fix(subscription): event TS types

Fix: Syntax error caused error

.all-contributorsrc

@@ -96,6 +96,69 @@
       "contributions": [
         "bug"
       ]
+    },
+    {
+      "login": "asenawritescode",
+      "name": "Asena",
+      "avatar_url": "https://avatars.githubusercontent.com/u/67445192?v=4",
+      "profile": "https://github.com/asenawritescode",
+      "contributions": [
+        "bug"
+      ]
+    },
+    {
+      "login": "benpsnyder",
+      "name": "Ben Snyder",
+      "avatar_url": "https://avatars.githubusercontent.com/u/707567?v=4",
+      "profile": "https://snyder.tech",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "cloudsbird",
+      "name": "Vederis Leunardus",
+      "avatar_url": "https://avatars.githubusercontent.com/u/13505006?v=4",
+      "profile": "http://vederis.id",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "ccantrell72",
+      "name": "Chris Cantrell",
+      "avatar_url": "https://avatars.githubusercontent.com/u/104120598?v=4",
+      "profile": "http://www.pivoten.com",
+      "contributions": [
+        "bug"
+      ]
+    },
+    {
+      "login": "oleynikd",
+      "name": "Denis",
+      "avatar_url": "https://avatars.githubusercontent.com/u/3976868?v=4",
+      "profile": "https://github.com/oleynikd",
+      "contributions": [
+        "bug"
+      ]
+    },
+    {
+      "login": "mittalsam98",
+      "name": "Sachin Mittal",
+      "avatar_url": "https://avatars.githubusercontent.com/u/42431274?v=4",
+      "profile": "https://myself.vercel.app/",
+      "contributions": [
+        "bug"
+      ]
+    },
+    {
+      "login": "Champetaman",
+      "name": "Camilo Oviedo",
+      "avatar_url": "https://avatars.githubusercontent.com/u/64604272?v=4",
+      "profile": "https://www.camilooviedo.com/",
+      "contributions": [
+        "code"
+      ]
     }
   ],
   "contributorsPerLine": 7,

.env.example

@@ -48,6 +48,9 @@ SIGNUP_DISABLED=false
 SIGNUP_ALLOWED_DOMAINS=
 SIGNUP_ALLOWED_EMAILS=
 
+# Sign-up Email Confirmation
+SIGNUP_EMAIL_CONFIRMATION=false
+
 # API rate limit (points,duration,block duration).
 API_RATE_LIMIT=120,60,600
 
@@ -57,4 +60,32 @@ GOTENBERG_DOCS_URL=http://server:3000/public/
 
 # Gotenberg API - (development)
 # GOTENBERG_URL=http://localhost:9000
-# GOTENBERG_DOCS_URL=http://host.docker.internal:3000/public/
+# GOTENBERG_DOCS_URL=http://host.docker.internal:3000/public/
+
+# Exchange Rate Service
+EXCHANGE_RATE_SERVICE=open-exchange-rate
+
+# Open Exchange Rate
+OPEN_EXCHANGE_RATE_APP_ID=
+
+# The Plaid environment to use ('sandbox' or 'development').
+# https://plaid.com/docs/#api-host
+PLAID_ENV=sandbox
+
+# Your Plaid keys, which can be found in the Plaid Dashboard.
+# https://dashboard.plaid.com/account/keys
+PLAID_CLIENT_ID=
+PLAID_SECRET=
+PLAID_LINK_WEBHOOK=
+
+# https://docs.lemonsqueezy.com/guides/developer-guide/getting-started#create-an-api-key
+LEMONSQUEEZY_API_KEY=
+LEMONSQUEEZY_STORE_ID=
+LEMONSQUEEZY_WEBHOOK_SECRET=
+
+# S3 documents and attachments 
+S3_REGION=US
+S3_ACCESS_KEY_ID=
+S3_SECRET_ACCESS_KEY=
+S3_ENDPOINT=
+S3_BUCKET=

.github/workflows/build-deploy-container.yml

@@ -6,43 +6,66 @@ on:
   workflow_dispatch:
 
 env:
-  REGISTRY: ghcr.io
-  WEBAPP_IMAGE_NAME: bigcapital/bigcapital-webapp
-  SERVER_IMAGE_NAME: bigcapital/bigcapital-server
+  WEBAPP_IMAGE_NAME: bigcapitalhq/webapp
+  SERVER_IMAGE_NAME: bigcapitalhq/server
 
 jobs:
   build-publish-webapp:
+    strategy:
+      fail-fast: false
     name: Build and deploy webapp container
     runs-on: ubuntu-latest
     environment: production
     steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
       # Login to Container registry.
       - name: Log in to the Container registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
-            registry: ${{ env.REGISTRY }}
-            username: ${{ github.actor }}
-            password: ${{ secrets.GH_TOKEN }}
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
         with:
-            images: ${{ env.REGISTRY }}/${{ env.WEBAPP_IMAGE_NAME }}
+            images: ${{ env.WEBAPP_IMAGE_NAME }}
 
       # Builds and push the Docker image.
       - name: Build and push Docker image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
+        id: build
         with:
-            context: .
-            file: ./packages/webapp/Dockerfile
-            push: true
-            tags: ghcr.io/bigcapitalhq/webapp:latest
-            labels: ${{ steps.meta.outputs.labels }}
+          context: ./
+          file: ./packages/webapp/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: bigcapitalhq/webapp:latest, bigcapitalhq/webapp:${{github.ref_name}}
 
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-webapp
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
       # Send notification to Slack channel.
       - name: Slack Notification built and published webapp container successfully.
         uses: rtCamp/action-slack-notify@v2
@@ -53,29 +76,52 @@ jobs:
     name: Build and deploy server container
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
       # Login to Container registry.
       - name: Log in to the Container registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GH_TOKEN }}
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
 
       # Builds and push the Docker image.
       - name: Build and push Docker image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
+        id: build
         with:
           context: ./
           file: ./packages/server/Dockerfile
+          platforms: linux/amd64,linux/arm64
           push: true
-          tags: ghcr.io/bigcapitalhq/server:latest
+          tags: bigcapitalhq/server:latest, bigcapitalhq/server:${{github.ref_name}}
           labels: ${{ steps.meta.outputs.labels }}
 
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+  
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-server
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
       # Send notification to Slack channel.
       - name: Slack Notification built and published server container successfully.
         uses: rtCamp/action-slack-notify@v2
         env:
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

.github/workflows/build-deploy-develop-container.yaml

@@ -0,0 +1,127 @@
+# This workflow will build a docker container, publish it to Github Registry.
+name: Build and Deploy Develop Docker Container
+on:
+  push:
+    branches:
+      - develop
+
+env:
+  WEBAPP_IMAGE_NAME: bigcapitalhq/webapp
+  SERVER_IMAGE_NAME: bigcapitalhq/server
+
+jobs:
+  build-publish-webapp:
+    strategy:
+      fail-fast: false
+    name: Build and deploy webapp container
+    runs-on: ubuntu-latest
+    environment: production
+    steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Login to Container registry.
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.WEBAPP_IMAGE_NAME }}
+
+      # Builds and push the Docker image.
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        id: build
+        with:
+          context: ./
+          file: ./packages/webapp/Dockerfile
+          platforms: linux/amd64
+          push: true
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: bigcapitalhq/webapp:develop
+
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-webapp
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
+      # Send notification to Slack channel.
+      - name: Slack Notification built and published webapp container successfully.
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+
+  build-publish-server:
+    name: Build and deploy server container
+    runs-on: ubuntu-latest
+    steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Login to Container registry.
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      # Builds and push the Docker image.
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        id: build
+        with:
+          context: ./
+          file: ./packages/server/Dockerfile
+          platforms: linux/amd64
+          push: true
+          tags: bigcapitalhq/server:develop
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-server
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+      # Send notification to Slack channel.
+      - name: Slack Notification built and published server container successfully.
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

.github/workflows/e2e.yml

@@ -8,14 +8,14 @@ on:
       - '**.ts'
       - '**.tsx'
       - '**/tsconfig.json'
-      - 'yarn.lock'
+      - 'pnpm-lock.yaml'
       - '.github/workflows/e2e.yml'
   pull_request:
     paths:
       - '**.ts'
       - '**.tsx'
       - '**/tsconfig.json'
-      - 'yarn.lock'
+      - 'pnpm-lock.yaml'
       - '.github/workflows/e2e.yml'
 
 defaults:

.husky/commit-msg

@@ -1,4 +1,4 @@
 #!/usr/bin/env sh
 . "$(dirname -- "$0")/_/husky.sh"
 
-yarn commitlint --edit 
+pnpx commitlint --edit 

CHANGELOG.md

@@ -2,6 +2,169 @@
 
 All notable changes to Bigcapital server-side will be in this file.
 
+## [0.19.4] - 18-08-2024
+
+* fix: Allow multi-lines to statements transactions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/594
+* feat: Add amount comparators to amount bank rule field by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/595
+* fix: Transaction type and description do not show in general ledger. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/596
+* fix: Refresh accounts and account transactions. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/597
+* fix: Typo payments made by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/598
+* fix: Typo categories list by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/600
+* fix: Autofill the quick created customer/vendor by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/601
+* fix: Remove views tabs from receipts list by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/602
+* fix: Typo payment receive messages by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/599
+* fix: Enhance Dropzone visual of  accept and reject modes by @Champetaman in https://github.com/bigcapitalhq/bigcapital/pull/603
+* fix:  Matching bank transactions should create associate payment transactions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/606
+* fix: Change Dropzone title and subtitle by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/607
+* fix: Inconsistance page size of paginated data tables by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/604
+* fix: Database connection lost error by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/611
+* fix: Language typos by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/613
+* Fix: Correctly display Date, Published At, and Created At in ExpenseDrawerHeader by @Champetaman in https://github.com/bigcapitalhq/bigcapital/pull/612
+* fix: Delete bank account with uncategorized transactions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/614
+* feat: activate/inactivate account from drawer details by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/615
+
+## [v0.18.0] - 10-08-2024
+
+* feat: Bank rules for automated categorization by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/511
+* feat: Categorize & match bank transaction by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/511
+* feat: Reconcile match transactions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/522
+* fix: Issues in matching transactions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/523
+* fix: Cashflow transactions types by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/524
+
+## [v0.17.5] - 17-06-2024
+
+* fix: Balance sheet and P/L nested accounts by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/501
+* fix: add space between buttons on floating actions bar by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/508
+* feat: Migrating to Envoy proxy instead of Nginx by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/509
+* fix: Disable email confirmation does not work with invited users by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/497
+* feat: Setting up the date format in the whole system dates by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/506
+
+## [0.17.0] - 04-06-2024
+
+### New
+
+* feat: Upload and attach documents by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/461
+* feat: Export resource tables to pdf by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/460
+* feat: Build and deploy develop Docker container by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/476
+* feat: Internal docker virtual network by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/478
+
+### Fixes
+
+* fix: Skip send confirmation email if disabled by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/459
+* fix: Lemon Squeezy redirect to base url by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/479
+* fix: Organize Plaid env variables for development and sandbox envs by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/480
+* fix: Plaid syncs deposit imports as withdrawals by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/481
+* fix: Validate the s3 configures exist by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/482
+* fix: Run migrations only for initialized tenants by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/484
+
+## [0.16.16] - 
+
+* feat: handle http exceptions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/456
+* feat: add the missing Newrelic env vars to docker-compose.prod file by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/457
+* fix: add the signup email confirmation env var by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/458
+
+## [0.16.14] - 
+
+* fix: Typo in setup wizard by @ccantrell72 in https://github.com/bigcapitalhq/bigcapital/pull/440
+* fix: Showing the real mail address on email confirmation view by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/445
+* fix: Auto-increment setting parsing by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/453
+
+## [0.16.12] - 
+
+* feat: Create a manifest list for `webapp` Docker image and push it to DockerHub. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/436
+* feat: Combine arm64 and amd64 in one Github action runner by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/437
+
+## [0.16.11] - 06-05-2024
+
+### improvements
+
+* feat: Export resource data to csv, xlsx by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/430
+* feat: User email verification after signing-up. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/426
+
+### Fixes
+* feat(repo): upgrade to latest lerna v8 and pnpm v9 by @benpsnyder in https://github.com/bigcapitalhq/bigcapital/pull/414
+* feat: Update Docker Build-Push Action and Add ARM64 Support by @cloudsbird in https://github.com/bigcapitalhq/bigcapital/pull/412
+* feat: Pushing docker containers by version tag by @cloudsbird in https://github.com/bigcapitalhq/bigcapital/pull/421
+
+## [0.16.10]
+
+* fix: Running migration Docker container on Windows by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/432
+
+## [0.16.9]
+
+* feat: New Relic for tracking by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/429
+
+## [0.16.8]
+
+* feat: Ability to enable/disable the bank connect feature by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/423
+
+## [0.16.6]
+
+* hotfix: fix the subscription plan when subscribe on cloud by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/422
+
+## [0.16.5]
+
+IMPORTANT: If you upgraded to the v0.16 recently you should upgrade to v0.16.4 as soon as possible, because there're some breaking changes affected the sign-in and some users reported couldn't sign-in.
+
+* feat: Seed free subscription to tenants that have no subscription. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/410
+
+## [0.16.3]
+
+* feat: Integrate Lemon Squeezy payment by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/402
+* feat: optimize the onboarding subscription experience. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/404
+* feat: subscription page content by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/405
+* feat: auto subscribe to free plan once signup on community version. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/406
+* chore: add default value to env variable by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/407
+* fix: absolute storage imports path. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/408
+
+## [0.16.0]
+
+* feat: add convert to invoice button on estimate drawer toolbar by @ANasouf in https://github.com/bigcapitalhq/bigcapital/pull/361
+* feat(webapp): add mark as delivered to action bar of invoice details … by @ANasouf in https://github.com/bigcapitalhq/bigcapital/pull/360
+* feat(webapp): Dialog to choose the bank service provider by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/378
+* feat: Categorize the bank synced transactions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/377
+* feat: uncategorize the cashflow transaction by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/381
+* Import resources from csv/xlsx by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/382
+* feat(webapp): import resource UI by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/386
+* fix: import resources improvements by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/388
+* feat: add sample sheet to accounts and bank transactions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/389
+* fix: show the unique row value in the import preview by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/392
+* feat: advanced parser for numeric and boolean import values by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/394
+* feat: validate the given imported sheet whether is empty by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/395
+* feat: linking relation with id in importing by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/393
+* feat: Aggregate rows import by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/396
+* feat: clean up the imported temp files by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/400
+* feat: add hints to import fields by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/401
+
+## [0.15.0]
+
+* feat: Printing financial reports by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/363
+* feat: Convert invoice status after sending mail notification by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/332
+* feat: Bigcapital <> Plaid Integration by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/346
+* fix: Broken transactions by vendor report by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/369
+* fix: Optimize the print style some financial reports by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/370
+
+## [0.14.0] - 30-01-2024
+
+* feat: purchases by items exporting by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/327
+* fix: expense amounts should not be rounded by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/339
+* feat: get latest exchange rate from third party services by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/340
+* fix(webapp): inconsistency in currency of universal search items by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/335
+* hotfix: editing sales and expense transactions don't reflect GL entries by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/342
+
+## [0.13.3] - 22-01-2024
+
+* hotfix(server): Unhandled thrown errors of services by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/329
+
+## [0.13.2] - 21-01-2024
+
+* feat: show customer / vendor balance. by @asenawritescode in https://github.com/bigcapitalhq/bigcapital/pull/311
+* feat: inventory valuation csv and xlsx export by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/308
+* feat: sales by items export csv & xlsx by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/310
+* fix(server): the invoice and payment receipt printing by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/315
+* fix: get cashflow transaction broken cause transaction type by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/318
+* fix: `AccountActivateAlert` import by @xprnio in https://github.com/bigcapitalhq/bigcapital/pull/322
+
 ## [0.13.1] - 15-01-2024
 
 * feat(webapp): add approve/reject to action bar of estimate details dr… by @ANasouf in https://github.com/bigcapitalhq/bigcapital/pull/304

README.md

@@ -1,6 +1,6 @@
 <p align="center">
   <p align="center">
-    <a href="https://bigcapital.ly" target="_blank">
+    <a href="https://bigcapital.app" target="_blank">
       <img src="https://raw.githubusercontent.com/abouolia/blog/main/public/bigcapital.svg" alt="Bigcapital" width="280" height="75">
     </a>
   </p>
@@ -25,6 +25,10 @@
       <img src="https://img.shields.io/twitter/follow/bigcapitalhq?style=social" alt="twitter" />
     </a>
   </p>
+
+  <p align="center">
+    <a href="https://my.bigcapital.app">Bigcapital Cloud</a>
+  </p>
 </p>
 
 # What's Bigcapital?
@@ -47,7 +51,7 @@ Bigcapital is available open-source under AGPL license. You can host it on your
 
 ### Docker
 
-To get started with self-hosted with Docker and Docker Compose, take a look at the [Docker guide](https://docs.bigcapital.ly/deployment/docker).
+To get started with self-hosted with Docker and Docker Compose, take a look at the [Docker guide](https://docs.bigcapital.app/deployment/docker).
 
 ## Development
 
@@ -70,7 +74,7 @@ You can integrate Bigcapital API with your system to organize your transactions
 
 # Resources
 
-- [Documentation](https://docs.bigcapital.ly/) - Learn how to use.
+- [Documentation](https://docs.bigcapital.app/) - Learn how to use.
 - [Contribution](https://github.com/bigcapitalhq/bigcapital/blob/develop/CONTRIBUTING.md) - Welcome to any contributions.
 - [Discord](https://discord.com/invite/c8nPBJafeb) - Ask for help.
 - [Bug Tracker](https://github.com/bigcapitalhq/bigcapital/issues) - Notify us new bugs.
@@ -117,6 +121,15 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
       <td align="center" valign="top" width="14.28%"><a href="http://cschuijt.nl"><img src="https://avatars.githubusercontent.com/u/5460015?v=4?s=100" width="100px;" alt="Casper Schuijt"/><br /><sub><b>Casper Schuijt</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/issues?q=author%3Acschuijt" title="Bug reports">🐛</a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/ANasouf"><img src="https://avatars.githubusercontent.com/u/19536487?v=4?s=100" width="100px;" alt="ANasouf"/><br /><sub><b>ANasouf</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/commits?author=ANasouf" title="Code">💻</a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://ragnarlaud.dev"><img src="https://avatars.githubusercontent.com/u/3042904?v=4?s=100" width="100px;" alt="Ragnar Laud"/><br /><sub><b>Ragnar Laud</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/issues?q=author%3Axprnio" title="Bug reports">🐛</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/asenawritescode"><img src="https://avatars.githubusercontent.com/u/67445192?v=4?s=100" width="100px;" alt="Asena"/><br /><sub><b>Asena</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/issues?q=author%3Aasenawritescode" title="Bug reports">🐛</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://snyder.tech"><img src="https://avatars.githubusercontent.com/u/707567?v=4?s=100" width="100px;" alt="Ben Snyder"/><br /><sub><b>Ben Snyder</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/commits?author=benpsnyder" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="http://vederis.id"><img src="https://avatars.githubusercontent.com/u/13505006?v=4?s=100" width="100px;" alt="Vederis Leunardus"/><br /><sub><b>Vederis Leunardus</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/commits?author=cloudsbird" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="http://www.pivoten.com"><img src="https://avatars.githubusercontent.com/u/104120598?v=4?s=100" width="100px;" alt="Chris Cantrell"/><br /><sub><b>Chris Cantrell</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/issues?q=author%3Accantrell72" title="Bug reports">🐛</a></td>
+    </tr>
+    <tr>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/oleynikd"><img src="https://avatars.githubusercontent.com/u/3976868?v=4?s=100" width="100px;" alt="Denis"/><br /><sub><b>Denis</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/issues?q=author%3Aoleynikd" title="Bug reports">🐛</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://myself.vercel.app/"><img src="https://avatars.githubusercontent.com/u/42431274?v=4?s=100" width="100px;" alt="Sachin Mittal"/><br /><sub><b>Sachin Mittal</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/issues?q=author%3Amittalsam98" title="Bug reports">🐛</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://www.camilooviedo.com/"><img src="https://avatars.githubusercontent.com/u/64604272?v=4?s=100" width="100px;" alt="Camilo Oviedo"/><br /><sub><b>Camilo Oviedo</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/commits?author=Champetaman" title="Code">💻</a></td>
     </tr>
   </tbody>
 </table>

docker-compose.prod.yml

@@ -3,38 +3,31 @@
 version: '3.3'
 
 services:
-  nginx:
-    container_name: bigcapital-nginx-gateway
-    build:
-      context: ./docker/nginx
-      args:
-        - SERVER_PROXY_PORT=3000
-        - WEB_SSL=false
-        - SELF_SIGNED=false
-    volumes:
-      - ./data/logs/nginx/:/var/log/nginx
-      - ./docker/certbot/certs/:/var/certs
+  proxy:
+    image: envoyproxy/envoy:v1.30-latest
+    depends_on:
+      - server
+      - webapp
     ports:
       - '${PUBLIC_PROXY_PORT:-80}:80'
       - '${PUBLIC_PROXY_SSL_PORT:-443}:443'
     tty: true
-    depends_on:
-      - server
-      - webapp
-    deploy:
-      restart_policy:
-        condition: unless-stopped
+    volumes:
+      - ./docker/envoy/envoy.yaml:/etc/envoy/envoy.yaml
+    restart: on-failure
+    networks:
+      - bigcapital_network
 
   webapp:
     container_name: bigcapital-webapp
-    image: ghcr.io/bigcapitalhq/webapp:latest
-    deploy:
-      restart_policy:
-        condition: unless-stopped
+    image: bigcapitalhq/webapp:latest
+    restart: on-failure
+    networks:
+      - bigcapital_network
 
   server:
     container_name: bigcapital-server
-    image: ghcr.io/bigcapitalhq/server:latest
+    image: bigcapitalhq/server:latest
     expose:
       - '3000'
     links:
@@ -45,9 +38,9 @@ services:
       - mysql
       - mongo
       - redis
-    deploy:
-      restart_policy:
-        condition: unless-stopped
+    restart: on-failure
+    networks:
+      - bigcapital_network
     environment:
       # Mail
       - MAIL_HOST=${MAIL_HOST}
@@ -88,10 +81,48 @@ services:
       - SIGNUP_ALLOWED_DOMAINS=${SIGNUP_ALLOWED_DOMAINS}
       - SIGNUP_ALLOWED_EMAILS=${SIGNUP_ALLOWED_EMAILS}
 
