run -v %cd%\src:/fiscalismia-backend/src -v %cd%\public:/fiscalismia-backend/public --env-file .env --net fiscalismia-network --rm -it -p 3002:3002 --name fiscalismia-backend-dev fiscalismia-backend-dev:latest
Production build with cloud database (Linux Syntax)
NOTE:
DB_CONNECTION_URLto remote postgres must be set in.envfile.docker build --pull --no-cache --rm -f "Dockerfile" -t fiscalismia-backend:latest "." docker run --network fiscalismia-network -v $PWD/public:/fiscalismia-backend/public --env-file .env --net fiscalismia-network --rm -it -p 3002:3002 --name fiscalismia-backend fiscalismia-backend:latest
Production build with cloud database (Windows Syntax)
NOTE:
DB_CONNECTION_URLto remote postgres must be set in.envfile.docker build --pull --no-cache --rm -f "Dockerfile" -t fiscalismia-backend:latest "." docker run --network fiscalismia-network -v %cd%\public:/fiscalismia-backend/public --env-file .env --net fiscalismia-network --rm -it -p 3002:3002 --name fiscalismia-backend fiscalismia-backend:latest
All tests generate report files in the reports/ subdirectory.
-
REST API tests /w supertest:
We use supertest for testing the REST API which can be executed via running the test script from a second console while the dev database is up and running.
npm run test -
Static Code Analysis
Eslint is used to ensure a consistent codebase adhering to certain coding standards configured in
.eslintrc.js. Typecheck runs the Typescript Compiler which is configured with high strictness intsconfig.json.npm run typeCheck npm run eslintAnalysis
-
Snyk Security Analysis
SNYK_TOKENhas to be set in.envfile. Get one for free by creating a snyk account hereOnce per workspace
# with snyk cli installed snyk auth SNYK_TOKEN # without snyk cli installed npx snyk auth SNYK_TOKEN
Vulnerability scanning of both the codebase, especially relevant for issues such as SQL Injection and XSS(Cross Site Scripting).
npm run snykCodeAnalysis npm run snykDependencyAnalysis
Once the server is up and running, it will be ready to handle API requests from your frontend application or REST API Client at http://localhost:3002/api/fiscalismia
Accessing the Database via CLI
docker exec -it YOUR_DOCKER_HASH sh
psql -U $POSTGRES_USER -d $POSTGRES_DB -h $POSTGRES_HOST -p $POSTGRES_PORTAccessing the Database via DB Client
You can run DBeaver or a database client of your choice and use the .env file connection strings
POSTGRES_USER | POSTGRES_HOST | POSTGRES_DB | POSTGRES_PASSWORD | POSTGRES_PORT
Accessing Protected Routes
A valid user is required.
Default credentials are
admin changeit
Alternatively use a POST request to http://localhost:3002/api/fiscalismia/um/credentials carrying a user object.
// the user has to be whitelisted in the db table username_whitelist
{ "username": "yourUser", "email": "user@mailserver.domain", "password": "yourPassword" }User can also be created easily via the frontend login mask.
All important routes are protected and require an Authorization header reading 'Bearer token' where token is a jwt-token received after posting valid user credentials to http://localhost:3002/api/fiscalismia/um/login
result:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7InVzZXJJZCI6MSwidXNlck5hbWUiOiJhZG1pbiIsInVzZXJFbWFpbCI6ImhlcnBfZGVycEBnbWFpbC5pbyJ9LCJpYXQiOjE3MDczMDk4MTgsImV4cCI6MTcwNzM5NjIxOH0.RkxSnXZZAwHIi-QPR57KtLiVdeRn3FybfPtCosM4rqY
GET http://localhost:3002/api/fiscalismia/ HTTP/1.1
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7InVzZXJJZCI6MSwidXNlck5hbWUiOiJhZG1pbiIsInVzZXJFbWFpbCI6ImhlcnBfZGVycEBnbWFpbC5pbyJ9LCJpYXQiOjE3MDczMDk4MTgsImV4cCI6MTcwNzM5NjIxOH0.RkxSnXZZAwHIi-QPR57KtLiVdeRn3FybfPtCosM4rqY-
Set up Cloud DB
I recommend using scale-to-zero cloud-native postgresql with a generous free tier at neon.tech
-
Build docker image
Hint: %cd% backslash file path command is unique to windows, in unix based systems, replace it with $PWD forward slash
docker build --pull --no-cache --rm -f "Dockerfile" -t fiscalismia-backend:latest "." docker run -v %cd%\public:/fiscalismia-backend/public --env-file .env --rm -it -p 3002:3002 --name fiscalismia-backend fiscalismia-backend:latest -
Provisioning of AWS S3 Bucket for Image Upload
Todo
-
Automatic Docker Build and Push to private AWS ECR in Github Actions Pipeline
Todo
-
Deployment to public AWS EC2 Instance via Github Actions Pipeline
Todo
-
Configure and Initialize Database
The development database initialization script can be used for this purpose, specifically
database/pgsql-ddl.sql.Bulk data insertion is handled via TSV files in a specific format in the admin area. The essentials can be gathered from the first lines of
database/pgsql-dml.sqlespecially the username whitelist and username, email, password in theum_tables.
This project is licensed under the MIT License.