Maybe/app/views/api/v1/transactions/_transaction.json.jbuilder

# frozen_string_literal: true

json.id transaction.id
json.date transaction.entry.date
json.amount transaction.entry.amount_money.format
json.currency transaction.entry.currency
json.name transaction.entry.name
json.notes transaction.entry.notes
json.classification transaction.entry.classification

# Account information
json.account do
  json.id transaction.entry.account.id
  json.name transaction.entry.account.name
  json.account_type transaction.entry.account.accountable_type.underscore
end

# Category information
if transaction.category.present?
  json.category do
    json.id transaction.category.id
    json.name transaction.category.name
    json.classification transaction.category.classification
    json.color transaction.category.color
    json.icon transaction.category.lucide_icon
  end
else
  json.category nil
end

# Merchant information
if transaction.merchant.present?
  json.merchant do
    json.id transaction.merchant.id
    json.name transaction.merchant.name
  end
else
  json.merchant nil
end

# Tags
json.tags transaction.tags do |tag|
  json.id tag.id
  json.name tag.name
  json.color tag.color
end

# Transfer information (if this transaction is part of a transfer)
if transaction.transfer.present?
  json.transfer do
    json.id transaction.transfer.id
    json.amount transaction.transfer.amount_abs.format
    json.currency transaction.transfer.inflow_transaction.entry.currency

    # Other transaction in the transfer
    if transaction.transfer.inflow_transaction == transaction
      other_transaction = transaction.transfer.outflow_transaction
    else
      other_transaction = transaction.transfer.inflow_transaction
    end

    if other_transaction.present?
      json.other_account do
        json.id other_transaction.entry.account.id
        json.name other_transaction.entry.account.name
        json.account_type other_transaction.entry.account.accountable_type.underscore
      end
    end
  end
else
  json.transfer nil
end

# Additional metadata
json.created_at transaction.created_at.iso8601
json.updated_at transaction.updated_at.iso8601
Add comprehensive API v1 with OAuth and API key authentication (#2389) * OAuth * Add API test routes and update Doorkeeper token handling for test environment - Introduced API namespace with test routes for controller testing in the test environment. - Updated Doorkeeper configuration to allow fallback to plain tokens in the test environment for easier testing. - Modified schema to change resource_owner_id type from bigint to string. * Implement API key authentication and enhance access control - Replaced Doorkeeper OAuth authentication with a custom method supporting both OAuth and API keys in the BaseController. - Added methods for API key authentication, including validation and logging. - Introduced scope-based authorization for API keys in the TestController. - Updated routes to include API key management endpoints. - Enhanced logging for API access to include authentication method details. - Added tests for API key functionality, including validation, scope checks, and access control enforcement. * Add API key rate limiting and usage tracking - Implemented rate limiting for API key authentication in BaseController. - Added methods to check rate limits, render appropriate responses, and include rate limit headers in responses. - Updated routes to include a new usage resource for tracking API usage. - Enhanced tests to verify rate limit functionality, including exceeding limits and per-key tracking. - Cleaned up Redis data in tests to ensure isolation between test cases. * Add Jbuilder for JSON rendering and refactor AccountsController - Added Jbuilder gem for improved JSON response handling. - Refactored index action in AccountsController to utilize Jbuilder for rendering JSON. - Removed manual serialization of accounts and streamlined response structure. - Implemented a before_action in BaseController to enforce JSON format for all API requests. * Add transactions resource to API routes - Added routes for transactions, allowing index, show, create, update, and destroy actions. - This enhancement supports comprehensive transaction management within the API. * Enhance API authentication and onboarding handling - Updated BaseController to skip onboarding requirements for API endpoints and added manual token verification for OAuth authentication. - Improved error handling and logging for invalid access tokens. - Introduced a method to set up the current context for API requests, ensuring compatibility with session-like behavior. - Excluded API paths from onboarding redirects in the Onboardable concern. - Updated database schema to change resource_owner_id type from bigint to string for OAuth access grants. * Fix rubocop offenses - Fix indentation and spacing issues - Convert single quotes to double quotes - Add spaces inside array brackets - Fix comment alignment - Add missing trailing newlines - Correct else/end alignment 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Fix API test failures and improve test reliability - Fix ApiRateLimiterTest by removing mock users method and using fixtures - Fix UsageControllerTest by removing mock users method and using fixtures - Fix BaseControllerTest by using different users for multiple API keys - Use unique display_key values with SecureRandom to avoid conflicts - Fix double render issue in UsageController by returning after authorize_scope\! - Specify controller name in routes for usage resource - Remove trailing whitespace and empty lines per Rubocop All tests now pass and linting is clean. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Add API transactions controller warning to brakeman ignore The account_id parameter in the API transactions controller is properly validated on line 79: family.accounts.find(transaction_params[:account_id]) This ensures users can only create transactions in accounts belonging to their family, making this a false positive. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Signed-off-by: Josh Pigford <josh@joshpigford.com> Co-authored-by: Claude <noreply@anthropic.com> 2025-06-17 15:57:05 -05:00			`# frozen_string_literal: true`

			`json.id transaction.id`
			`json.date transaction.entry.date`
			`json.amount transaction.entry.amount_money.format`
			`json.currency transaction.entry.currency`
			`json.name transaction.entry.name`
			`json.notes transaction.entry.notes`
			`json.classification transaction.entry.classification`

			`# Account information`
			`json.account do`
			`json.id transaction.entry.account.id`
			`json.name transaction.entry.account.name`
			`json.account_type transaction.entry.account.accountable_type.underscore`
			`end`

			`# Category information`
			`if transaction.category.present?`
			`json.category do`
			`json.id transaction.category.id`
			`json.name transaction.category.name`
			`json.classification transaction.category.classification`
			`json.color transaction.category.color`
			`json.icon transaction.category.lucide_icon`
			`end`
			`else`
			`json.category nil`
			`end`

			`# Merchant information`
			`if transaction.merchant.present?`
			`json.merchant do`
			`json.id transaction.merchant.id`
			`json.name transaction.merchant.name`
			`end`
			`else`
			`json.merchant nil`
			`end`

			`# Tags`
			`json.tags transaction.tags do \|tag\|`
			`json.id tag.id`
			`json.name tag.name`
			`json.color tag.color`
			`end`

			`# Transfer information (if this transaction is part of a transfer)`
			`if transaction.transfer.present?`
			`json.transfer do`
			`json.id transaction.transfer.id`
			`json.amount transaction.transfer.amount_abs.format`
			`json.currency transaction.transfer.inflow_transaction.entry.currency`

			`# Other transaction in the transfer`
			`if transaction.transfer.inflow_transaction == transaction`
			`other_transaction = transaction.transfer.outflow_transaction`
			`else`
			`other_transaction = transaction.transfer.inflow_transaction`
			`end`

			`if other_transaction.present?`
			`json.other_account do`
			`json.id other_transaction.entry.account.id`
			`json.name other_transaction.entry.account.name`
			`json.account_type other_transaction.entry.account.accountable_type.underscore`
			`end`
			`end`
			`end`
			`else`
			`json.transfer nil`
			`end`

			`# Additional metadata`
			`json.created_at transaction.created_at.iso8601`
			`json.updated_at transaction.updated_at.iso8601`