+      # Sign-up email confirmation
+      - SIGNUP_EMAIL_CONFIRMATION=${SIGNUP_EMAIL_CONFIRMATION}
+
       # Gotenberg (Pdf generator)
       - GOTENBERG_URL=${GOTENBERG_URL}
       - GOTENBERG_DOCS_URL=${GOTENBERG_DOCS_URL}
 
+      # Exchange Rate
+      - EXCHANGE_RATE_SERVICE=${EXCHANGE_RATE_SERVICE}
+      - OPEN_EXCHANGE_RATE_APP_ID-${OPEN_EXCHANGE_RATE_APP_ID}
+
+      # Bank Sync
+      - BANKING_CONNECT=${BANKING_CONNECT}
+
+      # Plaid
+      - PLAID_ENV=${PLAID_ENV}
+      - PLAID_CLIENT_ID=${PLAID_CLIENT_ID}
+      - PLAID_SECRET=${PLAID_SECRET}
+      - PLAID_LINK_WEBHOOK=${PLAID_LINK_WEBHOOK}
+
+      # Lemon Squeez
+      - LEMONSQUEEZY_API_KEY=${LEMONSQUEEZY_API_KEY}
+      - LEMONSQUEEZY_STORE_ID=${LEMONSQUEEZY_STORE_ID}
+      - LEMONSQUEEZY_WEBHOOK_SECRET=${LEMONSQUEEZY_WEBHOOK_SECRET}
+      - HOSTED_ON_BIGCAPITAL_CLOUD=${HOSTED_ON_BIGCAPITAL_CLOUD}
+
+      # New Relic matrics tracking.
+      - NEW_RELIC_DISTRIBUTED_TRACING_ENABLED=${NEW_RELIC_DISTRIBUTED_TRACING_ENABLED}
+      - NEW_RELIC_LOG=${NEW_RELIC_LOG}
+      - NEW_RELIC_AI_MONITORING_ENABLED=${NEW_RELIC_AI_MONITORING_ENABLED}
+      - NEW_RELIC_CUSTOM_INSIGHTS_EVENTS_MAX_SAMPLES_STORED=${NEW_RELIC_CUSTOM_INSIGHTS_EVENTS_MAX_SAMPLES_STORED}
+      - NEW_RELIC_SPAN_EVENTS_MAX_SAMPLES_STORED=${NEW_RELIC_SPAN_EVENTS_MAX_SAMPLES_STORED}
+      - NEW_RELIC_LICENSE_KEY=${NEW_RELIC_LICENSE_KEY}
+      - NEW_RELIC_APP_NAME=${NEW_RELIC_APP_NAME}
+
+      # S3
+      - S3_REGION=${S3_REGION}
+      - S3_ACCESS_KEY_ID=${S3_ACCESS_KEY_ID}
+      - S3_SECRET_ACCESS_KEY=${S3_SECRET_ACCESS_KEY}
+      - S3_ENDPOINT=${S3_ENDPOINT}
+      - S3_BUCKET=${S3_BUCKET}
+
   database_migration:
     container_name: bigcapital-database-migration
     build:
@@ -108,12 +139,12 @@ services:
       - TENANT_DB_NAME_PERFIX=${TENANT_DB_NAME_PERFIX}
     depends_on:
       - mysql
+    networks:
+      - bigcapital_network
 
   mysql:
     container_name: bigcapital-mysql
-    deploy:
-      restart_policy:
-        condition: unless-stopped
+    restart: on-failure
     build:
       context: ./docker/mariadb
     environment:
@@ -125,34 +156,38 @@ services:
       - mysql:/var/lib/mysql
     expose:
       - '3306'
+    networks:
+      - bigcapital_network
 
   mongo:
     container_name: bigcapital-mongo
-    deploy:
-      restart_policy:
-        condition: unless-stopped
+    restart: on-failure
     build: ./docker/mongo
     expose:
       - '27017'
     volumes:
       - mongo:/var/lib/mongodb
+    networks:
+      - bigcapital_network
 
   redis:
     container_name: bigcapital-redis
-    deploy:
-      restart_policy:
-        condition: unless-stopped
+    restart: on-failure
     build:
       context: ./docker/redis
     expose:
       - '6379'
     volumes:
       - redis:/data
+    networks:
+      - bigcapital_network
 
   gotenberg:
     image: gotenberg/gotenberg:7
     expose:
       - '9000'
+    networks:
+      - bigcapital_network
 
 # Volumes
 volumes:
@@ -167,3 +202,8 @@ volumes:
   redis:
     name: bigcapital_prod_redis
     driver: local
+
+# Networks
+networks:
+  bigcapital_network:
+    driver: bridge

docker/envoy/envoy.yaml

@@ -0,0 +1,62 @@
+static_resources:
+  listeners:
+    - name: listener_0
+      address:
+        socket_address:
+          address: 0.0.0.0
+          port_value: 80
+      filter_chains:
+        - filters:
+            - name: envoy.filters.network.http_connection_manager
+              typed_config:
+                '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                stat_prefix: ingress_http
+                route_config:
+                  name: local_route
+                  virtual_hosts:
+                    - name: backend
+                      domains: ['*']
+                      routes:
+                        - match:
+                            prefix: '/api'
+                          route:
+                            cluster: dynamic_server
+                        - match:
+                            prefix: '/'
+                          route:
+                            cluster: webapp
+                http_filters:
+                  - name: envoy.filters.http.router
+                    typed_config:
+                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+
+  clusters:
+    - name: dynamic_server
+      connect_timeout: 0.25s
+      type: STRICT_DNS
+      dns_lookup_family: V4_ONLY
+      lb_policy: ROUND_ROBIN
+      load_assignment:
+        cluster_name: dynamic_server
+        endpoints:
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: server
+                      port_value: 3000
+
+    - name: webapp
+      connect_timeout: 0.25s
+      type: STRICT_DNS
+      dns_lookup_family: V4_ONLY
+      lb_policy: ROUND_ROBIN
+      load_assignment:
+        cluster_name: webapp
+        endpoints:
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: webapp
+                      port_value: 80

docker/migration/Dockerfile

@@ -1,4 +1,4 @@
-FROM ghcr.io/bigcapitalhq/server:latest as build
+FROM bigcapitalhq/server:latest as build
 
 ARG DB_HOST= \
   DB_USER= \
@@ -34,7 +34,5 @@ WORKDIR /app/packages/server
 
 RUN git clone https://github.com/vishnubob/wait-for-it.git
 
-ADD docker/migration/start.sh /
-RUN chmod +x /start.sh
-
-CMD ["/start.sh"]
+# Once we listen the mysql port run the migration task.
+CMD ./wait-for-it/wait-for-it.sh mysql:3306 -- sh -c "node ./build/commands.js system:migrate:latest && node ./build/commands.js tenants:migrate:latest"

docker/migration/start.sh

@@ -1,5 +0,0 @@
-# Migrate the master system database.
-./wait-for-it/wait-for-it.sh mysql:3306 -- node ./build/commands.js system:migrate:latest
-
-# Migrate all tenants.
-./wait-for-it/wait-for-it.sh mysql:3306 -- node ./build/commands.js tenants:migrate:latest

docker/nginx/Dockerfile

@@ -1,21 +0,0 @@
-FROM nginx:1.11
-
-RUN mkdir /etc/nginx/sites-available && rm /etc/nginx/conf.d/default.conf
-ADD nginx.conf /etc/nginx/
-
-COPY scripts /root/scripts/
-COPY certs /etc/ssl/
-
-COPY sites /etc/nginx/templates
-
-ARG SERVER_PROXY_PORT=3000
-ARG WEB_SSL=false
-ARG SELF_SIGNED=false
-
-ENV SERVER_PROXY_PORT=$SERVER_PROXY_PORT
-ENV WEB_SSL=$WEB_SSL
-ENV SELF_SIGNED=$SELF_SIGNED
-
-RUN /bin/bash /root/scripts/build-nginx.sh
-
-CMD nginx

docker/nginx/nginx.conf

@@ -1,33 +0,0 @@
-user www-data;
-worker_processes auto;
-pid /run/nginx.pid;
-daemon off;
-
-events {
-  worker_connections  2048;
-  use epoll;
-}
-
-http {
-  server_tokens off;
-  sendfile on;
-  tcp_nopush on;
-  tcp_nodelay on;
-  keepalive_timeout 15;
-  types_hash_max_size 2048;
-  client_max_body_size 20M;
-  open_file_cache max=100;
-  gzip on;
-  gzip_disable "msie6";
-
-  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-  ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
-
-  include /etc/nginx/mime.types;
-  default_type application/octet-stream;
-
-  include /etc/nginx/conf.d/*.conf;
-  include /etc/nginx/sites-available/*;
-  access_log /var/log/nginx/access.log;
-  error_log /var/log/nginx/error.log;
-}

docker/nginx/scripts/build-nginx.sh

@@ -1,9 +0,0 @@
-#!/bin/bash
-
-for conf in /etc/nginx/templates/*.conf; do
-  mv $conf "/etc/nginx/sites-available/"$(basename $conf) > /dev/null
-done
-
-for template in /etc/nginx/templates/*.template; do
-  envsubst < $template > "/etc/nginx/sites-available/"$(basename $template)".conf"
-done

docker/nginx/sites/server.template

@@ -1,16 +0,0 @@
-server {
-  listen 80 default_server;
-
-  location /api {
-    proxy_pass http://server:${SERVER_PROXY_PORT};
-  }
-
-  location / {
-    proxy_pass http://webapp;
-  }
-
-  location /.well-known/acme-challenge/ {
-    root /var/www/letsencrypt/;
-    log_not_found off;
-  }
-}

lerna.json

@@ -2,6 +2,7 @@
   "$schema": "node_modules/lerna/schemas/lerna-schema.json",
   "version": "independent",
   "npmClient": "pnpm",
-  "useWorkspaces": true,
-  "packages": ["packages/*"]
-}
+  "packages": [
+    "packages/*"
+  ]
+}

package.json

@@ -19,7 +19,8 @@
     "@faker-js/faker": "^8.0.2",
     "@playwright/test": "^1.32.3",
     "husky": "^8.0.3",
-    "lerna": "^6.4.1"
+    "lerna": "^8.1.2",
+    "pnpm": "^9.0.5"
   },
   "engines": {
     "node": "16.x || 17.x || 18.x"

packages/server/.gitignore

@@ -3,3 +3,6 @@
 stdout.log
 /dist
 /build
+/public/imports
+
+dist

packages/server/Dockerfile

@@ -78,6 +78,9 @@ ENV MAIL_HOST=$MAIL_HOST \
   SIGNUP_ALLOWED_DOMAINS=$SIGNUP_ALLOWED_DOMAINS \
   SIGNUP_ALLOWED_EMAILS=$SIGNUP_ALLOWED_EMAILS
 
+# New Relic config file.
+ENV NEW_RELIC_NO_CONFIG_FILE=true
+
 # Create app directory.
 WORKDIR /app
 
@@ -89,8 +92,8 @@ RUN npm install -g pnpm
 # Copy application dependency manifests to the container image.
 COPY ./package*.json ./
 COPY ./pnpm-lock.yaml ./pnpm-lock.yaml
-COPY ./pnpm-workspace.yaml ./pnpm-workspace.yaml
 COPY ./lerna.json ./lerna.json
+COPY ./pnpm-workspace.yaml ./pnpm-workspace.yaml
 COPY ./packages/server/package*.json ./packages/server/
 
 # Install application dependencies

packages/server/package.json

@@ -20,11 +20,17 @@
     "bigcapital": "./bin/bigcapital.js"
   },
   "dependencies": {
+    "@aws-sdk/client-s3": "^3.576.0",
+    "@aws-sdk/s3-request-presigner": "^3.583.0",
     "@casl/ability": "^5.4.3",
     "@hapi/boom": "^7.4.3",
+    "@lemonsqueezy/lemonsqueezy.js": "^2.2.0",
+    "@supercharge/promise-pool": "^3.2.0",
+    "@types/express": "^4.17.21",
     "@types/i18n": "^0.8.7",
     "@types/knex": "^0.16.1",
     "@types/mathjs": "^6.0.12",
+    "@types/yup": "^0.29.13",
     "accepts": "^1.3.7",
     "accounting": "^0.4.1",
     "agenda": "^4.2.1",
@@ -53,7 +59,6 @@
     "express": "^4.17.1",
     "express-basic-auth": "^1.2.0",
     "express-boom": "^3.0.0",
-    "express-fileupload": "^1.1.7-alpha.3",
     "express-oauth-server": "^2.0.0",
     "express-validator": "^6.12.2",
     "form-data": "^4.0.0",
@@ -64,22 +69,25 @@
     "is-my-json-valid": "^2.20.5",
     "js-money": "^0.6.3",
     "jsonwebtoken": "^8.5.1",
-    "knex": "^0.95.15",
+    "knex": "^3.1.0",
     "knex-cleaner": "^1.3.0",
-    "knex-db-manager": "^0.6.1",
     "libphonenumber-js": "^1.9.6",
     "lodash": "^4.17.15",
     "lru-cache": "^6.0.0",
     "mathjs": "^9.4.0",
     "memory-cache": "^0.2.0",
+    "mime-types": "^2.1.35",
     "moment": "^2.24.0",
     "moment-range": "^4.0.2",
     "moment-timezone": "^0.5.43",
     "mongodb": "^6.1.0",
     "mongoose": "^5.10.0",
+    "multer": "1.4.5-lts.1",
+    "multer-s3": "^3.0.1",
     "mustache": "^3.0.3",
     "mysql": "^2.17.1",
     "mysql2": "^1.6.5",
+    "newrelic": "^11.15.0",
     "node-cache": "^4.2.1",
     "nodemailer": "^6.3.0",
     "nodemon": "^1.19.1",
@@ -88,6 +96,7 @@
     "objection-filter": "^4.0.1",
     "objection-soft-delete": "^1.0.7",
     "objection-unique": "^1.2.2",
+    "plaid": "^10.3.0",
     "pluralize": "^8.0.0",
     "pug": "^3.0.2",
     "puppeteer": "^10.2.0",
@@ -96,6 +105,7 @@
     "rate-limiter-flexible": "^2.1.14",
     "reflect-metadata": "^0.1.13",
     "rtl-detect": "^1.0.4",
+    "socket.io": "^4.7.4",
     "source-map-loader": "^4.0.1",
     "tmp-promise": "^3.0.3",
     "ts-transformer-keys": "^0.4.2",
@@ -103,10 +113,12 @@
     "typedi": "^0.8.0",
     "uniqid": "^5.2.0",
     "winston": "^3.2.1",
-    "xlsx": "^0.18.5"
+    "xlsx": "^0.18.5",
+    "yup": "^0.28.1"
   },
   "devDependencies": {
     "@types/lodash": "^4.14.158",
+    "@types/multer": "^1.4.11",
     "@types/ramda": "^0.27.64",
     "@typescript-eslint/eslint-plugin": "^5.50.0",
     "@typescript-eslint/parser": "^5.50.0",

packages/server/resources/locales/ar.json

@@ -242,7 +242,7 @@
   "account.field.normal.credit": "دائن",
   "account.field.normal.debit": "مدين",
   "account.field.type": "نوع الحساب",
-  "account.field.active": "Activity",
+  "account.field.active": "Active",
   "account.field.balance": "الرصيد",
   "account.field.created_at": "أنشئت في",
   "item.field.type": "نوع الصنف",

packages/server/resources/locales/en.json

@@ -241,28 +241,32 @@
   "account.field.normal.credit": "Credit",
   "account.field.normal.debit": "Debit",
   "account.field.type": "Type",
-  "account.field.active": "Activity",
+  "account.field.active": "Active",
+  "account.field.currency": "Currency",
   "account.field.balance": "Balance",
+  "account.field.bank_balance": "Bank Balance",
+  "account.field.parent_account": "Parent Account",
   "account.field.created_at": "Created at",
-  "item.field.type": "Item type",
+  "item.field.type": "Item Type",
   "item.field.type.inventory": "Inventory",
   "item.field.type.service": "Service",
-  "item.field.type.non-inventory": "Non inventory",
-  "item.field.name": "Name",
-  "item.field.code": "Code",
+  "item.field.type.non-inventory": "Non Inventory",
+  "item.field.name": "Item Name",
+  "item.field.code": "Item Code",
   "item.field.sellable": "Sellable",
   "item.field.purchasable": "Purchasable",
-  "item.field.cost_price": "Cost price",
-  "item.field.cost_account": "Cost account",
-  "item.field.sell_account": "Sell account",
-  "item.field.sell_description": "Sell description",
-  "item.field.inventory_account": "Inventory account",
-  "item.field.purchase_description": "Purchase description",
-  "item.field.quantity_on_hand": "Quantity on hand",
+  "item.field.cost_price": "Cost Price",
+  "item.field.sell_price": "Sell Price",
+  "item.field.cost_account": "Cost Account",
+  "item.field.sell_account": "Sell Account",
+  "item.field.sell_description": "Sell Description",
+  "item.field.inventory_account": "Inventory Account",
+  "item.field.purchase_description": "Purchase Description",
+  "item.field.quantity_on_hand": "Quantity on Hand",
   "item.field.note": "Note",
   "item.field.category": "Category",
   "item.field.active": "Active",
-  "item.field.created_at": "Created at",
+  "item.field.created_at": "Created At",
   "item_category.field.name": "Name",
   "item_category.field.description": "Description",
   "item_category.field.count": "Count",
@@ -275,8 +279,14 @@
   "invoice.field.invoice_message": "Invoice message",
   "invoice.field.terms_conditions": "Terms & conditions",
   "invoice.field.amount": "Amount",
+  "invoice.field.exchange_rate": "Exchange Rate",
   "invoice.field.payment_amount": "Payment amount",
   "invoice.field.due_amount": "Due amount",
+  "invoice.field.delivered": "Delivered",
+  "invoice.field.item_name": "Item Name",
+  "invoice.field.rate": "Rate",
+  "invoice.field.quantity": "Quantity",
+  "invoice.field.description": "Description",
   "invoice.field.status": "Status",
   "invoice.field.status.paid": "Paid",
   "invoice.field.status.partially-paid": "Partially paid",
@@ -285,6 +295,8 @@
   "invoice.field.status.delivered": "Delivered",
   "invoice.field.status.draft": "Draft",
   "invoice.field.created_at": "Created at",
+  "invoice.field.currency": "Currency",
+  "invoice.field.entries": "Entries",
   "estimate.field.amount": "Amount",
   "estimate.field.estimate_number": "Estimate number",
   "estimate.field.customer": "Customer",
@@ -299,22 +311,31 @@
   "estimate.field.status.approved": "Approved",
   "estimate.field.status.draft": "Draft",
   "estimate.field.created_at": "Created at",
-  "payment_receive.field.customer": "Customer",
-  "payment_receive.field.payment_date": "Payment date",
   "payment_receive.field.amount": "Amount",
-  "payment_receive.field.reference_no": "Reference No.",
-  "payment_receive.field.deposit_account": "Deposit account",
   "payment_receive.field.payment_receive_no": "Payment receive No.",
   "payment_receive.field.statement": "Statement",
   "payment_receive.field.created_at": "Created at",
+  "payment_receive.field.customer": "Customer",
+  "payment_receive.field.exchange_rate": "Exchange Rate",
+  "payment_receive.field.payment_date": "Payment Date",
+  "payment_receive.field.reference_no": "Reference No.",
+  "payment_receive.field.deposit_account": "Deposit Account",
+  "payment_receive.field.entries": "Entries",
+  "payment_receive.field.invoice": "Invoice",
+  "payment_receive.field.entries.payment_amount": "Payment Amount",
   "bill_payment.field.vendor": "Vendor",
   "bill_payment.field.amount": "Amount",
-  "bill_payment.field.due_amount": "Due amount",
-  "bill_payment.field.payment_account": "Payment account",
-  "bill_payment.field.payment_number": "Payment number",
-  "bill_payment.field.payment_date": "Payment date",
+  "bill_payment.field.due_amount": "Due Amount",
+  "bill_payment.field.payment_account": "Payment Account",
+  "bill_payment.field.payment_number": "Payment No.",
+  "bill_payment.field.payment_date": "Payment Date",
   "bill_payment.field.reference_no": "Reference No.",
   "bill_payment.field.description": "Description",
+  "bill_payment.field.exchange_rate": "Exchange Rate",
+  "bill_payment.field.note": "Note",
+  "bill_payment.field.entries.bill": "Bill No.",
+  "bill_payment.field.entries.payment_amount": "Payment Amount",
+  "bill_payment.field.reference": "Reference No.",
   "bill_payment.field.created_at": "Created at",
   "bill.field.vendor": "Vendor",
   "bill.field.bill_number": "Bill number",
@@ -342,22 +363,30 @@
   "inventory_adjustment.field.description": "Description",
   "inventory_adjustment.field.published_at": "Published at",
   "inventory_adjustment.field.created_at": "Created at",
-  "expense.field.payment_date": "Payment date",
-  "expense.field.payment_account": "Payment account",
+  "expense.field.payment_date": "Payment Date",
+  "expense.field.payment_account": "Payment Account",
   "expense.field.amount": "Amount",
+  "expense.field.currency_code": "Currency",
+  "expense.field.exchange_rate": "Exchange Rate", 
   "expense.field.reference_no": "Reference No.",
   "expense.field.description": "Description",
+  "expense.field.line_description": "Line Description",
   "expense.field.published": "Published",
+  "expense.field.categories": "Categories",
+  "expense.field.expense_account": "Expense Account",
+  "expense.field.publish": "Publish",
   "expense.field.status": "Status",
   "expense.field.status.draft": "Draft",
   "expense.field.status.published": "Published",
   "expense.field.created_at": "Created at",
   "manual_journal.field.date": "Date",
-  "manual_journal.field.journal_number": "Journal number",
+  "manual_journal.field.journal_number": "Journal No.",
   "manual_journal.field.reference": "Reference No.",
-  "manual_journal.field.journal_type": "Journal type",
+  "manual_journal.field.journal_type": "Journal Type",
   "manual_journal.field.amount": "Amount",
   "manual_journal.field.description": "Description",
+  "manual_journal.field.currency": "Currency",
+  "manual_journal.field.exchange_rate": "Exchange Rate",
   "manual_journal.field.status": "Status",
   "manual_journal.field.created_at": "Created at",
   "receipt.field.amount": "Amount",
@@ -376,8 +405,8 @@
   "customer.field.last_name": "Last name",
   "customer.field.display_name": "Display name",
   "customer.field.email": "Email",
-  "customer.field.work_phone": "Work phone",
-  "customer.field.personal_phone": "Personal phone",
+  "customer.field.work_phone": "Work Phone Number",
+  "customer.field.personal_phone": "Personal Phone Number",
   "customer.field.company_name": "Company name",
   "customer.field.website": "Website",
   "customer.field.opening_balance_at": "Opening balance at",
@@ -385,7 +414,7 @@
   "customer.field.created_at": "Created at",
   "customer.field.balance": "Balance",
   "customer.field.status": "Status",
-  "customer.field.currency": "Curreny",
+  "customer.field.currency": "Currency",
   "customer.field.status.active": "Active",
   "customer.field.status.inactive": "Inactive",
   "customer.field.status.overdue": "Overdue",
@@ -394,8 +423,8 @@
   "vendor.field.last_name": "Last name",
   "vendor.field.display_name": "Display name",
   "vendor.field.email": "Email",
-  "vendor.field.work_phone": "Work phone",
-  "vendor.field.personal_phone": "Personal phone",
+  "vendor.field.work_phone": "Work Phone Number",
+  "vendor.field.personal_phone": "Personal Phone Number",
   "vendor.field.company_name": "Company name",
   "vendor.field.website": "Website",
   "vendor.field.opening_balance_at": "Opening balance at",
@@ -403,13 +432,16 @@
   "vendor.field.created_at": "Created at",
   "vendor.field.balance": "Balance",
   "vendor.field.status": "Status",
-  "vendor.field.currency": "Curreny",
+  "vendor.field.note": "Note",
+  "vendor.field.currency": "Currency",
   "vendor.field.status.active": "Active",
   "vendor.field.status.inactive": "Inactive",
   "vendor.field.status.overdue": "Overdue",
   "vendor.field.status.unpaid": "Unpaid",
   "Invoice write-off": "Invoice write-off",
 
