# FibDash A modern React Material-UI dashboard for financial reconciliation with Google SSO authentication, CSV import/analysis, DATEV export, and optional MSSQL integration with JTL tables. ## Features - πŸš€ React 18 (class components) - 🎨 Material-UI (MUI) UI with responsive layout - πŸ” Google SSO (Google Identity Services) + JWT API auth - πŸ—„οΈ MSSQL integration (optional; app runs without DB) - πŸ“₯ CSV import of bank transactions (German MT940-like CSV) - πŸ” Reconciliation view: CSV vs JTL (if DB available) - πŸ“€ DATEV export for selected month/quarter/year - 🧩 Admin data management (Kreditor, Konto, BU) - ⚑ Webpack dev server (HMR) + nodemon hot-reload - πŸ›‘οΈ Email allowlist authorization - 🧰 Production single-process build (Express serves React) ## Architecture ``` fibdash/ β”œβ”€β”€ client/ # Frontend React application β”‚ β”œβ”€β”€ src/ β”‚ β”‚ β”œβ”€β”€ components/ # React class components β”‚ β”‚ β”œβ”€β”€ services/ # API service classes β”‚ β”‚ β”œβ”€β”€ App.js # Main application component β”‚ β”‚ └── index.js # React entry point β”‚ └── public/ β”‚ └── index.html # HTML template β”œβ”€β”€ src/ # Backend Express API β”‚ β”œβ”€β”€ config/ # Database configuration (MSSQL) β”‚ β”œβ”€β”€ middleware/ # Auth + email allowlist middleware β”‚ β”œβ”€β”€ routes/ # API routes (auth, data, admin, dashboard) β”‚ β”œβ”€β”€ database/ # SQL schema and CSV import schema β”‚ └── index.js # Express server entry point β”œβ”€β”€ nginx.*.conf # Nginx reverse-proxy configs (dev/prod/simple) β”œβ”€β”€ webpack*.config.js # Webpack configs β”œβ”€β”€ docker-compose.dev.yml # Optional dev docker-compose for proxying β”œβ”€β”€ data.csv # Sample CSV for local analysis └── package.json # Dependencies and scripts ``` ## Functional Overview Authentication and Authorization - Login: Frontend uses Google Identity Services. The backend validates the ID token and issues a JWT. - Email allowlist: Only emails in AUTHORIZED_EMAILS or matching DB rule are allowed. - ENV allowlist: fast path check. - DB check: optional, queries JTL tables to verify access by attributes 219/220. - JWT middleware guards all /api routes. CSV Analysis and Reconciliation - Upload or place CSV at project root (data.csv) for quick testing. - CSV parsing: German semicolon-separated format with headers like Buchungstag, Betrag, Verwendungszweck, IBAN, etc. - Reconciliation: - If MSSQL available: fetch JTL transactions (tZahlungsabgleichUmsatz), related PDFs (tUmsatzBeleg, tPdfObjekt), and links; match by date+amount. - Kreditor lookup: optional mapping via fibdash.Kreditor using IBAN; also supports banking accounts via is_banking. - Summary totals: income, expenses, net, match counts. DATEV Export - Endpoint returns CSV in DATEV format for the chosen period (month, quarter, year). - Headers and column mapping created server-side; amounts normalized; encoding served as text/csv. Admin Management - Kreditor: CRUD for name, kreditorId, IBAN (optional if is_banking=true). - Konto: CRUD account numbers/names used for accounting. - BU (BuchungsschlΓΌssel): CRUD including optional VSt. - System info endpoint. Health - /api/health returns OK and timestamp. ## API Surface (key endpoints) Auth - POST /api/auth/google β€” Google token exchange β†’ JWT - GET /api/auth/verify β€” Validate JWT, returns user - POST /api/auth/logout β€” Stateless logout success Dashboard - GET /api/dashboard β€” Mock dashboard stats - GET /api/dashboard/user β€” Returns current JWT user Data and Reconciliation - GET /api/data/months β€” Available months inferred from data.csv - GET /api/data/transactions/:timeRange β€” Combined CSV + JTL view with summary - timeRange supports YYYY-MM, YYYY, YYYY-Q1..Q4 - GET /api/data/datev/:timeRange β€” Download DATEV CSV - GET /api/data/pdf/umsatzbeleg/:kUmsatzBeleg β€” Stream PDF from tUmsatzBeleg - GET /api/data/pdf/pdfobject/:kPdfObjekt β€” Stream PDF from tPdfObjekt Kreditor, Konto, BU - GET /api/data/kreditors - GET /api/data/kreditors/:id - POST /api/data/kreditors - PUT /api/data/kreditors/:id - DELETE /api/data/kreditors/:id - GET /api/data/assignable-kreditors β€” only non-banking - BankingAccountTransactions assignments: POST/PUT/DELETE, and GET /api/data/banking-transactions/:transactionId - Admin counterparts exist under /api/admin for Kreditor/Konto/BU CRUD. CSV Import (to DB) - POST /api/data/import-csv-transactions β€” Validates rows and inserts into fibdash.CSVTransactions - GET /api/data/csv-transactions β€” Paginated list with kreditor joins and assignment info - GET /api/data/csv-import-batches β€” Import batch summaries ## Frontend UX Summary App shell - Top AppBar with title, tabs (Dashboard, Stammdaten), current user, DATEV export button when applicable, and logout. Login - Button triggers Google prompt; robust error messaging for SSO, service unavailability, authorization. Dashboard view - Month selector, summary header, and a transactions table with reconciliation indicators (CSV-only, JTL-only, matched), PDF links when available. Stammdaten view - Management UI for Kreditors, Konten, and BuchungsschlΓΌssel (class-based components under client/src/components/admin). CSV Import - Modal dialog with drag-and-drop or file picker, header detection, basic validation, progress, and results summary; uses /api/data/import-csv-transactions. ## Prerequisites - Node.js (v16+) - Optionally: MSSQL Server for JTL and fibdash schema - Google Cloud project and OAuth 2.0 Client ID ## Setup 1) Clone and install ```bash git clone cd fibdash npm install ``` 2) Environment ```bash cp .env.example .env # then edit .env ``` Required variables - GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET - REACT_APP_GOOGLE_CLIENT_ID (must match GOOGLE_CLIENT_ID) - JWT_SECRET - Optional authorization: AUTHORIZED_EMAILS=admin@company.com,user@company.com - MSSQL: DB_SERVER, DB_DATABASE, DB_USERNAME, DB_PASSWORD, DB_PORT=1433 - Server: PORT=5000, NODE_ENV=development 3) Google OAuth - Create OAuth 2.0 Web Client in Google Cloud Console. - Authorized origins: http://localhost:5001 (dev), your domain(s). - Authorized redirects: matching roots (e.g., http://localhost:5001/). - See detailed guide: [docs/GOOGLE_OAUTH_SETUP.md](docs/GOOGLE_OAUTH_SETUP.md) 4) Database (optional but required for JTL features) - Create DB and run schemas: - Core schema: see src/database/schema.sql - CSV import table schemas if needed - The app will run without DB; JTL features and admin CRUD will error if DB not configured. 5) Development ```bash npm run dev # runs frontend at 5001 and backend at 5000 # or separately: npm run dev:frontend npm run dev:backend ``` 6) Optional Nginx for dev - Automatic: ```bash npm run setup:nginx ``` - Manual: ```bash sudo cp nginx.simple.conf /etc/nginx/sites-available/fibdash-dev sudo ln -s /etc/nginx/sites-available/fibdash-dev /etc/nginx/sites-enabled/ sudo nginx -t && sudo systemctl reload nginx ``` - Hosts entry (optional): 127.0.0.1 fibdash.local With nginx: - App: http://localhost/ or http://fibdash.local/ - API: http://localhost/api/ - Direct FE: http://localhost:5001/ - Direct BE: http://localhost:5000/ ## Production Single-process model - Express serves built React app and handles APIs and auth. Build and run ```bash npm start # build frontend and start backend # or: npm run build npm run start:prod ``` Nginx production reverse proxy ```bash sudo cp nginx.prod.conf /etc/nginx/sites-available/fibdash-prod sudo ln -s /etc/nginx/sites-available/fibdash-prod /etc/nginx/sites-enabled/ sudo nginx -t && sudo systemctl reload nginx ``` Prod features: - Static asset caching, gzip, security headers, optional TLS. ## Environment variables - GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET - REACT_APP_GOOGLE_CLIENT_ID - JWT_SECRET - AUTHORIZED_EMAILS (comma-separated; if unset/empty, no users can access) - DB_SERVER, DB_DATABASE, DB_USERNAME, DB_PASSWORD, DB_PORT - PORT, NODE_ENV ## Data model (MSSQL) Core tables referenced - eazybusiness.dbo.tZahlungsabgleichUmsatz (+ tUmsatzKontierung) - tUmsatzBeleg (PDF storage), tPdfObjekt (PDF objects), tZahlungsabgleichUmsatzLink (links) - fibdash.Kreditor (id, iban, name, kreditorId, is_banking) - fibdash.Konto (id, konto, name) - fibdash.BU (id, bu, name, vst) - fibdash.BankingAccountTransactions (assignment records) - fibdash.CSVTransactions (imported CSV rows) See SQL in src/database/schema.sql and src/database/csv_transactions_schema.sql for exact DDL. ## Developer notes - Backend auto-detects DB availability. If DB env is missing, it logs a warning and continues. Endpoints that require DB will respond with 500/404 as applicable. - data.csv at repo root is used by /api/data/months and /api/data/transactions/* for local CSV-based analysis. - Matching logic between CSV and JTL uses exact amount and same-day date to mark matches. - DATEV export uses well-formed header, consistent number formatting, and limited text field lengths. ## Scripts - npm run dev β€” run FE+BE - npm run dev:frontend β€” FE only (HMR) - npm run dev:backend β€” BE only (nodemon) - npm run build β€” FE production build - npm run build:prod β€” build and start production server - npm start β€” build FE and start BE - npm run start:prod β€” start BE with existing build - npm run setup:nginx β€” dev nginx setup - npm run nginx:test|reload|start|stop|status β€” helpers ## Troubleshooting Database - Ensure MSSQL reachable; set DB_* env; firewall allows 1433; check logs. - Without DB, JTL and admin features won’t function; CSV-only features still work. Google OAuth - Ensure both GOOGLE_CLIENT_ID and REACT_APP_GOOGLE_CLIENT_ID set and equal. - Add dev/prod origins and redirects in Google Cloud Console. - Use HTTPS in production and ensure CSP allows Google domains. - See docs/GOOGLE_OAUTH_SETUP.md. CORS/Headers - Dev CORS is open. Tighten in prod behind nginx. Hot reload - Make sure both dev servers run; clear cache; check proxy configs. ## License ISC