+  
+
   "transaction_type.credit_note": "Credit note",
   "transaction_type.refund_credit_note": "Refund credit note",
   "transaction_type.vendor_credit": "Vendor credit",

packages/server/resources/scss/modules/export-resource-table.scss

@@ -0,0 +1,38 @@
+@import "../base.scss";
+
+body {
+  font-family: system-ui,-apple-system,"Segoe UI",Roboto,"Helvetica Neue","Noto Sans","Liberation Sans",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";
+  font-size: 12px;
+  line-height: 1.4;
+  margin: 0;
+}
+.sheet__title{
+  margin-bottom: 18px;
+}
+.sheet__title h2{
+  line-height: 1;
+  margin-top: 0;
+  margin-bottom: 10px;
+  font-size: 16px;
+}
+.sheet__table {
+  font-size: inherit;
+  line-height: inherit;
+  width: 100%;
+}
+.sheet__table {
+  table-layout: auto;
+  border-collapse: collapse;  
+  width: 100%;
+}
+.sheet__table thead tr th {
+  border-top: 1px solid #000;
+  border-bottom: 1px solid #000;
+  background: #fff;
+  padding: 8px;
+  line-height: 1.2;
+}
+.sheet__table tbody tr td {
+  padding: 4px 8px;
+  border-bottom: 1px solid #CCC;    
+}

packages/server/resources/scss/modules/financial-sheet.scss

@@ -0,0 +1,57 @@
+@import "../base.scss";
+
+html,
+body {
+  font-size: 14px;
+}
+body{
+  font-weight: 400;
+  letter-spacing: 0;
+  line-height: 1.28581;
+  text-transform: none;
+  color: #000;
+  font-family: Segoe UI, Roboto, Oxygen, Ubuntu, Cantarell, Open Sans, Helvetica Neue, Icons16, sans-serif;
+}
+.sheet{
+  padding: 20px;
+}
+.sheet__company-name{
+  margin: 0;
+  font-size: 1.4rem;
+}
+.sheet__sheet-type {
+  margin: 0
+}
+.sheet__sheet-date {
+  margin-top: 0.35rem;
+}
+
+.sheet__header {
+  text-align: center;
+  margin-bottom: 1rem;
+}
+
+.sheet__table {
+  border-top: 1px solid #000;
+  table-layout: fixed;
+  border-spacing: 0;
+  text-align: left;
+  font-size: inherit;
+  width: 100%;
+}
+
+.sheet__table thead th {
+  color: #000;
+  border-bottom: 1px solid #000000;
+  padding: 0.5rem;
+}
+
+.sheet__table tbody td {
+  border-bottom: 0;
+  padding-top: 0.28rem;
+  padding-bottom: 0.28rem;
+  padding-left: 0.5rem;
+  padding-right: 0.5rem;
+  color: #252A31;
+  border-bottom: 1px solid transparent;
+}

packages/server/resources/views/modules/export-resource-table.pug

@@ -0,0 +1,24 @@
+block head
+  style 
+    include ../../css/modules/export-resource-table.css
+
+style.
+  !{customCSS}
+
+block content 
+  .sheet
+    .sheet__title 
+      h2.sheetTitle= sheetTitle
+      p.sheetDesc= sheetDescription
+
+    table.sheet__table
+      thead
+        tr
+          each column in table.columns
+            th(style=column.style class='column--' + column.key)= column.name
+      tbody
+        each row in table.rows
+          tr(class=row.classNames)
+            each cell in row.cells 
+              td(class='cell--' + cell.key)
+                span!= cell.value

packages/server/resources/views/modules/financial-sheet.pug

@@ -0,0 +1,25 @@
+block head
+  style 
+    include ../../css/modules/financial-sheet.css
+
+style.
+  !{customCSS}
+
+block content 
+  .sheet 
+    .sheet__header 
+      .sheet__company-name=organizationName
+      .sheet__sheet-type=sheetName
+      .sheet__sheet-date=sheetDate
+
+    table.sheet__table
+      thead
+        tr
+          each column in table.columns
+            th(style=column.style class='column--' + column.key)= column.label
+      tbody
+        each row in table.rows
+          tr(class=row.classNames)
+            each cell in row.cells 
+              td(class='cell--' + cell.key)
+                span!= cell.value

packages/server/scripts/gulpConfig.js

@@ -66,12 +66,14 @@ module.exports = {
         // sourcemaps: true, // Allow to enable/disable sourcemaps or pass object to configure it.
         // minify: true, // Allow to enable/disable minify the source.
       },
-    //   {
-    //     src: './assets/sass/editor-style.scss',
-    //     dest: './assets/css',
-    //     sourcemaps: true,
-    //     minify: true,
-    //   },
+      {
+        src: `${RESOURCES_PATH}/scss/modules/financial-sheet.scss`,
+        dest: `${RESOURCES_PATH}/css/modules`,
+      },
+      {
+        src: `${RESOURCES_PATH}/scss/modules/export-resource-table.scss`,
+        dest: `${RESOURCES_PATH}/css/modules`,
+      },
     ],
     // RTL builds.
     rtl: [
@@ -114,7 +116,7 @@ module.exports = {
     // SASS Configuration for all builds.
     sass: {
       errLogToConsole: true,
-    //   outputStyle: 'compact',
+      //   outputStyle: 'compact',
     },
 
     // CSS MQ Packer configuration for all builds and style tasks.

packages/server/src/api/controllers/Accounts.ts

@@ -27,7 +27,7 @@ export default class AccountsController extends BaseController {
   /**
    * Router constructor method.
    */
-  router() {
+  public router() {
     const router = Router();
 
     router.get(
@@ -98,29 +98,25 @@ export default class AccountsController extends BaseController {
   /**
    * Create account DTO Schema validation.
    */
-  get createAccountDTOSchema() {
+  private get createAccountDTOSchema() {
     return [
       check('name')
         .exists()
         .isLength({ min: 3, max: DATATYPES_LENGTH.STRING })
-        .trim()
-        .escape(),
+        .trim(),
       check('code')
         .optional({ nullable: true })
         .isLength({ min: 3, max: 6 })
-        .trim()
-        .escape(),
+        .trim(),
       check('currency_code').optional(),
       check('account_type')
         .exists()
         .isLength({ min: 3, max: DATATYPES_LENGTH.STRING })
-        .trim()
-        .escape(),
+        .trim(),
       check('description')
         .optional({ nullable: true })
         .isLength({ max: DATATYPES_LENGTH.TEXT })
-        .trim()
-        .escape(),
+        .trim(),
       check('parent_account_id')
         .optional({ nullable: true })
         .isInt({ min: 0, max: DATATYPES_LENGTH.INT_10 })
@@ -131,28 +127,24 @@ export default class AccountsController extends BaseController {
   /**
    * Account DTO Schema validation.
    */
-  get editAccountDTOSchema() {
+  private get editAccountDTOSchema() {
     return [
       check('name')
         .exists()
         .isLength({ min: 3, max: DATATYPES_LENGTH.STRING })
-        .trim()
-        .escape(),
+        .trim(),
       check('code')
         .optional({ nullable: true })
         .isLength({ min: 3, max: 6 })
-        .trim()
-        .escape(),
+        .trim(),
       check('account_type')
         .exists()
         .isLength({ min: 3, max: DATATYPES_LENGTH.STRING })
-        .trim()
-        .escape(),
+        .trim(),
       check('description')
         .optional({ nullable: true })
         .isLength({ max: DATATYPES_LENGTH.TEXT })
-        .trim()
-        .escape(),
+        .trim(),
       check('parent_account_id')
         .optional({ nullable: true })
         .isInt({ min: 0, max: DATATYPES_LENGTH.INT_10 })
@@ -160,14 +152,14 @@ export default class AccountsController extends BaseController {
     ];
   }
 
-  get accountParamSchema() {
+  private get accountParamSchema() {
     return [param('id').exists().isNumeric().toInt()];
   }
 
   /**
    * Accounts list validation schema.
    */
-  get accountsListSchema() {
+  private get accountsListSchema() {
     return [
       query('view_slug').optional({ nullable: true }).isString().trim(),
       query('stringified_filter_roles').optional().isJSON(),
@@ -207,7 +199,6 @@ export default class AccountsController extends BaseController {
         tenantId,
         accountDTO
       );
-
       return res.status(200).send({
         id: account.id,
         message: 'The account has been created successfully.',

packages/server/src/api/controllers/Attachments/AttachmentsController.ts

@@ -0,0 +1,266 @@
+import mime from 'mime-types';
+import { Service, Inject } from 'typedi';
+import { Router, Response, NextFunction, Request } from 'express';
+import { body, param } from 'express-validator';
+import BaseController from '@/api/controllers/BaseController';
+import { AttachmentsApplication } from '@/services/Attachments/AttachmentsApplication';
+import { AttachmentUploadPipeline } from '@/services/Attachments/S3UploadPipeline';
+
+@Service()
+export class AttachmentsController extends BaseController {
+  @Inject()
+  private attachmentsApplication: AttachmentsApplication;
+
+  @Inject()
+  private uploadPipelineService: AttachmentUploadPipeline;
+
+  /**
+   * Router constructor.
+   */
+  public router() {
+    const router = Router();
+
+    router.post(
+      '/',
+      this.uploadPipelineService.validateS3Configured,
+      this.uploadPipelineService.uploadPipeline().single('file'),
+      this.validateUploadedFileExistance,
+      this.uploadAttachment.bind(this)
+    );
+    router.delete(
+      '/:id',
+      [param('id').exists()],
+      this.validationResult,
+      this.deleteAttachment.bind(this)
+    );
+    router.get(
+      '/:id',
+      [param('id').exists()],
+      this.validationResult,
+      this.getAttachment.bind(this)
+    );
+    router.post(
+      '/:id/link',
+      [body('modelRef').exists(), body('modelId').exists()],
+      this.validationResult
+    );
+    router.post(
+      '/:id/link',
+      [body('modelRef').exists(), body('modelId').exists()],
+      this.validationResult,
+      this.linkDocument.bind(this)
+    );
+    router.post(
+      '/:id/unlink',
+      [body('modelRef').exists(), body('modelId').exists()],
+      this.validationResult,
+      this.unlinkDocument.bind(this)
+    );
+    router.get(
+      '/:id/presigned-url',
+      [param('id').exists()],
+      this.validationResult,
+      this.getAttachmentPresignedUrl.bind(this)
+    );
+    return router;
+  }
+
+  /**
+   * Validates the upload file existance.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Response|void}
+   */
+  private validateUploadedFileExistance(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    if (!req.file) {
+      return res.boom.badRequest(null, {
+        errorType: 'FILE_UPLOAD_FAILED',
+        message: 'Now file uploaded.',
+      });
+    }
+    next();
+  }
+
+  /**
+   * Uploads the attachments to S3 and store the file metadata to DB.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Response|void}
+   */
+  private async uploadAttachment(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const file = req.file;
+
+    try {
+      const data = await this.attachmentsApplication.upload(tenantId, file);
+
+      return res.status(200).send({
+        status: 200,
+        message: 'The document has uploaded successfully.',
+        data,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the given attachment key.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|void>}
+   */
+  private async getAttachment(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { id } = req.params;
+
+    try {
+      const data = await this.attachmentsApplication.get(tenantId, id);
+
+      const byte = await data.Body.transformToByteArray();
+      const extension = mime.extension(data.ContentType);
+      const buffer = Buffer.from(byte);
+
+      res.set(
+        'Content-Disposition',
+        `filename="${req.params.id}.${extension}"`
+      );
+      res.set('Content-Type', data.ContentType);
+      res.send(buffer);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Deletes the given document key.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|void>}
+   */
+  private async deleteAttachment(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { id: documentId } = req.params;
+
+    try {
+      await this.attachmentsApplication.delete(tenantId, documentId);
+
+      return res.status(200).send({
+        status: 200,
+        message: 'The document has been delete successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Links the given document key.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|void>}
+   */
+  private async linkDocument(
+    req: Request,
+    res: Response,
+    next: Function
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { id: documentId } = req.params;
+    const { modelRef, modelId } = this.matchedBodyData(req);
+
+    try {
+      await this.attachmentsApplication.link(
+        tenantId,
+        documentId,
+        modelRef,
+        modelId
+      );
+      return res.status(200).send({
+        status: 200,
+        message: 'The document has been linked successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Links the given document key.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|void>}
+   */
+  private async unlinkDocument(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { id: documentId } = req.params;
+    const { modelRef, modelId } = this.matchedBodyData(req);
+
+    try {
+      await this.attachmentsApplication.link(
+        tenantId,
+        documentId,
+        modelRef,
+        modelId
+      );
+      return res.status(200).send({
+        status: 200,
+        message: 'The document has been linked successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retreives the presigned url of the given attachment key.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|void>}
+   */
+  private async getAttachmentPresignedUrl(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { id: documentKey } = req.params;
+
+    try {
+      const presignedUrl = await this.attachmentsApplication.getPresignedUrl(
+        tenantId,
+        documentKey
+      );
+      return res.status(200).send({ presignedUrl });
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Authentication.ts

@@ -9,6 +9,8 @@ import { DATATYPES_LENGTH } from '@/data/DataTypes';
 import LoginThrottlerMiddleware from '@/api/middleware/LoginThrottlerMiddleware';
 import AuthenticationApplication from '@/services/Authentication/AuthApplication';
 
+import JWTAuth from '@/api/middleware/jwtAuth';
+import AttachCurrentTenantUser from '@/api/middleware/AttachCurrentTenantUser';
 @Service()
 export default class AuthenticationController extends BaseController {
   @Inject()
@@ -28,6 +30,20 @@ export default class AuthenticationController extends BaseController {
       asyncMiddleware(this.login.bind(this)),
       this.handlerErrors
     );
+    router.use('/register/verify/resend', JWTAuth);
+    router.use('/register/verify/resend', AttachCurrentTenantUser);
+    router.post(
+      '/register/verify/resend',
+      asyncMiddleware(this.registerVerifyResendMail.bind(this)),
+      this.handlerErrors
+    );
+    router.post(
+      '/register/verify',
+      this.signupVerifySchema,
+      this.validationResult,
+      asyncMiddleware(this.registerVerify.bind(this)),
+      this.handlerErrors
+    );
     router.post(
       '/register',
       this.registerSchema,
@@ -74,31 +90,38 @@ export default class AuthenticationController extends BaseController {
         .exists()
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('last_name')
         .exists()
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('email')
         .exists()
         .isString()
         .isEmail()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('password')
         .exists()
         .isString()
         .isLength({ min: 6 })
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
     ];
   }
 
+  private get signupVerifySchema(): ValidationChain[] {
+    return [
+      check('email')
+        .exists()
+        .isString()
+        .isEmail()
+        .isLength({ max: DATATYPES_LENGTH.STRING }),
+      check('token').exists().isString(),
+    ];
+  }
+
   /**
    * Reset password schema.
    * @returns {ValidationChain[]}
@@ -123,7 +146,7 @@ export default class AuthenticationController extends BaseController {
    * @returns {ValidationChain[]}
    */
   private get sendResetPasswordSchema(): ValidationChain[] {
-    return [check('email').exists().isEmail().trim().escape()];
+    return [check('email').exists().isEmail().trim()];
   }
 
   /**
@@ -131,7 +154,11 @@ export default class AuthenticationController extends BaseController {
    * @param {Request} req
    * @param {Response} res
    */
-  private async login(req: Request, res: Response, next: Function): Response {
+  private async login(
+    req: Request,
+    res: Response,
+    next: Function
+  ): Promise<Response | null> {
     const userDTO: ILoginDTO = this.matchedBodyData(req);
 
     try {
@@ -166,6 +193,58 @@ export default class AuthenticationController extends BaseController {
     }
   }
 
+  /**
+   * Verifies the provider user's email after signin-up.
+   * @param {Request} req
+   * @param {Response}| res
+   * @param {Function} next
+   * @returns {Response|void}
+   */
+  private async registerVerify(req: Request, res: Response, next: Function) {
+    const signUpVerifyDTO: { email: string; token: string } =
+      this.matchedBodyData(req);
+
+    try {
+      const user = await this.authApplication.signUpConfirm(
+        signUpVerifyDTO.email,
+        signUpVerifyDTO.token
+      );
+      return res.status(200).send({
+        type: 'success',
+        message: 'The given user has verified successfully',
+        user,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Resends the confirmation email to the user.
+   * @param {Request} req
+   * @param {Response}| res
+   * @param {Function} next
+   */
+  private async registerVerifyResendMail(
+    req: Request,
+    res: Response,
+    next: Function
+  ) {
+    const { user } = req;
+
+    try {
+      const data = await this.authApplication.signUpConfirmResend(user.id);
+
+      return res.status(200).send({
+        type: 'success',
+        message: 'The given user has verified successfully',
+        data,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
   /**
    * Send reset password handler
    * @param {Request} req

packages/server/src/api/controllers/Banking/BankAccountsController.ts

@@ -0,0 +1,218 @@
+import { Inject, Service } from 'typedi';
+import { NextFunction, Request, Response, Router } from 'express';
+import { param, query } from 'express-validator';
+import BaseController from '@/api/controllers/BaseController';
+import { GetBankAccountSummary } from '@/services/Banking/BankAccounts/GetBankAccountSummary';
+import { BankAccountsApplication } from '@/services/Banking/BankAccounts/BankAccountsApplication';
+import { GetPendingBankAccountTransactions } from '@/services/Cashflow/GetPendingBankAccountTransaction';
+
+@Service()
+export class BankAccountsController extends BaseController {
+  @Inject()
+  private getBankAccountSummaryService: GetBankAccountSummary;
+
+  @Inject()
+  private bankAccountsApp: BankAccountsApplication;
+
+  @Inject()
+  private getPendingTransactionsService: GetPendingBankAccountTransactions;
+
+  /**
+   * Router constructor.
+   */
+  router() {
+    const router = Router();
+
+    router.get('/:bankAccountId/meta', this.getBankAccountSummary.bind(this));
+    router.get(
+      '/pending_transactions',
+      [
+        query('account_id').optional().isNumeric().toInt(),
+        query('page').optional().isNumeric().toInt(),
+        query('page_size').optional().isNumeric().toInt(),
+      ],
+      this.validationResult,
+      this.getBankAccountsPendingTransactions.bind(this)
+    );
+    router.post(
+      '/:bankAccountId/disconnect',
+      this.disconnectBankAccount.bind(this)
+    );
+    router.post('/:bankAccountId/update', this.refreshBankAccount.bind(this));
+    router.post(
+      '/:bankAccountId/pause_feeds',
+      [param('bankAccountId').exists().isNumeric().toInt()],
+      this.validationResult,
+      this.pauseBankAccountFeeds.bind(this)
+    );
+    router.post(
+      '/:bankAccountId/resume_feeds',
+      [param('bankAccountId').exists().isNumeric().toInt()],
+      this.validationResult,
+      this.resumeBankAccountFeeds.bind(this)
+    );
+
+    return router;
+  }
+
+  /**
+   * Retrieves the bank account meta summary.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  async getBankAccountSummary(
+    req: Request<{ bankAccountId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { bankAccountId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      const data =
+        await this.getBankAccountSummaryService.getBankAccountSummary(
+          tenantId,
+          bankAccountId
+        );
+      return res.status(200).send({ data });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the bank account pending transactions.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  async getBankAccountsPendingTransactions(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const query = this.matchedQueryData(req);
+
+    try {
+      const data =
+        await this.getPendingTransactionsService.getPendingTransactions(
+          tenantId,
+          query
+        );
+      return res.status(200).send(data);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Disonnect the given bank account.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  async disconnectBankAccount(
+    req: Request<{ bankAccountId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { bankAccountId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      await this.bankAccountsApp.disconnectBankAccount(tenantId, bankAccountId);
+
+      return res.status(200).send({
+        id: bankAccountId,
+        message: 'The bank account has been disconnected.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Refresh the given bank account.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  async refreshBankAccount(
+    req: Request<{ bankAccountId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { bankAccountId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      await this.bankAccountsApp.refreshBankAccount(tenantId, bankAccountId);
+
+      return res.status(200).send({
+        id: bankAccountId,
+        message: 'The bank account has been disconnected.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Resumes the bank account feeds sync.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response | void>}
+   */
+  async resumeBankAccountFeeds(
+    req: Request<{ bankAccountId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { bankAccountId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      await this.bankAccountsApp.resumeBankAccount(tenantId, bankAccountId);
+
+      return res.status(200).send({
+        message: 'The bank account feeds syncing has been resumed.',
+        id: bankAccountId,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Pauses the bank account feeds sync.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response | void>}
+   */
+  async pauseBankAccountFeeds(
+    req: Request<{ bankAccountId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { bankAccountId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      await this.bankAccountsApp.pauseBankAccount(tenantId, bankAccountId);
+
+      return res.status(200).send({
+        message: 'The bank account feeds syncing has been paused.',
+        id: bankAccountId,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Banking/BankTransactionsMatchingController.ts

@@ -0,0 +1,101 @@
+import { Inject, Service } from 'typedi';
+import { body, param } from 'express-validator';
+import { NextFunction, Request, Response, Router } from 'express';
+import BaseController from '@/api/controllers/BaseController';
+import { MatchBankTransactionsApplication } from '@/services/Banking/Matching/MatchBankTransactionsApplication';
+
+@Service()
+export class BankTransactionsMatchingController extends BaseController {
+  @Inject()
+  private bankTransactionsMatchingApp: MatchBankTransactionsApplication;
+
+  /**
+   * Router constructor.
+   */
+  public router() {
+    const router = Router();
+
+    router.post(
+      '/unmatch/:transactionId',
+      [param('transactionId').exists()],
+      this.validationResult,
+      this.unmatchMatchedBankTransaction.bind(this)
+    );
+    router.post(
+      '/match',
+      [
+        body('uncategorizedTransactions').exists().isArray({ min: 1 }),
+        body('uncategorizedTransactions.*').isNumeric().toInt(),
+
+        body('matchedTransactions').isArray({ min: 1 }),
+        body('matchedTransactions.*.reference_type').exists(),
+        body('matchedTransactions.*.reference_id').isNumeric().toInt(),
+      ],
+      this.validationResult,
+      this.matchBankTransaction.bind(this)
+    );
+    return router;
+  }
+
+  /**
+   * Matches the given bank transaction.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  private async matchBankTransaction(
+    req: Request<{ transactionId: number }>,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | null> {
+    const { tenantId } = req;
+    const bodyData = this.matchedBodyData(req);
+
+    const uncategorizedTransactions = bodyData?.uncategorizedTransactions;
+    const matchedTransactions = bodyData?.matchedTransactions;
+
+    try {
+      await this.bankTransactionsMatchingApp.matchTransaction(
+        tenantId,
+        uncategorizedTransactions,
+        matchedTransactions
+      );
+      return res.status(200).send({
+        ids: uncategorizedTransactions,
+        message: 'The bank transaction has been matched.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Unmatches the matched bank transaction.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  private async unmatchMatchedBankTransaction(
+    req: Request<{ transactionId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const { transactionId } = req.params;
+
+    try {
+      await this.bankTransactionsMatchingApp.unmatchMatchedTransaction(
+        tenantId,
+        transactionId
+      );
+      return res.status(200).send({
+        id: transactionId,
+        message: 'The bank matched transaction has been unmatched.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Banking/BankingController.ts

@@ -0,0 +1,39 @@
+import Container, { Inject, Service } from 'typedi';
+import { Router } from 'express';
+import BaseController from '@/api/controllers/BaseController';
+import { PlaidBankingController } from './PlaidBankingController';
+import { BankingRulesController } from './BankingRulesController';
+import { BankTransactionsMatchingController } from './BankTransactionsMatchingController';
+import { RecognizedTransactionsController } from './RecognizedTransactionsController';
+import { BankAccountsController } from './BankAccountsController';
+import { BankingUncategorizedController } from './BankingUncategorizedController';
+
+@Service()
+export class BankingController extends BaseController {
+  /**
+   * Router constructor.
+   */
+  public router() {
+    const router = Router();
+
+    router.use('/plaid', Container.get(PlaidBankingController).router());
+    router.use('/rules', Container.get(BankingRulesController).router());
+    router.use(
+      '/matches',
+      Container.get(BankTransactionsMatchingController).router()
+    );
+    router.use(
+      '/recognized',
+      Container.get(RecognizedTransactionsController).router()
+    );
+    router.use(
+      '/bank_accounts',
+      Container.get(BankAccountsController).router()
+    );
+    router.use(
+      '/categorize',
+      Container.get(BankingUncategorizedController).router()
+    );
+    return router;
+  }
+}

packages/server/src/api/controllers/Banking/BankingRulesController.ts

@@ -0,0 +1,214 @@
+import { Inject, Service } from 'typedi';
+import { NextFunction, Request, Response, Router } from 'express';
+import BaseController from '@/api/controllers/BaseController';
+import { BankRulesApplication } from '@/services/Banking/Rules/BankRulesApplication';
+import { body, param } from 'express-validator';
+import {
+  ICreateBankRuleDTO,
+  IEditBankRuleDTO,
+} from '@/services/Banking/Rules/types';
+
+@Service()
+export class BankingRulesController extends BaseController {
+  @Inject()
+  private bankRulesApplication: BankRulesApplication;
+
+  /**
+   * Bank rule DTO validation schema.
+   */
+  private get bankRuleValidationSchema() {
+    return [
+      body('name').isString().exists(),
+      body('order').isInt({ min: 0 }),
+
+      // Apply to if transaction is.
+      body('apply_if_account_id')
+        .isInt({ min: 0 })
+        .optional({ nullable: true }),
+      body('apply_if_transaction_type').isIn(['deposit', 'withdrawal']),
+
+      // Conditions
+      body('conditions_type').isString().isIn(['and', 'or']).default('and'),
+      body('conditions').isArray({ min: 1 }),
+      body('conditions.*.field').exists().isIn(['description', 'amount']),
+      body('conditions.*.comparator')
+        .exists()
+        .isIn([
+          'equals',
+          'equal',
+          'contains',
+          'not_contain',
+          'bigger',
+          'bigger_or_equal',
+          'smaller',
+          'smaller_or_equal',
+        ])
+        .default('contain')
+        .trim(),
+      body('conditions.*.value').exists().trim(),
+
+      // Assign
+      body('assign_category').isString(),
+      body('assign_account_id').isInt({ min: 0 }),
+      body('assign_payee').isString().optional({ nullable: true }),
+      body('assign_memo').isString().optional({ nullable: true }),
+    ];
+  }
+
+  /**
+   * Router constructor.
+   */
+  public router() {
+    const router = Router();
+
+    router.post(
+      '/',
+      [...this.bankRuleValidationSchema],
+      this.validationResult,
+      this.createBankRule.bind(this)
+    );
+    router.post(
+      '/:id',
+      [param('id').toInt().exists(), ...this.bankRuleValidationSchema],
+      this.validationResult,
+      this.editBankRule.bind(this)
+    );
+    router.delete(
+      '/:id',
+      [param('id').toInt().exists()],
+      this.validationResult,
+      this.deleteBankRule.bind(this)
+    );
+    router.get(
+      '/:id',
+      [param('id').toInt().exists()],
+      this.validationResult,
+      this.getBankRule.bind(this)
+    );
+    router.get(
+      '/',
+      [param('id').toInt().exists()],
+      this.validationResult,
+      this.getBankRules.bind(this)
+    );
+    return router;
+  }
+
+  /**
+   * Creates a new bank rule.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async createBankRule(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const createBankRuleDTO = this.matchedBodyData(req) as ICreateBankRuleDTO;
+
+    try {
+      const bankRule = await this.bankRulesApplication.createBankRule(
+        tenantId,
+        createBankRuleDTO
+      );
+      return res.status(200).send({
+        id: bankRule.id,
+        message: 'The bank rule has been created successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Edits the given bank rule.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async editBankRule(req: Request, res: Response, next: NextFunction) {
+    const { tenantId } = req;
+    const { id: ruleId } = req.params;
+    const editBankRuleDTO = this.matchedBodyData(req) as IEditBankRuleDTO;
+
+    try {
+      await this.bankRulesApplication.editBankRule(
+        tenantId,
+        ruleId,
+        editBankRuleDTO
+      );
+      return res.status(200).send({
+        id: ruleId,
+        message: 'The bank rule has been updated successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Deletes the given bank rule.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async deleteBankRule(
+    req: Request<{ id: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { id: ruleId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      await this.bankRulesApplication.deleteBankRule(tenantId, ruleId);
+
+      return res
+        .status(200)
+        .send({ message: 'The bank rule has been deleted.', id: ruleId });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieve the given bank rule.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async getBankRule(req: Request, res: Response, next: NextFunction) {
+    const { id: ruleId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      const bankRule = await this.bankRulesApplication.getBankRule(
+        tenantId,
+        ruleId
+      );
+
+      return res.status(200).send({ bankRule });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the bank rules.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async getBankRules(req: Request, res: Response, next: NextFunction) {
+    const { tenantId } = req;
+
+    try {
+      const bankRules = await this.bankRulesApplication.getBankRules(tenantId);
+      return res.status(200).send({ bankRules });
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Banking/BankingUncategorizedController.ts

@@ -0,0 +1,57 @@
+import { Inject, Service } from 'typedi';
+import { NextFunction, Request, Response, Router } from 'express';
+import { query } from 'express-validator';
+import BaseController from '../BaseController';
+import { GetAutofillCategorizeTransaction } from '@/services/Banking/RegonizeTranasctions/GetAutofillCategorizeTransaction';
+
+@Service()
+export class BankingUncategorizedController extends BaseController {
+  @Inject()
+  private getAutofillCategorizeTransactionService: GetAutofillCategorizeTransaction;
+
+  /**
+   * Router constructor.
+   */
+  router() {
+    const router = Router();
+
+    router.get(
+      '/autofill',
+      [
+        query('uncategorizedTransactionIds').isArray({ min: 1 }),
+        query('uncategorizedTransactionIds.*').isNumeric().toInt(),
+      ],
+      this.validationResult,
+      this.getAutofillCategorizeTransaction.bind(this)
+    );
+    return router;
+  }
+
+  /**
+   * Retrieves the autofill values of the categorize form of the given
+   * uncategorized transactions.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response | null>}
+   */
+  public async getAutofillCategorizeTransaction(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const uncategorizedTransactionIds = req.query.uncategorizedTransactionIds;
+
+    try {
+      const data =
+        await this.getAutofillCategorizeTransactionService.getAutofillCategorizeTransaction(
+          tenantId,
+          uncategorizedTransactionIds
+        );
+      return res.status(200).send({ data });
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Banking/ExcludeBankTransactionsController.ts

@@ -0,0 +1,201 @@
+import { Inject, Service } from 'typedi';
+import { body, param, query } from 'express-validator';
+import { NextFunction, Request, Response, Router } from 'express';
+import BaseController from '../BaseController';
+import { ExcludeBankTransactionsApplication } from '@/services/Banking/Exclude/ExcludeBankTransactionsApplication';
+import { map, parseInt, trim } from 'lodash';
+
+@Service()
+export class ExcludeBankTransactionsController extends BaseController {
+  @Inject()
+  private excludeBankTransactionApp: ExcludeBankTransactionsApplication;
+
+  /**
+   * Router constructor.
+   */
+  public router() {
+    const router = Router();
+
+    router.put(
+      '/transactions/exclude',
+      [body('ids').exists()],
+      this.validationResult,
+      this.excludeBulkBankTransactions.bind(this)
+    );
+    router.put(
+      '/transactions/unexclude',
+      [body('ids').exists()],
+      this.validationResult,
+      this.unexcludeBulkBankTransactins.bind(this)
+    );
+    router.put(
+      '/transactions/:transactionId/exclude',
+      [param('transactionId').exists().toInt()],
+      this.validationResult,
+      this.excludeBankTransaction.bind(this)
+    );
+    router.put(
+      '/transactions/:transactionId/unexclude',
+      [param('transactionId').exists()],
+      this.validationResult,
+      this.unexcludeBankTransaction.bind(this)
+    );
+    router.get(
+      '/excluded',
+      [
+        query('account_id').optional().isNumeric().toInt(),
+        query('page').optional().isNumeric().toInt(),
+        query('page_size').optional().isNumeric().toInt(),
+        query('min_date').optional({ nullable: true }).isISO8601().toDate(),
+        query('max_date').optional({ nullable: true }).isISO8601().toDate(),
+        query('min_amount').optional({ nullable: true }).isFloat().toFloat(),
+        query('max_amount').optional({ nullable: true }).isFloat().toFloat(),
+      ],
+      this.validationResult,
+      this.getExcludedBankTransactions.bind(this)
+    );
+    return router;
+  }
+
+  /**
+   * Marks a bank transaction as excluded.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns
+   */
+  private async excludeBankTransaction(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { transactionId } = req.params;
+
+    try {
+      await this.excludeBankTransactionApp.excludeBankTransaction(
+        tenantId,
+        transactionId
+      );
+      return res.status(200).send({
+        message: 'The bank transaction has been excluded.',
+        id: transactionId,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Marks a bank transaction as not excluded.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|void>}
+   */
+  private async unexcludeBankTransaction(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { transactionId } = req.params;
+
+    try {
+      await this.excludeBankTransactionApp.unexcludeBankTransaction(
+        tenantId,
+        transactionId
+      );
+      return res.status(200).send({
+        message: 'The bank transaction has been unexcluded.',
+        id: transactionId,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Exclude bank transactions in bulk.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async excludeBulkBankTransactions(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const { ids } = this.matchedBodyData(req);
+
+    try {
+      await this.excludeBankTransactionApp.excludeBankTransactions(
+        tenantId,
+        ids
+      );
+      return res.status(200).send({
+        message: 'The given bank transactions have been excluded',
+        ids,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Unexclude the given bank transactions in bulk.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response | null>}
+   */
+  private async unexcludeBulkBankTransactins(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | null> {
+    const { tenantId } = req;
+    const { ids } = this.matchedBodyData(req);
+
+    try {
+      await this.excludeBankTransactionApp.unexcludeBankTransactions(
+        tenantId,
+        ids
+      );
+      return res.status(200).send({
+        message: 'The given bank transactions have been excluded',
+        ids,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the excluded uncategorized bank transactions.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  private async getExcludedBankTransactions(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const filter = this.matchedQueryData(req);
+
+    try {
+      const data =
+        await this.excludeBankTransactionApp.getExcludedBankTransactions(
+          tenantId,
+          filter
+        );
+      return res.status(200).send(data);
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Banking/PlaidBankingController.ts

@@ -0,0 +1,53 @@
+import { Inject, Service } from 'typedi';
+import { Router, Request, Response } from 'express';
+import BaseController from '@/api/controllers/BaseController';
+import { PlaidApplication } from '@/services/Banking/Plaid/PlaidApplication';
+
+@Service()
+export class PlaidBankingController extends BaseController {
+  @Inject()
+  private plaidApp: PlaidApplication;
+
+  /**
+   * Router constructor.
+   */
+  router() {
+    const router = Router();
+
+    router.post('/link-token', this.linkToken.bind(this));
+    router.post('/exchange-token', this.exchangeToken.bind(this));
+
+    return router;
+  }
+
+  /**
+   * Retrieves the Plaid link token.
+   * @param {Request} req
+   * @param {response} res
+   * @returns {Response}
+   */
+  private async linkToken(req: Request, res: Response) {
+    const { tenantId } = req;
+
+    const linkToken = await this.plaidApp.getLinkToken(tenantId);
+
+    return res.status(200).send(linkToken);
+  }
+
+  /**
+   * Exchanges the given public token.
+   * @param {Request} req
+   * @param {response} res
+   * @returns {Response}
+   */
+  public async exchangeToken(req: Request, res: Response) {
+    const { tenantId } = req;
+    const { public_token, institution_id } = req.body;
+
+    await this.plaidApp.exchangeToken(tenantId, {
+      institutionId: institution_id,
+      publicToken: public_token,
+    });
+    return res.status(200).send({});
+  }
+}

packages/server/src/api/controllers/Banking/RecognizedTransactionsController.ts

@@ -0,0 +1,91 @@
+import { Inject, Service } from 'typedi';
+import { NextFunction, Request, Response, Router } from 'express';
+import { query } from 'express-validator';
+import BaseController from '@/api/controllers/BaseController';
+import { CashflowApplication } from '@/services/Cashflow/CashflowApplication';
+
+@Service()
+export class RecognizedTransactionsController extends BaseController {
+  @Inject()
+  private cashflowApplication: CashflowApplication;
+
+  /**
+   * Router constructor.
+   */
+  router() {
+    const router = Router();
+
+    router.get(
+      '/',
+      [
+        query('page').optional().isNumeric().toInt(),
+        query('page_size').optional().isNumeric().toInt(),
+        query('account_id').optional().isNumeric().toInt(),
+        query('min_date').optional({ nullable: true }).isISO8601().toDate(),
+        query('max_date').optional({ nullable: true }).isISO8601().toDate(),
+        query('min_amount').optional({ nullable: true }).isFloat().toFloat(),
+        query('max_amount').optional({ nullable: true }).isFloat().isFloat(),
+      ],
+      this.validationResult,
+      this.getRecognizedTransactions.bind(this)
+    );
+    router.get(
+      '/transactions/:uncategorizedTransactionId',
+      this.getRecognizedTransaction.bind(this)
+    );
+
+    return router;
+  }
+
+  /**
+   * Retrieves the recognized bank transactions.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  async getRecognizedTransactions(
+    req: Request<{ accountId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const filter = this.matchedQueryData(req);
+    const { tenantId } = req;
+
+    try {
+      const data = await this.cashflowApplication.getRecognizedTransactions(
+        tenantId,
+        filter
+      );
+      return res.status(200).send(data);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the recognized transaction of the ginen uncategorized transaction.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  async getRecognizedTransaction(
+    req: Request<{ uncategorizedTransactionId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const { uncategorizedTransactionId } = req.params;
+
+    try {
+      const data = await this.cashflowApplication.getRecognizedTransaction(
+        tenantId,
+        uncategorizedTransactionId
+      );
+      return res.status(200).send({ data });
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Cashflow/CashflowController.ts

@@ -4,6 +4,7 @@ import CommandCashflowTransaction from './NewCashflowTransaction';
 import DeleteCashflowTransaction from './DeleteCashflowTransaction';
 import GetCashflowTransaction from './GetCashflowTransaction';
 import GetCashflowAccounts from './GetCashflowAccounts';
+import { ExcludeBankTransactionsController } from '../Banking/ExcludeBankTransactionsController';
 
 @Service()
 export default class CashflowController {
@@ -13,9 +14,10 @@ export default class CashflowController {
   router() {
     const router = Router();
 
+    router.use(Container.get(CommandCashflowTransaction).router());
+    router.use(Container.get(ExcludeBankTransactionsController).router());
     router.use(Container.get(GetCashflowTransaction).router());
     router.use(Container.get(GetCashflowAccounts).router());
-    router.use(Container.get(CommandCashflowTransaction).router());
     router.use(Container.get(DeleteCashflowTransaction).router());
 
     return router;

packages/server/src/api/controllers/Cashflow/DeleteCashflowTransaction.ts

@@ -3,14 +3,15 @@ import { Router, Request, Response, NextFunction } from 'express';
 import { param } from 'express-validator';
 import BaseController from '../BaseController';
 import { ServiceError } from '@/exceptions';
-import DeleteCashflowTransactionService from '../../../services/Cashflow/DeleteCashflowTransactionService';
 import CheckPolicies from '@/api/middleware/CheckPolicies';
+
 import { AbilitySubject, CashflowAction } from '@/interfaces';
+import { CashflowApplication } from '@/services/Cashflow/CashflowApplication';
 
 @Service()
-export default class DeleteCashflowTransaction extends BaseController {
+export default class DeleteCashflowTransactionController extends BaseController {
   @Inject()
-  deleteCashflowService: DeleteCashflowTransactionService;
+  private cashflowApplication: CashflowApplication;
 
   /**
    * Controller router.
@@ -44,7 +45,7 @@ export default class DeleteCashflowTransaction extends BaseController {
 
     try {
       const { oldCashflowTransaction } =
-        await this.deleteCashflowService.deleteCashflowTransaction(
+        await this.cashflowApplication.deleteTransaction(
           tenantId,
           transactionId
         );
@@ -92,6 +93,19 @@ export default class DeleteCashflowTransaction extends BaseController {
           ],
         });
       }
+      if (
+        error.errorType ===
+        'CANNOT_DELETE_TRANSACTION_CONVERTED_FROM_UNCATEGORIZED'
+      ) {
+        return res.boom.badRequest(null, {
+          errors: [
+            {
+              type: 'CANNOT_DELETE_TRANSACTION_CONVERTED_FROM_UNCATEGORIZED',
+              code: 4100,
+            },
+          ],
+        });
+      }
     }
     next(error);
   }

packages/server/src/api/controllers/Cashflow/GetCashflowAccounts.ts

@@ -1,20 +1,16 @@
 import { Service, Inject } from 'typedi';
 import { Router, Request, Response, NextFunction } from 'express';
-import { param, query } from 'express-validator';
-import GetCashflowAccountsService from '@/services/Cashflow/GetCashflowAccountsService';
+import { query } from 'express-validator';
 import BaseController from '../BaseController';
-import GetCashflowTransactionsService from '@/services/Cashflow/GetCashflowTransactionsService';
 import { ServiceError } from '@/exceptions';
 import CheckPolicies from '@/api/middleware/CheckPolicies';
 import { AbilitySubject, CashflowAction } from '@/interfaces';
+import { CashflowApplication } from '@/services/Cashflow/CashflowApplication';
 
 @Service()
 export default class GetCashflowAccounts extends BaseController {
   @Inject()
-  getCashflowAccountsService: GetCashflowAccountsService;
-
-  @Inject()
-  getCashflowTransactionsService: GetCashflowTransactionsService;
+  private cashflowApplication: CashflowApplication;
 
   /**
    * Controller router.
@@ -35,7 +31,6 @@ export default class GetCashflowAccounts extends BaseController {
         query('search_keyword').optional({ nullable: true }).isString().trim(),
       ],
       this.asyncMiddleware(this.getCashflowAccounts),
-      this.catchServiceErrors
     );
     return router;
   }
@@ -62,10 +57,7 @@ export default class GetCashflowAccounts extends BaseController {
 
     try {
       const cashflowAccounts =
-        await this.getCashflowAccountsService.getCashflowAccounts(
-          tenantId,
-          filter
-        );
+        await this.cashflowApplication.getCashflowAccounts(tenantId, filter);
 
       return res.status(200).send({
         cashflow_accounts: this.transfromToResponse(cashflowAccounts),
@@ -74,22 +66,4 @@ export default class GetCashflowAccounts extends BaseController {
       next(error);
     }
   };
-
-  /**
-   * Catches the service errors.
-   * @param {Error} error - Error.
-   * @param {Request} req - Request.
-   * @param {Response} res - Response.
-   * @param {NextFunction} next -
-   */
-  private catchServiceErrors(
-    error,
-    req: Request,
-    res: Response,
-    next: NextFunction
-  ) {
-    if (error instanceof ServiceError) {
-    }
-    next(error);
-  }
 }

packages/server/src/api/controllers/Cashflow/GetCashflowTransaction.ts

@@ -1,16 +1,21 @@
 import { Service, Inject } from 'typedi';
 import { Router, Request, Response, NextFunction } from 'express';
-import { param } from 'express-validator';
+import { param, query } from 'express-validator';
 import BaseController from '../BaseController';
-import GetCashflowTransactionsService from '@/services/Cashflow/GetCashflowTransactionsService';
 import { ServiceError } from '@/exceptions';
 import CheckPolicies from '@/api/middleware/CheckPolicies';
 import { AbilitySubject, CashflowAction } from '@/interfaces';
+import { CashflowApplication } from '@/services/Cashflow/CashflowApplication';
+import { GetMatchedTransactionsFilter } from '@/services/Banking/Matching/types';
+import { MatchBankTransactionsApplication } from '@/services/Banking/Matching/MatchBankTransactionsApplication';
 
 @Service()
 export default class GetCashflowAccounts extends BaseController {
   @Inject()
-  getCashflowTransactionsService: GetCashflowTransactionsService;
+  private cashflowApplication: CashflowApplication;
+
+  @Inject()
+  private bankTransactionsMatchingApp: MatchBankTransactionsApplication;
 
   /**
    * Controller router.
@@ -18,6 +23,15 @@ export default class GetCashflowAccounts extends BaseController {
   public router() {
     const router = Router();
 
+    router.get(
+      '/transactions/matches',
+      [
+        query('uncategorizeTransactionsIds').exists().isArray({ min: 1 }),
+        query('uncategorizeTransactionsIds.*').exists().isNumeric().toInt(),
+      ],
+      this.validationResult,
+      this.getMatchedTransactions.bind(this)
+    );
     router.get(
       '/transactions/:transactionId',
       CheckPolicies(CashflowAction.View, AbilitySubject.Cashflow),
@@ -35,7 +49,7 @@ export default class GetCashflowAccounts extends BaseController {
    * @param {NextFunction} next
    */
   private getCashflowTransaction = async (
-    req: Request,
+    req: Request<{ transactionId: number }>,
     res: Response,
     next: NextFunction
   ) => {
@@ -43,12 +57,10 @@ export default class GetCashflowAccounts extends BaseController {
     const { transactionId } = req.params;
 
     try {
-      const cashflowTransaction =
-        await this.getCashflowTransactionsService.getCashflowTransaction(
-          tenantId,
-          transactionId
-        );
-
+      const cashflowTransaction = await this.cashflowApplication.getTransaction(
+        tenantId,
+        transactionId
+      );
       return res.status(200).send({
         cashflow_transaction: this.transfromToResponse(cashflowTransaction),
       });
@@ -57,6 +69,39 @@ export default class GetCashflowAccounts extends BaseController {
     }
   };
 
+  /**
+   * Retrieves the matched transactions.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async getMatchedTransactions(
+    req: Request<
+      { transactionId: number },
+      null,
+      null,
+      { uncategorizeTransactionsIds: Array<number> }
+    >,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const uncategorizeTransactionsIds = req.query.uncategorizeTransactionsIds;
+    const filter = this.matchedQueryData(req) as GetMatchedTransactionsFilter;
+
+    try {
+      const data =
+        await this.bankTransactionsMatchingApp.getMatchedTransactions(
+          tenantId,
+          uncategorizeTransactionsIds,
+          filter
+        );
+      return res.status(200).send(data);
+    } catch (error) {
+      next(error);
+    }
+  }
+
   /**
    * Catches the service errors.
    * @param {Error} error - Error.

packages/server/src/api/controllers/Cashflow/NewCashflowTransaction.ts

@@ -1,16 +1,21 @@
 import { Service, Inject } from 'typedi';
-import { check } from 'express-validator';
+import { ValidationChain, body, check, param, query } from 'express-validator';
 import { Router, Request, Response, NextFunction } from 'express';
+import { omit } from 'lodash';
 import BaseController from '../BaseController';
 import { ServiceError } from '@/exceptions';
-import NewCashflowTransactionService from '@/services/Cashflow/NewCashflowTransactionService';
 import CheckPolicies from '@/api/middleware/CheckPolicies';
-import { AbilitySubject, CashflowAction } from '@/interfaces';
+import {
+  AbilitySubject,
+  CashflowAction,
+  ICategorizeCashflowTransactioDTO,
+} from '@/interfaces';
+import { CashflowApplication } from '@/services/Cashflow/CashflowApplication';
 
 @Service()
 export default class NewCashflowTransactionController extends BaseController {
   @Inject()
-  private newCashflowTranscationService: NewCashflowTransactionService;
+  private cashflowApplication: CashflowApplication;
 
   /**
    * Router constructor.
@@ -18,6 +23,18 @@ export default class NewCashflowTransactionController extends BaseController {
   public router() {
     const router = Router();
 
+    router.get(
+      '/transactions/uncategorized/:id',
+      this.asyncMiddleware(this.getUncategorizedCashflowTransaction),
+      this.catchServiceErrors
+    );
+    router.get(
+      '/transactions/:id/uncategorized',
+      this.getUncategorizedTransactionsValidationSchema,
+      this.validationResult,
+      this.asyncMiddleware(this.getUncategorizedCashflowTransactions),
+      this.catchServiceErrors
+    );
     router.post(
       '/transactions',
       CheckPolicies(CashflowAction.Create, AbilitySubject.Cashflow),
@@ -26,21 +43,94 @@ export default class NewCashflowTransactionController extends BaseController {
       this.asyncMiddleware(this.newCashflowTransaction),
       this.catchServiceErrors
     );
+    router.post(
+      '/transactions/uncategorize/bulk',
+      [
+        body('ids').isArray({ min: 1 }),
+        body('ids.*').exists().isNumeric().toInt(),
+      ],
+      this.validationResult,
+      this.uncategorizeBulkTransactions.bind(this),
+      this.catchServiceErrors
+    );
+    router.post(
+      '/transactions/:id/uncategorize',
+      this.revertCategorizedCashflowTransaction,
+      this.catchServiceErrors
+    );
+    router.post(
+      '/transactions/categorize',
+      this.categorizeCashflowTransactionValidationSchema,
+      this.validationResult,
+      this.categorizeCashflowTransaction,
+      this.catchServiceErrors
+    );
+    router.post(
+      '/transaction/:id/categorize/expense',
+      this.categorizeAsExpenseValidationSchema,
+      this.validationResult,
+      this.categorizesCashflowTransactionAsExpense,
+      this.catchServiceErrors
+    );
     return router;
   }
 
+  /**
+   * Getting uncategorized transactions validation schema.
+   * @returns {ValidationChain}
+   */
+  public get getUncategorizedTransactionsValidationSchema() {
+    return [
+      param('id').exists().isNumeric().toInt(),
+      query('page').optional().isNumeric().toInt(),
+      query('page_size').optional().isNumeric().toInt(),
+      query('min_date').optional({ nullable: true }).isISO8601().toDate(),
+      query('max_date').optional({ nullable: true }).isISO8601().toDate(),
+      query('min_amount').optional({ nullable: true }).isFloat().toFloat(),
+      query('max_amount').optional({ nullable: true }).isFloat().toFloat(),
+    ];
+  }
+
+  /**
+   * Categorize as expense validation schema.
+   */
+  public get categorizeAsExpenseValidationSchema() {
+    return [
+      check('expense_account_id').exists(),
+      check('date').isISO8601().exists(),
+      check('reference_no').optional(),
+      check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
+    ];
+  }
+
+  /**
+   * Categorize cashflow tranasction validation schema.
+   */
+  public get categorizeCashflowTransactionValidationSchema() {
+    return [
+      check('uncategorized_transaction_ids').exists().isArray({ min: 1 }),
+      check('date').exists().isISO8601().toDate(),
+      check('credit_account_id').exists().isInt().toInt(),
+      check('transaction_number').optional(),
+      check('transaction_type').exists(),
+      check('reference_no').optional(),
+      check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
+      check('description').optional(),
+      check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
+    ];
+  }
+
   /**
    * New cashflow transaction validation schema.
    */
-  get newTransactionValidationSchema() {
+  public get newTransactionValidationSchema() {
     return [
       check('date').exists().isISO8601().toDate(),
-      check('reference_no').optional({ nullable: true }).trim().escape(),
+      check('reference_no').optional({ nullable: true }).trim(),
       check('description')
         .optional({ nullable: true })
         .isLength({ min: 3 })
-        .trim()
-        .escape(),
+        .trim(),
       check('transaction_type').exists(),
 
       check('amount').exists().isFloat().toFloat(),
@@ -48,9 +138,7 @@ export default class NewCashflowTransactionController extends BaseController {
       check('credit_account_id').exists().isInt().toInt(),
 
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
-
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
-
       check('publish').default(false).isBoolean().toBoolean(),
     ];
   }
@@ -70,13 +158,12 @@ export default class NewCashflowTransactionController extends BaseController {
     const ownerContributionDTO = this.matchedBodyData(req);
 
     try {
-      const { cashflowTransaction } =
-        await this.newCashflowTranscationService.newCashflowTransaction(
+      const cashflowTransaction =
+        await this.cashflowApplication.createTransaction(
           tenantId,
           ownerContributionDTO,
           userId
         );
-
       return res.status(200).send({
         id: cashflowTransaction.id,
         message: 'New cashflow transaction has been created successfully.',
@@ -86,11 +173,180 @@ export default class NewCashflowTransactionController extends BaseController {
     }
   };
 
+  /**
+   * Revert the categorized cashflow transaction.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private revertCategorizedCashflowTransaction = async (
+    req: Request<{ id: number }>,
+    res: Response,
+    next: NextFunction
+  ) => {
+    const { tenantId } = req;
+    const { id: cashflowTransactionId } = req.params;
+
+    try {
+      const data = await this.cashflowApplication.uncategorizeTransaction(
+        tenantId,
+        cashflowTransactionId
+      );
+      return res.status(200).send({ data });
+    } catch (error) {
+      next(error);
+    }
+  };
+
+  /**
+   * Uncategorize the given transactions in bulk.
+   * @param {Request<{}>} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response | null>}
+   */
+  private uncategorizeBulkTransactions = async (
+    req: Request<{}>,
+    res: Response,
+    next: NextFunction
+  ) => {
+    const { tenantId } = req;
+    const { ids: uncategorizedTransactionIds } = this.matchedBodyData(req);
+
+    try {
+      await this.cashflowApplication.uncategorizeTransactions(
+        tenantId,
+        uncategorizedTransactionIds
+      );
+      return res.status(200).send({
+        message: 'The given transactions have been uncategorized successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  };
+
+  /**
+   * Categorize the cashflow transaction.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private categorizeCashflowTransaction = async (
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) => {
+    const { tenantId } = req;
+    const matchedObject = this.matchedBodyData(req);
+    const categorizeDTO = omit(matchedObject, [
+      'uncategorizedTransactionIds',
+    ]) as ICategorizeCashflowTransactioDTO;
+
+    const uncategorizedTransactionIds =
+      matchedObject.uncategorizedTransactionIds;
+
+    try {
+      await this.cashflowApplication.categorizeTransaction(
+        tenantId,
+        uncategorizedTransactionIds,
+        categorizeDTO
+      );
+      return res.status(200).send({
+        message: 'The cashflow transaction has been created successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  };
+
+  /**
+   * Categorize the transaction as expense transaction.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private categorizesCashflowTransactionAsExpense = async (
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) => {
+    const { tenantId } = req;
+    const { id: cashflowTransactionId } = req.params;
+    const cashflowTransaction = this.matchedBodyData(req);
+
+    try {
+      await this.cashflowApplication.categorizeAsExpense(
+        tenantId,
+        cashflowTransactionId,
+        cashflowTransaction
+      );
+      return res.status(200).send({
+        message: 'The cashflow transaction has been created successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  };
+
+  /**
+   * Retrieves the uncategorized cashflow transactions.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  public getUncategorizedCashflowTransaction = async (
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) => {
+    const { tenantId } = req;
+    const { id: transactionId } = req.params;
+
+    try {
+      const data = await this.cashflowApplication.getUncategorizedTransaction(
+        tenantId,
+        transactionId
+      );
+      return res.status(200).send({ data });
+    } catch (error) {
+      next(error);
+    }
+  };
+
+  /**
+   * Retrieves the uncategorized cashflow transactions.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  public getUncategorizedCashflowTransactions = async (
+    req: Request<{ id: number }>,
+    res: Response,
+    next: NextFunction
+  ) => {
+    const { tenantId } = req;
+    const { id: accountId } = req.params;
+    const query = this.matchedQueryData(req);
+
+    try {
+      const data = await this.cashflowApplication.getUncategorizedTransactions(
+        tenantId,
+        accountId,
+        query
+      );
+
+      return res.status(200).send(data);
+    } catch (error) {
+      next(error);
+    }
+  };
+
   /**
    * Handle the service errors.
    * @param error
-   * @param req
-   * @param res
+   * @param {Request} req
+   * @param {res
    * @param next
    * @returns
    */
@@ -140,6 +396,16 @@ export default class NewCashflowTransactionController extends BaseController {
           ],
         });
       }
+      if (error.errorType === 'UNCATEGORIZED_TRANSACTION_TYPE_INVALID') {
+        return res.boom.badRequest(null, {
+          errors: [
+            {
+              type: 'UNCATEGORIZED_TRANSACTION_TYPE_INVALID',
+              code: 4100,
+            },
+          ],
+        });
+      }
     }
     next(error);
   }

packages/server/src/api/controllers/Contacts/Contacts.ts

@@ -26,27 +26,27 @@ export default class ContactsController extends BaseController {
       [...this.autocompleteQuerySchema],
       this.validationResult,
       this.asyncMiddleware(this.autocompleteContacts.bind(this)),
-      this.dynamicListService.handlerErrorsToResponse
+      this.dynamicListService.handlerErrorsToResponse,
     );
     router.get(
       '/:id',
       [param('id').exists().isNumeric().toInt()],
       this.validationResult,
-      this.asyncMiddleware(this.getContact.bind(this))
+      this.asyncMiddleware(this.getContact.bind(this)),
     );
     router.post(
       '/:id/inactivate',
       [param('id').exists().isNumeric().toInt()],
       this.validationResult,
       this.asyncMiddleware(this.inactivateContact.bind(this)),
-      this.handlerServiceErrors
+      this.handlerServiceErrors,
     );
     router.post(
       '/:id/activate',
       [param('id').exists().isNumeric().toInt()],
       this.validationResult,
       this.asyncMiddleware(this.activateContact.bind(this)),
-      this.handlerServiceErrors
+      this.handlerServiceErrors,
     );
     return router;
   }
@@ -56,7 +56,7 @@ export default class ContactsController extends BaseController {
    */
   get autocompleteQuerySchema() {
     return [
-      query('column_sort_by').optional().trim().escape(),
+      query('column_sort_by').optional().trim(),
       query('sort_order').optional().isIn(['desc', 'asc']),
 
       query('stringified_filter_roles').optional().isJSON(),
@@ -77,7 +77,7 @@ export default class ContactsController extends BaseController {
     try {
       const contact = await this.contactsService.getContact(
         tenantId,
-        contactId
+        contactId,
       );
       return res.status(200).send({
         customer: this.transfromToResponse(contact),
@@ -105,7 +105,7 @@ export default class ContactsController extends BaseController {
     try {
       const contacts = await this.contactsService.autocompleteContacts(
         tenantId,
-        filter
+        filter,
       );
       return res.status(200).send({ contacts });
     } catch (error) {
@@ -122,38 +122,32 @@ export default class ContactsController extends BaseController {
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('first_name')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('last_name')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('company_name')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
 
       check('display_name')
         .exists()
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
 
       check('email')
         .optional({ nullable: true })
         .isString()
-        .normalizeEmail()
         .isEmail()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('website')
@@ -166,120 +160,101 @@ export default class ContactsController extends BaseController {
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('personal_phone')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
 
       check('billing_address_1')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_2')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_city')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_country')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_email')
         .optional({ nullable: true })
         .isString()
         .isEmail()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_postcode')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_phone')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_state')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
 
       check('shipping_address_1')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_2')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_city')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_country')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_email')
         .optional({ nullable: true })
         .isString()
         .isEmail()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_postcode')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_phone')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_state')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
 
       check('note')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.TEXT }),
       check('active').optional().isBoolean().toBoolean(),
     ];
@@ -380,7 +355,7 @@ export default class ContactsController extends BaseController {
     error: Error,
     req: Request,
     res: Response,
-    next: NextFunction
+    next: NextFunction,
   ) {
     if (error instanceof ServiceError) {
       if (error.errorType === 'contact_not_found') {

packages/server/src/api/controllers/Contacts/Customers.ts

@@ -106,11 +106,7 @@ export default class CustomersController extends ContactsController {
    */
   get customerDTOSchema() {
     return [
-      check('customer_type')
-        .exists()
-        .isIn(['business', 'individual'])
-        .trim()
-        .escape(),
+      check('customer_type').exists().isIn(['business', 'individual']).trim(),
     ];
   }
 
@@ -123,7 +119,6 @@ export default class CustomersController extends ContactsController {
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: 3 }),
     ];
   }
@@ -133,7 +128,7 @@ export default class CustomersController extends ContactsController {
    */
   get validateListQuerySchema() {
     return [
-      query('column_sort_by').optional().trim().escape(),
+      query('column_sort_by').optional().trim(),
       query('sort_order').optional().isIn(['desc', 'asc']),
 
       query('page').optional().isNumeric().toInt(),
@@ -160,10 +155,8 @@ export default class CustomersController extends ContactsController {
     try {
       const contact = await this.customersApplication.createCustomer(
         tenantId,
-        contactDTO,
-        user
+        contactDTO
       );
-
       return res.status(200).send({
         id: contact.id,
         message: 'The customer has been created successfully.',

packages/server/src/api/controllers/Contacts/Vendors.ts

@@ -106,7 +106,6 @@ export default class VendorsController extends ContactsController {
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ min: 3, max: 3 }),
     ];
   }
@@ -144,10 +143,8 @@ export default class VendorsController extends ContactsController {
     try {
       const vendor = await this.vendorsApplication.createVendor(
         tenantId,
-        contactDTO,
-        user
+        contactDTO
       );
-
       return res.status(200).send({
         id: vendor.id,
         message: 'The vendor has been created successfully.',

packages/server/src/api/controllers/Currencies.ts

@@ -67,7 +67,7 @@ export default class CurrenciesController extends BaseController {
   }
 
   get currencyParamSchema(): ValidationChain[] {
-    return [param('currency_code').exists().trim().escape()];
+    return [param('currency_code').exists().trim()];
   }
 
   get listSchema(): ValidationChain[] {
@@ -187,11 +187,13 @@ export default class CurrenciesController extends BaseController {
       }
       if (error.errorType === 'currency_code_exists') {
         return res.boom.badRequest(null, {
-          errors: [{
-            type: 'CURRENCY_CODE_EXISTS',
-            message: 'The given currency code is already exists.',
-            code: 200,
-           }],
+          errors: [
+            {
+              type: 'CURRENCY_CODE_EXISTS',
+              message: 'The given currency code is already exists.',
+              code: 200,
+            },
+          ],
         });
       }
       if (error.errorType === 'CANNOT_DELETE_BASE_CURRENCY') {

packages/server/src/api/controllers/Dashboard/index.ts

@@ -5,13 +5,13 @@ import DashboardService from '@/services/Dashboard/DashboardService';
 @Service()
 export default class DashboardMetaController {
   @Inject()
-  dashboardService: DashboardService;
+  private dashboardService: DashboardService;
 
   /**
-   *
+   * Constructor router.
    * @returns
    */
-  router() {
+  public router() {
     const router = Router();
 
     router.get('/boot', this.getDashboardBoot);
@@ -25,7 +25,7 @@ export default class DashboardMetaController {
    * @param {Response} res - 
    * @param {NextFunction} next -
    */
-  getDashboardBoot = async (
+  private getDashboardBoot = async (
     req: Request,
     res: Response,
     next: NextFunction

packages/server/src/api/controllers/ExchangeRates.ts

@@ -1,19 +1,16 @@
 import { Service, Inject } from 'typedi';
 import { Router, Request, Response, NextFunction } from 'express';
-import { check, param, query } from 'express-validator';
+import { query, oneOf } from 'express-validator';
 import asyncMiddleware from '@/api/middleware/asyncMiddleware';
 import BaseController from './BaseController';
 import { ServiceError } from '@/exceptions';
-import ExchangeRatesService from '@/services/ExchangeRates/ExchangeRatesService';
-import DynamicListingService from '@/services/DynamicListing/DynamicListService';
+import { EchangeRateErrors } from '@/lib/ExchangeRate/types';
+import { ExchangeRateApplication } from '@/services/ExchangeRates/ExchangeRateApplication';
 
 @Service()
 export default class ExchangeRatesController extends BaseController {
   @Inject()
-  exchangeRatesService: ExchangeRatesService;
-
-  @Inject()
-  dynamicListService: DynamicListingService;
+  private exchangeRatesApp: ExchangeRateApplication;
 
   /**
    * Constructor method.
@@ -22,164 +19,40 @@ export default class ExchangeRatesController extends BaseController {
     const router = Router();
 
     router.get(
-      '/',
-      [...this.exchangeRatesListSchema],
+      '/latest',
+      [
+        oneOf([
+          query('to_currency').exists().isString().isISO4217(),
+          query('from_currency').exists().isString().isISO4217(),
+        ]),
+      ],
       this.validationResult,
-      asyncMiddleware(this.exchangeRates.bind(this)),
-      this.dynamicListService.handlerErrorsToResponse,
-      this.handleServiceError,
-    );
-    router.post(
-      '/',
-      [...this.exchangeRateDTOSchema],
-      this.validationResult,
-      asyncMiddleware(this.addExchangeRate.bind(this)),
-      this.handleServiceError
-    );
-    router.post(
-      '/:id',
-      [...this.exchangeRateEditDTOSchema, ...this.exchangeRateIdSchema],
-      this.validationResult,
-      asyncMiddleware(this.editExchangeRate.bind(this)),
-      this.handleServiceError
-    );
-    router.delete(
-      '/:id',
-      [...this.exchangeRateIdSchema],
-      this.validationResult,
-      asyncMiddleware(this.deleteExchangeRate.bind(this)),
+      asyncMiddleware(this.latestExchangeRate.bind(this)),
       this.handleServiceError
     );
     return router;
   }
 
-  get exchangeRatesListSchema() {
-    return [
-      query('page').optional().isNumeric().toInt(),
-      query('page_size').optional().isNumeric().toInt(),
-
-      query('column_sort_by').optional(),
-      query('sort_order').optional().isIn(['desc', 'asc']),
-    ];
-  }
-
-  get exchangeRateDTOSchema() {
-    return [
-      check('exchange_rate').exists().isNumeric().toFloat(),
-      check('currency_code').exists().trim().escape(),
-      check('date').exists().isISO8601(),
-    ];
-  }
-
-  get exchangeRateEditDTOSchema() {
-    return [check('exchange_rate').exists().isNumeric().toFloat()];
-  }
-
-  get exchangeRateIdSchema() {
-    return [param('id').isNumeric().toInt()];
-  }
-
-  get exchangeRatesIdsSchema() {
-    return [
-      query('ids').isArray({ min: 2 }),
-      query('ids.*').isNumeric().toInt(),
-    ];
-  }
-
   /**
    * Retrieve exchange rates.
    * @param {Request} req
    * @param {Response} res
    * @param {NextFunction} next
    */
-  async exchangeRates(req: Request, res: Response, next: NextFunction) {
+  private async latestExchangeRate(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
     const { tenantId } = req;
-    const filter = {
-      page: 1,
-      pageSize: 12,
-      filterRoles: [],
-      columnSortBy: 'created_at',
-      sortOrder: 'asc',
-      ...this.matchedQueryData(req),
-    };
-    if (filter.stringifiedFilterRoles) {
-      filter.filterRoles = JSON.parse(filter.stringifiedFilterRoles);
-    }
-    try {
-      const exchangeRates = await this.exchangeRatesService.listExchangeRates(
-        tenantId,
-        filter
-      );
-      return res.status(200).send({ exchange_rates: exchangeRates });
-    } catch (error) {
-      next(error);
-    }
-  }
-
-  /**
-   * Adds a new exchange rate on the given date.
-   * @param {Request} req
-   * @param {Response} res
-   * @param {NextFunction} next
-   */
-  async addExchangeRate(req: Request, res: Response, next: NextFunction) {
-    const { tenantId } = req;
-    const exchangeRateDTO = this.matchedBodyData(req);
+    const exchangeRateQuery = this.matchedQueryData(req);
 
     try {
-      const exchangeRate = await this.exchangeRatesService.newExchangeRate(
+      const exchangeRate = await this.exchangeRatesApp.latest(
         tenantId,
-        exchangeRateDTO
+        exchangeRateQuery
       );
-      return res.status(200).send({ id: exchangeRate.id });
-    } catch (error) {
-      next(error);
-    }
-  }
-
-  /**
-   * Edit the given exchange rate.
-   * @param {Request} req
-   * @param {Response} res
-   * @param {NextFunction} next
-   */
-  async editExchangeRate(req: Request, res: Response, next: NextFunction) {
-    const { tenantId } = req;
-    const { id: exchangeRateId } = req.params;
-    const exchangeRateDTO = this.matchedBodyData(req);
-
-    try {
-      const exchangeRate = await this.exchangeRatesService.editExchangeRate(
-        tenantId,
-        exchangeRateId,
-        exchangeRateDTO
-      );
-
-      return res.status(200).send({
-        id: exchangeRateId,
-        message: 'The exchange rate has been edited successfully.',
-      });
-    } catch (error) {
-      next(error);
-    }
-  }
-
-  /**
-   * Delete the given exchange rate from the storage.
-   * @param {Request} req
-   * @param {Response} res
-   * @param {NextFunction} next
-   */
-  async deleteExchangeRate(req: Request, res: Response, next: NextFunction) {
-    const { tenantId } = req;
-    const { id: exchangeRateId } = req.params;
-
-    try {
-      await this.exchangeRatesService.deleteExchangeRate(
-        tenantId,
-        exchangeRateId
-      );
-      return res.status(200).send({ id: exchangeRateId });
+      return res.status(200).send(exchangeRate);
     } catch (error) {
       next(error);
     }
@@ -192,26 +65,56 @@ export default class ExchangeRatesController extends BaseController {
    * @param {Response} res
    * @param {NextFunction} next
    */
-  handleServiceError(
+  private handleServiceError(
     error: Error,
     req: Request,
     res: Response,
     next: NextFunction
   ) {
     if (error instanceof ServiceError) {
-      if (error.errorType === 'EXCHANGE_RATE_NOT_FOUND') {
-        return res.status(404).send({
-          errors: [{ type: 'EXCHANGE.RATE.NOT.FOUND', code: 200 }],
-        });
-      }
-      if (error.errorType === 'NOT_FOUND_EXCHANGE_RATES') {
+      if (EchangeRateErrors.EX_RATE_INVALID_BASE_CURRENCY === error.errorType) {
         return res.status(400).send({
-          errors: [{ type: 'EXCHANGE.RATES.IS.NOT.FOUND', code: 100 }],
+          errors: [
+            {
+              type: EchangeRateErrors.EX_RATE_INVALID_BASE_CURRENCY,
+              code: 100,
+              message: 'The given base currency is invalid.',
+            },
+          ],
         });
-      }
-      if (error.errorType === 'EXCHANGE_RATE_PERIOD_EXISTS') {
+      } else if (
+        EchangeRateErrors.EX_RATE_SERVICE_NOT_ALLOWED === error.errorType
+      ) {
         return res.status(400).send({
-          errors: [{ type: 'EXCHANGE.RATE.PERIOD.EXISTS', code: 300 }],
+          errors: [
+            {
+              type: EchangeRateErrors.EX_RATE_SERVICE_NOT_ALLOWED,
+              code: 200,
+              message: 'The service is not allowed',
+            },
+          ],
+        });
+      } else if (
+        EchangeRateErrors.EX_RATE_SERVICE_API_KEY_REQUIRED === error.errorType
+      ) {
+        return res.status(400).send({
+          errors: [
+            {
+              type: EchangeRateErrors.EX_RATE_SERVICE_API_KEY_REQUIRED,
+              code: 300,
+              message: 'The API key is required',
+            },
+          ],
+        });
+      } else if (EchangeRateErrors.EX_RATE_LIMIT_EXCEEDED === error.errorType) {
+        return res.status(400).send({
+          errors: [
+            {
+              type: EchangeRateErrors.EX_RATE_LIMIT_EXCEEDED,
+              code: 400,
+              message: 'The API rate limit has been exceeded',
+            },
+          ],
         });
       }
     }

packages/server/src/api/controllers/Expenses/Expenses.ts

@@ -84,12 +84,11 @@ export class ExpensesController extends BaseController {
   /**
    * Expense DTO schema.
    */
-  get expenseDTOSchema() {
+  private get expenseDTOSchema() {
     return [
       check('reference_no')
         .optional({ nullable: true })
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('payment_date').exists().isISO8601().toDate(),
       check('payment_account_id')
@@ -123,13 +122,15 @@ export class ExpensesController extends BaseController {
       check('categories.*.description')
         .optional()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('categories.*.landed_cost').optional().isBoolean().toBoolean(),
       check('categories.*.project_id')
         .optional({ nullable: true })
         .isInt({ max: DATATYPES_LENGTH.INT_10 })
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -141,7 +142,6 @@ export class ExpensesController extends BaseController {
       check('reference_no')
         .optional({ nullable: true })
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('payment_date').exists().isISO8601().toDate(),
       check('payment_account_id')
@@ -176,13 +176,15 @@ export class ExpensesController extends BaseController {
       check('categories.*.description')
         .optional()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('categories.*.landed_cost').optional().isBoolean().toBoolean(),
       check('categories.*.project_id')
         .optional({ nullable: true })
         .isInt({ max: DATATYPES_LENGTH.INT_10 })
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -269,7 +271,7 @@ export class ExpensesController extends BaseController {
    * @param {Response} res
    * @param {NextFunction} next
    */
-  async deleteExpense(req: Request, res: Response, next: NextFunction) {
+  private async deleteExpense(req: Request, res: Response, next: NextFunction) {
     const { tenantId, user } = req;
     const { id: expenseId } = req.params;
 
@@ -291,7 +293,11 @@ export class ExpensesController extends BaseController {
    * @param {Response} res
    * @param {NextFunction} next
    */
-  async publishExpense(req: Request, res: Response, next: NextFunction) {
+  private async publishExpense(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
     const { tenantId, user } = req;
     const { id: expenseId } = req.params;
 
@@ -313,7 +319,11 @@ export class ExpensesController extends BaseController {
    * @param {Response} res
    * @param {NextFunction} next
    */
-  async getExpensesList(req: Request, res: Response, next: NextFunction) {
+  private async getExpensesList(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
     const { tenantId } = req;
     const filter = {
       sortOrder: 'desc',
@@ -343,7 +353,7 @@ export class ExpensesController extends BaseController {
    * @param {Response} res
    * @param {NextFunction} next
    */
-  async getExpense(req: Request, res: Response, next: NextFunction) {
+  private async getExpense(req: Request, res: Response, next: NextFunction) {
     const { tenantId } = req;
     const { id: expenseId } = req.params;
 

packages/server/src/api/controllers/Export/ExportController.ts

@@ -0,0 +1,87 @@
+import { Inject, Service } from 'typedi';
+import { Router, Request, Response, NextFunction } from 'express';
+import { query } from 'express-validator';
+import BaseController from '@/api/controllers/BaseController';
+import { ServiceError } from '@/exceptions';
+import { ExportApplication } from '@/services/Export/ExportApplication';
+import { ACCEPT_TYPE } from '@/interfaces/Http';
+import { convertAcceptFormatToFormat } from './_utils';
+
+@Service()
+export class ExportController extends BaseController {
+  @Inject()
+  private exportResourceApp: ExportApplication;
+
+  /**
+   * Router constructor method.
+   */
+  public router() {
+    const router = Router();
+
+    router.get(
+      '/',
+      [
+        query('resource').exists(),
+        query('format').isIn(['csv', 'xlsx']).optional(),
+      ],
+      this.validationResult,
+      this.export.bind(this),
+    );
+    return router;
+  }
+
+  /**
+   * Imports xlsx/csv to the given resource type.
+   * @param {Request} req -
+   * @param {Response} res -
+   * @param {NextFunction} next -
+   */
+  private async export(req: Request, res: Response, next: NextFunction) {
+    const { tenantId } = req;
+    const query = this.matchedQueryData(req);
+
+    try {
+      const accept = this.accepts(req);
+
+      const acceptType = accept.types([
+        ACCEPT_TYPE.APPLICATION_XLSX,
+        ACCEPT_TYPE.APPLICATION_CSV,
+        ACCEPT_TYPE.APPLICATION_PDF,
+      ]);
+      const applicationFormat = convertAcceptFormatToFormat(acceptType);
+
+      const data = await this.exportResourceApp.export(
+        tenantId,
+        query.resource,
+        applicationFormat
+      );
+      // Retrieves the csv format.
+      if (ACCEPT_TYPE.APPLICATION_CSV === acceptType) {
+        res.setHeader('Content-Disposition', 'attachment; filename=output.csv');
+        res.setHeader('Content-Type', 'text/csv');
+
+        return res.send(data);
+        // Retrieves the xlsx format.
+      } else if (ACCEPT_TYPE.APPLICATION_XLSX === acceptType) {
+        res.setHeader(
+          'Content-Disposition',
+          'attachment; filename=output.xlsx'
+        );
+        res.setHeader(
+          'Content-Type',
+          'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'
+        );
+        return res.send(data);
+        //
+      } else if (ACCEPT_TYPE.APPLICATION_PDF === acceptType) {
+        res.set({
+          'Content-Type': 'application/pdf',
+          'Content-Length': data.length,
+        });
+        res.send(data);
+      }
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Export/_utils.ts

@@ -0,0 +1,13 @@
+import { ACCEPT_TYPE } from '@/interfaces/Http';
+import { ExportFormat } from '@/services/Export/common';
+
+export const convertAcceptFormatToFormat = (accept: string): ExportFormat => {
+  switch (accept) {
+    case ACCEPT_TYPE.APPLICATION_CSV:
+      return ExportFormat.Csv;
+    case ACCEPT_TYPE.APPLICATION_PDF:
+      return ExportFormat.Pdf;
+    case ACCEPT_TYPE.APPLICATION_XLSX:
+      return ExportFormat.Xlsx;
+  }
+};

packages/server/src/api/controllers/FinancialStatements/APAgingSummary.ts

@@ -71,6 +71,7 @@ export default class APAgingSummaryReportController extends BaseFinancialReportC
         ACCEPT_TYPE.APPLICATION_JSON_TABLE,
         ACCEPT_TYPE.APPLICATION_CSV,
         ACCEPT_TYPE.APPLICATION_XLSX,
+        ACCEPT_TYPE.APPLICATION_PDF
       ]);
       // Retrieves the json table format.
       if (ACCEPT_TYPE.APPLICATION_JSON_TABLE === acceptType) {
@@ -98,6 +99,15 @@ export default class APAgingSummaryReportController extends BaseFinancialReportC
           'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'
         );
         return res.send(buffer);
+        // Retrieves the pdf format.
+      } else if (ACCEPT_TYPE.APPLICATION_PDF === acceptType) {
+        const pdfContent = await this.APAgingSummaryApp.pdf(tenantId, filter);
+
+        res.set({
+          'Content-Type': 'application/pdf',
+          'Content-Length': pdfContent.length,
+        });
+        return res.send(pdfContent);
         // Retrieves the json format.
       } else {
         const sheet = await this.APAgingSummaryApp.sheet(tenantId, filter);

packages/server/src/api/controllers/FinancialStatements/ARAgingSummary.ts

@@ -11,7 +11,7 @@ import { ACCEPT_TYPE } from '@/interfaces/Http';
 @Service()
 export default class ARAgingSummaryReportController extends BaseFinancialReportController {
   @Inject()
-  ARAgingSummaryApp: ARAgingSummaryApplication;
+  private ARAgingSummaryApp: ARAgingSummaryApplication;
 
   /**
    * Router constructor.
@@ -69,6 +69,7 @@ export default class ARAgingSummaryReportController extends BaseFinancialReportC
         ACCEPT_TYPE.APPLICATION_JSON_TABLE,
         ACCEPT_TYPE.APPLICATION_CSV,
         ACCEPT_TYPE.APPLICATION_XLSX,
+        ACCEPT_TYPE.APPLICATION_PDF
       ]);
       // Retrieves the xlsx format.
       if (ACCEPT_TYPE.APPLICATION_XLSX === acceptType) {
@@ -96,6 +97,15 @@ export default class ARAgingSummaryReportController extends BaseFinancialReportC
         res.setHeader('Content-Type', 'text/csv');
 
         return res.send(buffer);
+        // Retrieves the pdf format.
+      } else if (ACCEPT_TYPE.APPLICATION_PDF === acceptType) {
+        const pdfContent = await this.ARAgingSummaryApp.pdf(tenantId, filter);
+
+        res.set({
+          'Content-Type': 'application/pdf',
+          'Content-Length': pdfContent.length,
+        });
+        return res.send(pdfContent);
         // Retrieves the json format.
       } else {
         const sheet = await this.ARAgingSummaryApp.sheet(tenantId, filter);

packages/server/src/api/controllers/FinancialStatements/BalanceSheet.ts

@@ -101,6 +101,7 @@ export default class BalanceSheetStatementController extends BaseFinancialReport
         ACCEPT_TYPE.APPLICATION_JSON_TABLE,
         ACCEPT_TYPE.APPLICATION_XLSX,
         ACCEPT_TYPE.APPLICATION_CSV,
+        ACCEPT_TYPE.APPLICATION_PDF,
       ]);
       // Retrieves the json table format.
       if (ACCEPT_TYPE.APPLICATION_JSON_TABLE == acceptType) {
@@ -128,6 +129,15 @@ export default class BalanceSheetStatementController extends BaseFinancialReport
           'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'
         );
         return res.send(buffer);
+        // Retrieves the pdf format.
+      } else if (ACCEPT_TYPE.APPLICATION_PDF === acceptType) {
+        const pdfContent = await this.balanceSheetApp.pdf(tenantId, filter);
+
+        res.set({
+          'Content-Type': 'application/pdf',
+          'Content-Length': pdfContent.length,
+        });
+        res.send(pdfContent);
       } else {
         const sheet = await this.balanceSheetApp.sheet(tenantId, filter);
 

packages/server/src/api/controllers/FinancialStatements/BaseFinancialReportController.ts

@@ -1,9 +1,7 @@
 import { query } from 'express-validator';
-import BaseController from "../BaseController";
+import BaseController from '../BaseController';
 
 export default class BaseFinancialReportController extends BaseController {
-
-
   get sheetNumberFormatValidationSchema() {
     return [
       query('number_format.precision')
@@ -19,8 +17,7 @@ export default class BaseFinancialReportController extends BaseController {
       query('number_format.negative_format')
         .optional()
         .isIn(['parentheses', 'mines'])
-        .trim()
-        .escape(),
+        .trim(),
     ];
   }
-}
+}

packages/server/src/api/controllers/FinancialStatements/CashFlow/CashFlow.ts

@@ -79,6 +79,7 @@ export default class CashFlowController extends BaseFinancialReportController {
         ACCEPT_TYPE.APPLICATION_JSON_TABLE,
         ACCEPT_TYPE.APPLICATION_CSV,
         ACCEPT_TYPE.APPLICATION_XLSX,
+        ACCEPT_TYPE.APPLICATION_PDF
       ]);
       // Retrieves the json table format.
       if (ACCEPT_TYPE.APPLICATION_JSON_TABLE === acceptType) {
@@ -106,6 +107,15 @@ export default class CashFlowController extends BaseFinancialReportController {
           'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'
         );
         return res.send(buffer);
+        // Retrieves the pdf format.
+      } else if (ACCEPT_TYPE.APPLICATION_PDF === acceptType) {
+        const pdfContent = await this.cashflowSheetApp.pdf(tenantId, filter);
+
+        res.set({
+          'Content-Type': 'application/pdf',
+          'Content-Length': pdfContent.length,
+        });
+        return res.send(pdfContent);
         // Retrieves the json format.
       } else {
         const cashflow = await this.cashflowSheetApp.sheet(tenantId, filter);

packages/server/src/api/controllers/FinancialStatements/CustomerBalanceSummary/index.ts

@@ -75,6 +75,7 @@ export default class CustomerBalanceSummaryReportController extends BaseFinancia
         ACCEPT_TYPE.APPLICATION_JSON_TABLE,
         ACCEPT_TYPE.APPLICATION_CSV,
         ACCEPT_TYPE.APPLICATION_XLSX,
+        ACCEPT_TYPE.APPLICATION_PDF,
       ]);
 
       // Retrieves the xlsx format.
@@ -109,6 +110,19 @@ export default class CustomerBalanceSummaryReportController extends BaseFinancia
           filter
         );
         return res.status(200).send(table);
+        // Retrieves the pdf format.
+      } else if (ACCEPT_TYPE.APPLICATION_PDF === acceptType) {
+        const buffer = await this.customerBalanceSummaryApp.pdf(
+          tenantId,
+          filter
+        );
+
+        res.set({
+          'Content-Type': 'application/pdf',
+          'Content-Length': buffer.length,
+        });
+        return res.send(buffer);
+        // Retrieves the json format.
       } else {
         const sheet = await this.customerBalanceSummaryApp.sheet(
           tenantId,

packages/server/src/api/controllers/FinancialStatements/GeneralLedger.ts

@@ -16,7 +16,7 @@ export default class GeneralLedgerReportController extends BaseFinancialReportCo
   /**
    * Router constructor.
    */
-  router() {
+  public router() {
     const router = Router();
 
     router.get(
@@ -32,7 +32,7 @@ export default class GeneralLedgerReportController extends BaseFinancialReportCo
   /**
    * Validation schema.
    */
-  get validationSchema(): ValidationChain[] {
+  private get validationSchema(): ValidationChain[] {
     return [
       query('from_date').optional().isISO8601(),
       query('to_date').optional().isISO8601(),
@@ -61,7 +61,7 @@ export default class GeneralLedgerReportController extends BaseFinancialReportCo
    * @param {Request} req -
    * @param {Response} res -
    */
-  async generalLedger(req: Request, res: Response, next: NextFunction) {
+  private async generalLedger(req: Request, res: Response, next: NextFunction) {
     const { tenantId } = req;
     const filter = this.matchedQueryData(req);
     const accept = this.accepts(req);
@@ -71,6 +71,7 @@ export default class GeneralLedgerReportController extends BaseFinancialReportCo
       ACCEPT_TYPE.APPLICATION_JSON_TABLE,
       ACCEPT_TYPE.APPLICATION_XLSX,
       ACCEPT_TYPE.APPLICATION_CSV,
+      ACCEPT_TYPE.APPLICATION_PDF,
     ]);
     // Retrieves the table format.
     if (ACCEPT_TYPE.APPLICATION_JSON_TABLE === acceptType) {
@@ -95,6 +96,17 @@ export default class GeneralLedgerReportController extends BaseFinancialReportCo
         'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'
       );
       return res.send(buffer);
+      // Retrieves the pdf format.
+    } else if (ACCEPT_TYPE.APPLICATION_PDF === acceptType) {
+      const pdfContent = await this.generalLedgerApplication.pdf(
+        tenantId,
+        filter
+      );
+      res.set({
+        'Content-Type': 'application/pdf',
+        'Content-Length': pdfContent.length,
+      });
+      return res.send(pdfContent);
       // Retrieves the json format.
     } else {
       const sheet = await this.generalLedgerApplication.sheet(tenantId, filter);

packages/server/src/api/controllers/FinancialStatements/InventoryDetails/index.ts

@@ -51,8 +51,7 @@ export default class InventoryDetailsController extends BaseController {
       query('number_format.negative_format')
         .optional()
         .isIn(['parentheses', 'mines'])
-        .trim()
-        .escape(),
+        .trim(),
       query('from_date').optional(),
       query('to_date').optional(),
 
@@ -96,6 +95,7 @@ export default class InventoryDetailsController extends BaseController {
         ACCEPT_TYPE.APPLICATION_JSON_TABLE,
         ACCEPT_TYPE.APPLICATION_CSV,
         ACCEPT_TYPE.APPLICATION_XLSX,
+        ACCEPT_TYPE.APPLICATION_PDF,
       ]);
       // Retrieves the csv format.
       if (acceptType === ACCEPT_TYPE.APPLICATION_CSV) {
@@ -127,6 +127,15 @@ export default class InventoryDetailsController extends BaseController {
           filter
         );
         return res.status(200).send(table);
+        // Retrieves the pdf format.
+      } else if (acceptType === ACCEPT_TYPE.APPLICATION_PDF) {
+        const buffer = await this.inventoryItemDetailsApp.pdf(tenantId, filter);
+
+        res.set({
+          'Content-Type': 'application/pdf',
+          'Content-Length': buffer.length,
+        });
+        return res.send(buffer);
       } else {
         const sheet = await this.inventoryItemDetailsApp.sheet(
           tenantId,

packages/server/src/api/controllers/FinancialStatements/InventoryValuationSheet.ts

@@ -79,6 +79,7 @@ export default class InventoryValuationReportController extends BaseFinancialRep
       ACCEPT_TYPE.APPLICATION_JSON_TABLE,
       ACCEPT_TYPE.APPLICATION_XLSX,
       ACCEPT_TYPE.APPLICATION_CSV,
+      ACCEPT_TYPE.APPLICATION_PDF,
     ]);
 
     // Retrieves the json table format.
@@ -104,6 +105,15 @@ export default class InventoryValuationReportController extends BaseFinancialRep
         'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'
       );
       return res.send(buffer);
+      // Retrieves the pdf format.
+    } else if (ACCEPT_TYPE.APPLICATION_PDF === acceptType) {
+      const pdfContent = await this.inventoryValuationApp.pdf(tenantId, filter);
+
+      res.set({
+        'Content-Type': 'application/pdf',
+        'Content-Length': pdfContent.length,
+      });
+      return res.status(200).send(pdfContent);
       // Retrieves the json format.
     } else {
       const { data, query, meta } = await this.inventoryValuationApp.sheet(

packages/server/src/api/controllers/FinancialStatements/JournalSheet.ts

@@ -36,7 +36,7 @@ export default class JournalSheetController extends BaseFinancialReportControlle
     return [
       query('from_date').optional().isISO8601(),
       query('to_date').optional().isISO8601(),
-      query('transaction_type').optional().trim().escape(),
+      query('transaction_type').optional().trim(),
       query('transaction_id').optional().isInt().toInt(),
       oneOf(
         [
@@ -72,6 +72,7 @@ export default class JournalSheetController extends BaseFinancialReportControlle
       ACCEPT_TYPE.APPLICATION_JSON_TABLE,
       ACCEPT_TYPE.APPLICATION_XLSX,
       ACCEPT_TYPE.APPLICATION_CSV,
+      ACCEPT_TYPE.APPLICATION_PDF,
     ]);
 
     // Retrieves the json table format.
@@ -81,7 +82,7 @@ export default class JournalSheetController extends BaseFinancialReportControlle
       // Retrieves the csv format.
     } else if (ACCEPT_TYPE.APPLICATION_CSV === acceptType) {
       const buffer = await this.journalSheetApp.csv(tenantId, filter);
-
+  
       res.setHeader('Content-Disposition', 'attachment; filename=output.csv');
       res.setHeader('Content-Type', 'text/csv');
 
@@ -97,6 +98,14 @@ export default class JournalSheetController extends BaseFinancialReportControlle
       );
       return res.send(buffer);
       // Retrieves the json format.
+    } else if (ACCEPT_TYPE.APPLICATION_PDF === acceptType) {
+      const pdfContent = await this.journalSheetApp.pdf(tenantId, filter);
+
+      res.set({
+        'Content-Type': 'application/pdf',
+        'Content-Length': pdfContent.length,
+      });
+      res.send(pdfContent);
     } else {
       const sheet = await this.journalSheetApp.sheet(tenantId, filter);
 

packages/server/src/api/controllers/FinancialStatements/ProfitLossSheet.ts

@@ -96,6 +96,7 @@ export default class ProfitLossSheetController extends BaseFinancialReportContro
       ACCEPT_TYPE.APPLICATION_JSON_TABLE,
       ACCEPT_TYPE.APPLICATION_CSV,
       ACCEPT_TYPE.APPLICATION_XLSX,
+      ACCEPT_TYPE.APPLICATION_PDF,
     ]);
     try {
       // Retrieves the csv format.
@@ -125,6 +126,14 @@ export default class ProfitLossSheetController extends BaseFinancialReportContro
         );
         return res.send(sheet);
         // Retrieves the json format.
+      } else if (acceptType === ACCEPT_TYPE.APPLICATION_PDF) {
+        const pdfContent = await this.profitLossSheetApp.pdf(tenantId, filter);
+
+        res.set({
+          'Content-Type': 'application/pdf',
+          'Content-Length': pdfContent.length,
+        });
+        return res.send(pdfContent);
       } else {
         const sheet = await this.profitLossSheetApp.sheet(tenantId, filter);
 

packages/server/src/api/controllers/FinancialStatements/PurchasesByItem.ts

@@ -1,17 +1,18 @@
 import { Router, Request, Response, NextFunction } from 'express';
 import { query, ValidationChain } from 'express-validator';
-import moment from 'moment';
 import { Inject, Service } from 'typedi';
 import asyncMiddleware from '@/api/middleware/asyncMiddleware';
 import BaseFinancialReportController from './BaseFinancialReportController';
-import PurchasesByItemsService from '@/services/FinancialStatements/PurchasesByItems/PurchasesByItemsService';
+import { PurchasesByItemsService } from '@/services/FinancialStatements/PurchasesByItems/PurchasesByItemsService';
 import { AbilitySubject, ReportsAction } from '@/interfaces';
 import CheckPolicies from '@/api/middleware/CheckPolicies';
+import { ACCEPT_TYPE } from '@/interfaces/Http';
+import { PurcahsesByItemsApplication } from '@/services/FinancialStatements/PurchasesByItems/PurchasesByItemsApplication';
 
 @Service()
 export default class PurchasesByItemReportController extends BaseFinancialReportController {
   @Inject()
-  purchasesByItemsService: PurchasesByItemsService;
+  private purchasesByItemsApp: PurcahsesByItemsApplication;
 
   /**
    * Router constructor.
@@ -63,20 +64,56 @@ export default class PurchasesByItemReportController extends BaseFinancialReport
    * @param {Request} req -
    * @param {Response} res -
    */
-  async purchasesByItems(req: Request, res: Response, next: NextFunction) {
+  public async purchasesByItems(req: Request, res: Response) {
     const { tenantId } = req;
     const filter = this.matchedQueryData(req);
 
-    try {
-      const { data, query, meta } =
-        await this.purchasesByItemsService.purchasesByItems(tenantId, filter);
-      return res.status(200).send({
-        meta: this.transfromToResponse(meta),
-        data: this.transfromToResponse(data),
-        query: this.transfromToResponse(query),
+    const accept = this.accepts(req);
+
+    const acceptType = accept.types([
+      ACCEPT_TYPE.APPLICATION_JSON,
+      ACCEPT_TYPE.APPLICATION_JSON_TABLE,
+      ACCEPT_TYPE.APPLICATION_XLSX,
+      ACCEPT_TYPE.APPLICATION_CSV,
+      ACCEPT_TYPE.APPLICATION_PDF,
+    ]);
+    // JSON table response format.
+    if (ACCEPT_TYPE.APPLICATION_JSON_TABLE === acceptType) {
+      const table = await this.purchasesByItemsApp.table(tenantId, filter);
+
+      return res.status(200).send(table);
+      // CSV response format.
+    } else if (ACCEPT_TYPE.APPLICATION_CSV === acceptType) {
+      const buffer = await this.purchasesByItemsApp.csv(tenantId, filter);
+
+      res.setHeader('Content-Disposition', 'attachment; filename=output.csv');
+      res.setHeader('Content-Type', 'text/csv');
+
+      return res.send(buffer);
+      // Xlsx response format.
+    } else if (ACCEPT_TYPE.APPLICATION_XLSX === acceptType) {
+      const buffer = await this.purchasesByItemsApp.xlsx(tenantId, filter);
+
+      res.setHeader('Content-Disposition', 'attachment; filename=output.xlsx');
+      res.setHeader(
+        'Content-Type',
+        'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'
+      );
+      return res.send(buffer);
+      // PDF response format.
+    } else if (ACCEPT_TYPE.APPLICATION_PDF === acceptType) {
+      const pdfContent = await this.purchasesByItemsApp.pdf(tenantId, filter);
+
+      res.set({
+        'Content-Type': 'application/pdf',
+        'Content-Length': pdfContent.length,
       });
-    } catch (error) {
-      next(error);
+      return res.send(pdfContent);
+      // Json response format.
+    } else {
+      const sheet = await this.purchasesByItemsApp.sheet(tenantId, filter);
+
+      return res.status(200).send(sheet);
     }
   }
 }

packages/server/src/api/controllers/FinancialStatements/SalesByItems.ts

@@ -11,7 +11,7 @@ import { SalesByItemsApplication } from '@/services/FinancialStatements/SalesByI
 @Service()
 export default class SalesByItemsReportController extends BaseFinancialReportController {
   @Inject()
-  salesByItemsApp: SalesByItemsApplication;
+  private salesByItemsApp: SalesByItemsApplication;
 
   /**
    * Router constructor.
@@ -71,6 +71,7 @@ export default class SalesByItemsReportController extends BaseFinancialReportCon
       ACCEPT_TYPE.APPLICATION_JSON_TABLE,
       ACCEPT_TYPE.APPLICATION_CSV,
       ACCEPT_TYPE.APPLICATION_XLSX,
+      ACCEPT_TYPE.APPLICATION_PDF,
     ]);
     // Retrieves the csv format.
     if (ACCEPT_TYPE.APPLICATION_CSV === acceptType) {
@@ -96,6 +97,14 @@ export default class SalesByItemsReportController extends BaseFinancialReportCon
       );
       return res.send(buffer);
       // Retrieves the json format.
+    } else if (ACCEPT_TYPE.APPLICATION_PDF === acceptType) {
+      const pdfContent = await this.salesByItemsApp.pdf(tenantId, filter);
+
+      res.set({
+        'Content-Type': 'application/pdf',
+        'Content-Length': pdfContent.length,
+      });
+      return res.send(pdfContent);
     } else {
       const sheet = await this.salesByItemsApp.sheet(tenantId, filter);
       return res.status(200).send(sheet);

packages/server/src/api/controllers/FinancialStatements/SalesTaxLiabilitySummary/index.ts

@@ -62,6 +62,7 @@ export default class SalesTaxLiabilitySummary extends BaseFinancialReportControl
         ACCEPT_TYPE.APPLICATION_JSON_TABLE,
         ACCEPT_TYPE.APPLICATION_CSV,
         ACCEPT_TYPE.APPLICATION_XLSX,
+        ACCEPT_TYPE.APPLICATION_PDF,
       ]);
 
       // Retrieves the json table format.
@@ -97,6 +98,16 @@ export default class SalesTaxLiabilitySummary extends BaseFinancialReportControl
 
         return res.send(buffer);
         // Retrieves the json format.
+      } else if (acceptType === ACCEPT_TYPE.APPLICATION_PDF) {
+        const pdfContent = await this.salesTaxLiabilitySummaryApp.pdf(
+          tenantId,
+          filter
+        );
+        res.set({
+          'Content-Type': 'application/pdf',
+          'Content-Length': pdfContent.length,
+        });
+        return res.status(200).send(pdfContent);
       } else {
         const sheet = await this.salesTaxLiabilitySummaryApp.sheet(
           tenantId,

packages/server/src/api/controllers/FinancialStatements/TransactionsByCustomers/index.ts

@@ -70,6 +70,7 @@ export default class TransactionsByCustomersReportController extends BaseFinanci
       ACCEPT_TYPE.APPLICATION_JSON_TABLE,
       ACCEPT_TYPE.APPLICATION_CSV,
       ACCEPT_TYPE.APPLICATION_XLSX,
+      ACCEPT_TYPE.APPLICATION_PDF,
     ]);
     try {
       // Retrieves the json table format.
@@ -103,6 +104,16 @@ export default class TransactionsByCustomersReportController extends BaseFinanci
         );
         return res.send(buffer);
         // Retrieve the json format.
+      } else if (ACCEPT_TYPE.APPLICATION_PDF === acceptType) {
+        const pdfContent = await this.transactionsByCustomersApp.pdf(
+          tenantId,
+          filter
+        );
+        res.set({
+          'Content-Type': 'application/pdf',
+          'Content-Length': pdfContent.length,
+        });
+        return res.send(pdfContent);
       } else {
         const sheet = await this.transactionsByCustomersApp.sheet(
           tenantId,

packages/server/src/api/controllers/FinancialStatements/TransactionsByReference/index.ts

@@ -40,8 +40,7 @@ export default class TransactionsByReferenceController extends BaseController {
       query('number_format.negative_format')
         .optional()
         .isIn(['parentheses', 'mines'])
-        .trim()
-        .escape(),
+        .trim(),
     ];
   }
 

packages/server/src/api/controllers/FinancialStatements/TransactionsByVendors/index.ts

@@ -71,6 +71,7 @@ export default class TransactionsByVendorsReportController extends BaseFinancial
         ACCEPT_TYPE.APPLICATION_JSON_TABLE,
         ACCEPT_TYPE.APPLICATION_CSV,
         ACCEPT_TYPE.APPLICATION_XLSX,
+        ACCEPT_TYPE.APPLICATION_PDF,
       ]);
 
       // Retrieves the xlsx format.
@@ -101,6 +102,17 @@ export default class TransactionsByVendorsReportController extends BaseFinancial
           filter
         );
         return res.status(200).send(table);
+        // Retrieves the pdf format.
+      } else if (ACCEPT_TYPE.APPLICATION_PDF === acceptType) {
+        const pdfContent = await this.transactionsByVendorsApp.pdf(
+          tenantId,
+          filter
+        );
+        res.set({
+          'Content-Type': 'application/pdf',
+          'Content-Length': pdfContent.length,
+        });
+        return res.send(pdfContent);
         // Retrieves the json format.
       } else {
         const sheet = await this.transactionsByVendorsApp.sheet(

packages/server/src/api/controllers/FinancialStatements/TrialBalanceSheet.ts

@@ -3,7 +3,6 @@ import { Request, Response, Router, NextFunction } from 'express';
 import { query, ValidationChain } from 'express-validator';
 import { castArray } from 'lodash';
 import asyncMiddleware from '@/api/middleware/asyncMiddleware';
-import TrialBalanceSheetService from '@/services/FinancialStatements/TrialBalanceSheet/TrialBalanceSheetInjectable';
 import BaseFinancialReportController from './BaseFinancialReportController';
 import { AbilitySubject, ReportsAction } from '@/interfaces';
 import CheckPolicies from '@/api/middleware/CheckPolicies';
@@ -81,6 +80,7 @@ export default class TrialBalanceSheetController extends BaseFinancialReportCont
         ACCEPT_TYPE.APPLICATION_JSON_TABLE,
         ACCEPT_TYPE.APPLICATION_CSV,
         ACCEPT_TYPE.APPLICATION_XLSX,
+        ACCEPT_TYPE.APPLICATION_PDF,
       ]);
       // Retrieves in json table format.
       if (acceptType === ACCEPT_TYPE.APPLICATION_JSON_TABLE) {
@@ -109,6 +109,17 @@ export default class TrialBalanceSheetController extends BaseFinancialReportCont
         res.setHeader('Content-Type', 'text/csv');
 
         return res.send(buffer);
+        // Retrieves in pdf format.
+      } else if (acceptType === ACCEPT_TYPE.APPLICATION_PDF) {
+        const pdfContent = await this.trialBalanceSheetApp.pdf(
+          tenantId,
+          filter
+        );
+        res.set({
+          'Content-Type': 'application/pdf',
+          'Content-Length': pdfContent.length,
+        });
+        res.send(pdfContent);
         // Retrieves in json format.
       } else {
         const { data, query, meta } = await this.trialBalanceSheetApp.sheet(

packages/server/src/api/controllers/FinancialStatements/VendorBalanceSummary/index.ts

@@ -72,6 +72,7 @@ export default class VendorBalanceSummaryReportController extends BaseFinancialR
         ACCEPT_TYPE.APPLICATION_JSON_TABLE,
         ACCEPT_TYPE.APPLICATION_CSV,
         ACCEPT_TYPE.APPLICATION_XLSX,
+        ACCEPT_TYPE.APPLICATION_PDF,
       ]);
 
       // Retrieves the csv format.
@@ -100,6 +101,17 @@ export default class VendorBalanceSummaryReportController extends BaseFinancialR
           filter
         );
         return res.status(200).send(table);
+        // Retrieves the pdf format.
+      } else if (acceptType === ACCEPT_TYPE.APPLICATION_PDF) {
+        const pdfContent = await this.vendorBalanceSummaryApp.pdf(
+          tenantId,
+          filter
+        );
+        res.set({
+          'Content-Type': 'application/pdf',
+          'Content-Length': pdfContent.length,
+        });
+        return res.send(pdfContent);
         // Retrieves the json format.
       } else {
         const sheet = await this.vendorBalanceSummaryApp.sheet(

packages/server/src/api/controllers/Import/ImportController.ts

@@ -0,0 +1,246 @@
+import { Inject, Service } from 'typedi';
+import { Router, Request, Response, NextFunction } from 'express';
+import { body, param, query } from 'express-validator';
+import { defaultTo } from 'lodash';
+import BaseController from '@/api/controllers/BaseController';
+import { ServiceError } from '@/exceptions';
+import { ImportResourceApplication } from '@/services/Import/ImportResourceApplication';
+import { uploadImportFile } from './_utils';
+import { parseJsonSafe } from '@/utils/parse-json-safe';
+
+@Service()
+export class ImportController extends BaseController {
+  @Inject()
+  private importResourceApp: ImportResourceApplication;
+
+  /**
+   * Router constructor method.
+   */
+  public router() {
+    const router = Router();
+
+    router.post(
+      '/file',
+      uploadImportFile.single('file'),
+      this.importValidationSchema,
+      this.validationResult,
+      this.asyncMiddleware(this.fileUpload.bind(this)),
+      this.catchServiceErrors
+    );
+    router.post(
+      '/:import_id/import',
+      this.asyncMiddleware(this.import.bind(this)),
+      this.catchServiceErrors
+    );
+    router.post(
+      '/:import_id/mapping',
+      [
+        param('import_id').exists().isString(),
+        body('mapping').exists().isArray({ min: 1 }),
+        body('mapping.*.group').optional(),
+        body('mapping.*.from').exists(),
+        body('mapping.*.to').exists(),
+      ],
+      this.validationResult,
+      this.asyncMiddleware(this.mapping.bind(this)),
+      this.catchServiceErrors
+    );
+    router.get(
+      '/sample',
+      [query('resource').exists(), query('format').optional()],
+      this.validationResult,
+      this.downloadImportSample.bind(this),
+      this.catchServiceErrors
+    );
+    router.get(
+      '/:import_id',
+      this.asyncMiddleware(this.getImportFileMeta.bind(this)),
+      this.catchServiceErrors
+    );
+    router.get(
+      '/:import_id/preview',
+      this.asyncMiddleware(this.preview.bind(this)),
+      this.catchServiceErrors
+    );
+    return router;
+  }
+
+  /**
+   * Import validation schema.
+   * @returns {ValidationSchema[]}
+   */
+  private get importValidationSchema() {
+    return [body('resource').exists(), body('params').optional()];
+  }
+
+  /**
+   * Imports xlsx/csv to the given resource type.
+   * @param {Request} req -
+   * @param {Response} res -
+   * @param {NextFunction} next -
+   */
+  private async fileUpload(req: Request, res: Response, next: NextFunction) {
+    const { tenantId } = req;
+    const body = this.matchedBodyData(req);
+    const params = defaultTo(parseJsonSafe(body.params), {});
+
+    try {
+      const data = await this.importResourceApp.import(
+        tenantId,
+        body.resource,
+        req.file.filename,
+        params
+      );
+      return res.status(200).send(data);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Maps the columns of the imported file.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async mapping(req: Request, res: Response, next: NextFunction) {
+    const { tenantId } = req;
+    const { import_id: importId } = req.params;
+    const body = this.matchedBodyData(req);
+
+    try {
+      const mapping = await this.importResourceApp.mapping(
+        tenantId,
+        importId,
+        body?.mapping
+      );
+      return res.status(200).send(mapping);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Preview the imported file before actual importing.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async preview(req: Request, res: Response, next: NextFunction) {
+    const { tenantId } = req;
+    const { import_id: importId } = req.params;
+
+    try {
+      const preview = await this.importResourceApp.preview(tenantId, importId);
+
+      return res.status(200).send(preview);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Importing the imported file to the application storage.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async import(req: Request, res: Response, next: NextFunction) {
+    const { tenantId } = req;
+    const { import_id: importId } = req.params;
+
+    try {
+      const result = await this.importResourceApp.process(tenantId, importId);
+
+      return res.status(200).send(result);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the csv/xlsx sample sheet of the given resource name.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async downloadImportSample(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const { format, resource } = this.matchedQueryData(req);
+
+    try {
+      const result = this.importResourceApp.sample(tenantId, resource, format);
+
+      return res.status(200).send(result);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the import file meta.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async getImportFileMeta(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const { import_id: importId } = req.params;
+
+    try {
+      const result = await this.importResourceApp.importMeta(
+        tenantId,
+        importId
+      );
+      return res.status(200).send(result);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Transforms service errors to response.
+   * @param {Error}
+   * @param {Request} req
+   * @param {Response} res
+   * @param {ServiceError} error
+   */
+  private catchServiceErrors(
+    error,
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    if (error instanceof ServiceError) {
+      if (error.errorType === 'INVALID_MAP_ATTRS') {
+        return res.status(400).send({
+          errors: [{ type: 'INVALID_MAP_ATTRS' }],
+        });
+      }
+      if (error.errorType === 'DUPLICATED_FROM_MAP_ATTR') {
+        return res.status(400).send({
+          errors: [{ type: 'DUPLICATED_FROM_MAP_ATTR' }],
+        });
+      }
+      if (error.errorType === 'DUPLICATED_TO_MAP_ATTR') {
+        return res.status(400).send({
+          errors: [{ type: 'DUPLICATED_TO_MAP_ATTR' }],
+        });
+      }
+      if (error.errorType === 'IMPORTED_FILE_EXTENSION_INVALID') {
+        return res.status(400).send({
+          errors: [{ type: 'IMPORTED_FILE_EXTENSION_INVALID' }],
+        });
+      }
+    }
+    next(error);
+  }
+}

packages/server/src/api/controllers/Import/_utils.ts

@@ -0,0 +1,34 @@
+import Multer from 'multer';
+import { ServiceError } from '@/exceptions';
+import { getImportsStoragePath } from '@/services/Import/_utils';
+
+export function allowSheetExtensions(req, file, cb) {
+  if (
+    file.mimetype !== 'text/csv' &&
+    file.mimetype !== 'application/vnd.ms-excel' &&
+    file.mimetype !==
+      'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'
+  ) {
+    cb(new ServiceError('IMPORTED_FILE_EXTENSION_INVALID'));
+    return;
+  }
+  cb(null, true);
+}
+
+const storage = Multer.diskStorage({
+  destination: function (req, file, cb) {
+    const path = getImportsStoragePath();
+    cb(null, path);
+  },
+  filename: function (req, file, cb) {
+    // Add the creation timestamp to clean up temp files later.
+    const uniqueSuffix = Date.now() + '-' + Math.round(Math.random() * 1e9);
+    cb(null, uniqueSuffix);
+  },
+});
+
+export const uploadImportFile = Multer({
+  storage,
+  limits: { fileSize: 5 * 1024 * 1024 },
+  fileFilter: allowSheetExtensions,
+});

packages/server/src/api/controllers/Inventory/InventoryAdjustments.ts

@@ -86,7 +86,7 @@ export default class InventoryAdjustmentsController extends BaseController {
    */
   get validateListQuerySchema() {
     return [
-      query('column_sort_by').optional().trim().escape(),
+      query('column_sort_by').optional().trim(),
       query('sort_order').optional().isIn(['desc', 'asc']),
 
       query('page').optional().isNumeric().toInt(),

packages/server/src/api/controllers/InviteUsers.ts

@@ -25,7 +25,7 @@ export default class InviteUsersController extends BaseController {
     router.post(
       '/send',
       [
-        body('email').exists().trim().escape(),
+        body('email').exists().trim(),
         body('role_id').exists().isNumeric().toInt(),
       ],
       this.validationResult,
@@ -57,7 +57,7 @@ export default class InviteUsersController extends BaseController {
     );
     router.get(
       '/invited/:token',
-      [param('token').exists().trim().escape()],
+      [param('token').exists().trim()],
       this.validationResult,
       asyncMiddleware(this.invited.bind(this)),
       this.handleServicesError
@@ -72,10 +72,10 @@ export default class InviteUsersController extends BaseController {
    */
   private get inviteUserDTO() {
     return [
-      check('first_name').exists().trim().escape(),
-      check('last_name').exists().trim().escape(),
-      check('password').exists().trim().escape().isLength({ min: 5 }),
-      param('token').exists().trim().escape(),
+      check('first_name').exists().trim(),
+      check('last_name').exists().trim(),
+      check('password').exists().trim().isLength({ min: 5 }),
+      param('token').exists().trim(),
     ];
   }
 

packages/server/src/api/controllers/ItemCategories.ts

@@ -73,13 +73,11 @@ export default class ItemsCategoriesController extends BaseController {
       check('name')
         .exists()
         .trim()
-        .escape()
         .isLength({ min: 0, max: DATATYPES_LENGTH.STRING }),
       check('description')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.TEXT }),
       check('sell_account_id')
         .optional({ nullable: true })
@@ -101,9 +99,8 @@ export default class ItemsCategoriesController extends BaseController {
    */
   get categoriesListValidationSchema() {
     return [
-      query('column_sort_by').optional().trim().escape(),
-      query('sort_order').optional().trim().escape().isIn(['desc', 'asc']),
-
+      query('column_sort_by').optional().trim(),
+      query('sort_order').optional().trim().isIn(['desc', 'asc']),
       query('stringified_filter_roles').optional().isJSON(),
     ];
   }
@@ -207,14 +204,12 @@ export default class ItemsCategoriesController extends BaseController {
     };
 
     try {
-      const {
-        itemCategories,
-        filterMeta,
-      } = await this.itemCategoriesService.getItemCategoriesList(
-        tenantId,
-        itemCategoriesFilter,
-        user
-      );
+      const { itemCategories, filterMeta } =
+        await this.itemCategoriesService.getItemCategoriesList(
+          tenantId,
+          itemCategoriesFilter,
+          user
+        );
       return res.status(200).send({
         item_categories: itemCategories,
         filter_meta: this.transfromToResponse(filterMeta),

packages/server/src/api/controllers/Items/Items.ts

@@ -96,13 +96,11 @@ export default class ItemsController extends BaseController {
         .exists()
         .isString()
         .trim()
-        .escape()
         .isIn(['service', 'non-inventory', 'inventory']),
       check('code')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       // Purchase attributes.
       check('purchasable').optional().isBoolean().toBoolean(),
@@ -141,13 +139,11 @@ export default class ItemsController extends BaseController {
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.TEXT }),
       check('purchase_description')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.TEXT }),
       check('sell_tax_rate_id').optional({ nullable: true }).isInt().toInt(),
       check('purchase_tax_rate_id')
@@ -162,7 +158,6 @@ export default class ItemsController extends BaseController {
         .optional()
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.TEXT }),
       check('active').optional().isBoolean().toBoolean(),
 
@@ -184,7 +179,7 @@ export default class ItemsController extends BaseController {
    */
   private get validateListQuerySchema() {
     return [
-      query('column_sort_by').optional().trim().escape(),
+      query('column_sort_by').optional().trim(),
       query('sort_order').optional().isIn(['desc', 'asc']),
 
       query('page').optional().isNumeric().toInt(),

packages/server/src/api/controllers/Items/index.ts

@@ -6,7 +6,7 @@ import ItemTransactionsController from './ItemsTransactions';
 
 @Service()
 export default class ItemsBaseController {
-  router() {
+  public router() {
     const router = Router();
 
     router.use('/', Container.get(ItemsController).router());

packages/server/src/api/controllers/ManualJournals.ts

@@ -77,14 +77,14 @@ export default class ManualJournalsController extends BaseController {
   /**
    * Specific manual journal id param validation schema.
    */
-  get manualJournalParamSchema() {
+  private get manualJournalParamSchema() {
     return [param('id').exists().isNumeric().toInt()];
   }
 
   /**
    * Manual journal DTO schema.
    */
-  get manualJournalValidationSchema() {
+  private get manualJournalValidationSchema() {
     return [
       check('date').exists().isISO8601(),
       check('currency_code').optional(),
@@ -94,25 +94,21 @@ export default class ManualJournalsController extends BaseController {
         .optional()
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('journal_type')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('reference')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('description')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.TEXT }),
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
       check('publish').optional().isBoolean().toBoolean(),
@@ -148,19 +144,22 @@ export default class ManualJournalsController extends BaseController {
         .optional({ nullable: true })
         .isNumeric()
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
   /**
    * Manual journals list validation schema.
    */
-  get manualJournalsListSchema() {
+  private get manualJournalsListSchema() {
     return [
       query('page').optional().isNumeric().toInt(),
       query('page_size').optional().isNumeric().toInt(),
       query('custom_view_id').optional().isNumeric().toInt(),
 
-      query('column_sort_by').optional().trim().escape(),
+      query('column_sort_by').optional().trim(),
       query('sort_order').optional().isIn(['desc', 'asc']),
 
       query('stringified_filter_roles').optional().isJSON(),
@@ -320,7 +319,7 @@ export default class ManualJournalsController extends BaseController {
    * @param {Response} res
    * @param {NextFunction} next
    */
-  getManualJournalsList = async (
+  private getManualJournalsList = async (
     req: Request,
     res: Response,
     next: NextFunction

packages/server/src/api/controllers/Media.ts

@@ -61,15 +61,14 @@ export default class MediaController extends BaseController {
 
   get uploadValidationSchema() {
     return [
-      // check('attachment'),
-      check('model_name').optional().trim().escape(),
-      check('model_id').optional().isNumeric().toInt(),
+      check('model_name').optional().trim(),
+      check('model_id').optional().isNumeric(),
     ];
   }
 
   get linkValidationSchema() {
     return [
-      check('model_name').exists().trim().escape(),
+      check('model_name').exists().trim(),
       check('model_id').exists().isNumeric().toInt(),
     ]
   }

packages/server/src/api/controllers/OneClickDemo/OneClickDemoController.ts

@@ -0,0 +1,87 @@
+import { Router, Request, Response, NextFunction } from 'express';
+import { Service, Inject } from 'typedi';
+import { body } from 'express-validator';
+import asyncMiddleware from '@/api/middleware/asyncMiddleware';
+import BaseController from '@/api/controllers/BaseController';
+import { OneClickDemoApplication } from '@/services/OneClickDemo/OneClickDemoApplication';
+import config from '@/config';
+@Service()
+export class OneClickDemoController extends BaseController {
+  @Inject()
+  private oneClickDemoApp: OneClickDemoApplication;
+
+  /**
+   * Router constructor method.
+   */
+  router() {
+    const router = Router();
+
+    // Protects the endpoints if the feature is not enabled.
+    const protectMiddleware = (
+      req: Request,
+      res: Response,
+      next: NextFunction
+    ) => {
+      // Add your protection logic here
+      if (config.oneClickDemoAccounts) {
+        next();
+      } else {
+        res.status(403).send({ message: 'Forbidden' });
+      }
+    };
+    router.post(
+      '/one_click',
+      protectMiddleware,
+      asyncMiddleware(this.oneClickDemo.bind(this))
+    );
+    router.post(
+      '/one_click_signin',
+      [body('demo_id').exists()],
+      this.validationResult,
+      protectMiddleware,
+      asyncMiddleware(this.oneClickSignIn.bind(this))
+    );
+    return router;
+  }
+
+  /**
+   * One-click demo application.
+   * @param {Request} req -
+   * @param {Response} res -
+   * @param {NextFunction} next -
+   */
+  private async oneClickDemo(req: Request, res: Response, next: NextFunction) {
+    try {
+      const data = await this.oneClickDemoApp.createOneClick();
+
+      return res.status(200).send({
+        data,
+        message: 'The one-click demo has been created successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Sign-in to one-click demo account.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async oneClickSignIn(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { demoId } = this.matchedBodyData(req);
+
+    try {
+      const data = await this.oneClickDemoApp.autoSignIn(demoId);
+
+      return res.status(200).send(data);
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Organization.ts

@@ -6,6 +6,7 @@ import { check, ValidationChain } from 'express-validator';
 import asyncMiddleware from '@/api/middleware/asyncMiddleware';
 import JWTAuth from '@/api/middleware/jwtAuth';
 import TenancyMiddleware from '@/api/middleware/TenancyMiddleware';
+import SubscriptionMiddleware from '@/api/middleware/SubscriptionMiddleware';
 import AttachCurrentTenantUser from '@/api/middleware/AttachCurrentTenantUser';
 import OrganizationService from '@/services/Organization/OrganizationService';
 import { MONTHS, ACCEPTED_LOCALES } from '@/services/Organization/constants';
@@ -17,7 +18,7 @@ import BaseController from '@/api/controllers/BaseController';
 @Service()
 export default class OrganizationController extends BaseController {
   @Inject()
-  private organizationService: OrganizationService;
+  organizationService: OrganizationService;
 
   /**
    * Router constructor.
@@ -25,10 +26,13 @@ export default class OrganizationController extends BaseController {
   router() {
     const router = Router();
 
+    // Should before build tenant database the user be authorized and
+    // most important than that, should be subscribed to any plan.
     router.use(JWTAuth);
     router.use(AttachCurrentTenantUser);
     router.use(TenancyMiddleware);
 
+    router.use('/build', SubscriptionMiddleware('main'));
     router.post(
       '/build',
       this.buildOrganizationValidationSchema,
@@ -58,7 +62,7 @@ export default class OrganizationController extends BaseController {
   private get commonOrganizationValidationSchema(): ValidationChain[] {
     return [
       check('name').exists().trim(),
-      check('industry').optional({ nullable: true }).isString().trim().escape(),
+      check('industry').optional({ nullable: true }).isString().trim(),
       check('location').exists().isString().isISO31661Alpha2(),
       check('base_currency').exists().isISO4217(),
       check('timezone').exists().isIn(moment.tz.names()),
@@ -83,11 +87,7 @@ export default class OrganizationController extends BaseController {
   private get updateOrganizationValidationSchema(): ValidationChain[] {
     return [
       ...this.commonOrganizationValidationSchema,
-      check('tax_number')
-        .optional({ nullable: true })
-        .isString()
-        .trim()
-        .escape(),
+      check('tax_number').optional({ nullable: true }).isString().trim(),
     ];
   }
 

packages/server/src/api/controllers/OrganizationDashboard.ts

@@ -33,17 +33,17 @@ export default class OrganizationDashboardController extends BaseController {
   }
 
   /**
-   *
-   * @param req
-   * @param res
-   * @param next
-   * @returns
+   * Detarmines whether the current authed organization to able to change its currency/.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Response|void}
    */
   private async baseCurrencyMutateAbility(
     req: Request,
     res: Response,
     next: Function
-  ) {
+  ): Promise<Response|void> {
     const { tenantId } = req;
 
     try {

packages/server/src/api/controllers/Projects/Projects.ts

@@ -29,8 +29,7 @@ export class ProjectsController extends BaseController {
         check('cost_estimate').exists().isDecimal(),
       ],
       this.validationResult,
-      asyncMiddleware(this.createProject.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.createProject.bind(this))
     );
     router.post(
       '/:id',
@@ -43,8 +42,7 @@ export class ProjectsController extends BaseController {
         check('cost_estimate').exists().isDecimal(),
       ],
       this.validationResult,
-      asyncMiddleware(this.editProject.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.editProject.bind(this))
     );
     router.patch(
       '/:projectId/status',
@@ -56,16 +54,14 @@ export class ProjectsController extends BaseController {
           .isIn([IProjectStatus.InProgress, IProjectStatus.Closed]),
       ],
       this.validationResult,
-      asyncMiddleware(this.editProject.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.editProject.bind(this))
     );
     router.get(
       '/:id',
       CheckPolicies(ProjectAction.VIEW, AbilitySubject.Project),
       [param('id').exists().isInt().toInt()],
       this.validationResult,
-      asyncMiddleware(this.getProject.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.getProject.bind(this))
     );
     router.get(
       '/:projectId/billable/entries',
@@ -76,24 +72,21 @@ export class ProjectsController extends BaseController {
         query('to_date').optional().isISO8601(),
       ],
       this.validationResult,
-      asyncMiddleware(this.projectBillableEntries.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.projectBillableEntries.bind(this))
     );
     router.get(
       '/',
       CheckPolicies(ProjectAction.VIEW, AbilitySubject.Project),
       [],
       this.validationResult,
-      asyncMiddleware(this.getProjects.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.getProjects.bind(this))
     );
     router.delete(
       '/:id',
       CheckPolicies(ProjectAction.DELETE, AbilitySubject.Project),
       [param('id').exists().isInt().toInt()],
       this.validationResult,
-      asyncMiddleware(this.deleteProject.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.deleteProject.bind(this))
     );
     return router;
   }
@@ -252,22 +245,4 @@ export class ProjectsController extends BaseController {
       next(error);
     }
   };
-
-  /**
-   * Transforms service errors to response.
-   * @param {Error}
-   * @param {Request} req
-   * @param {Response} res
-   * @param {ServiceError} error
-   */
-  private catchServiceErrors(
-    error,
-    req: Request,
-    res: Response,
-    next: NextFunction
-  ) {
-    if (error instanceof ServiceError) {
-    }
-    next(error);
-  }
 }

packages/server/src/api/controllers/Purchases/Bills.ts

@@ -100,8 +100,8 @@ export default class BillsController extends BaseController {
    */
   private get billValidationSchema() {
     return [
-      check('bill_number').exists().trim().escape(),
-      check('reference_no').optional().trim().escape(),
+      check('bill_number').exists().trim(),
+      check('reference_no').optional().trim(),
       check('bill_date').exists().isISO8601(),
       check('due_date').optional().isISO8601(),
 
@@ -112,13 +112,12 @@ export default class BillsController extends BaseController {
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
       check('project_id').optional({ nullable: true }).isNumeric().toInt(),
 
-      check('note').optional().trim().escape(),
+      check('note').optional().trim(),
       check('open').default(false).isBoolean().toBoolean(),
 
       check('is_inclusive_tax').default(false).isBoolean().toBoolean(),
 
       check('entries').isArray({ min: 1 }),
-
       check('entries.*.index').exists().isNumeric().toInt(),
       check('entries.*.item_id').exists().isNumeric().toInt(),
       check('entries.*.rate').exists().isNumeric().toFloat(),
@@ -127,10 +126,7 @@ export default class BillsController extends BaseController {
         .optional({ nullable: true })
         .isNumeric()
         .toFloat(),
-      check('entries.*.description')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
+      check('entries.*.description').optional({ nullable: true }).trim(),
       check('entries.*.landed_cost')
         .optional({ nullable: true })
         .isBoolean()
@@ -142,12 +138,14 @@ export default class BillsController extends BaseController {
       check('entries.*.tax_code')
         .optional({ nullable: true })
         .trim()
-        .escape()
         .isString(),
       check('entries.*.tax_rate_id')
         .optional({ nullable: true })
         .isNumeric()
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -156,8 +154,8 @@ export default class BillsController extends BaseController {
    */
   private get billEditValidationSchema() {
     return [
-      check('bill_number').optional().trim().escape(),
-      check('reference_no').optional().trim().escape(),
+      check('bill_number').optional().trim(),
+      check('reference_no').optional().trim(),
       check('bill_date').exists().isISO8601(),
       check('due_date').optional().isISO8601(),
 
@@ -168,7 +166,7 @@ export default class BillsController extends BaseController {
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
       check('project_id').optional({ nullable: true }).isNumeric().toInt(),
 
-      check('note').optional().trim().escape(),
+      check('note').optional().trim(),
       check('open').default(false).isBoolean().toBoolean(),
 
       check('entries').isArray({ min: 1 }),
@@ -182,14 +180,14 @@ export default class BillsController extends BaseController {
         .optional({ nullable: true })
         .isNumeric()
         .toFloat(),
-      check('entries.*.description')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
+      check('entries.*.description').optional({ nullable: true }).trim(),
       check('entries.*.landed_cost')
         .optional({ nullable: true })
         .isBoolean()
         .toBoolean(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -217,8 +215,8 @@ export default class BillsController extends BaseController {
 
   private get dueBillsListingValidationSchema() {
     return [
-      query('vendor_id').optional().trim().escape(),
-      query('payment_made_id').optional().trim().escape(),
+      query('vendor_id').optional().trim(),
+      query('payment_made_id').optional().trim(),
     ];
   }
 
@@ -303,7 +301,7 @@ export default class BillsController extends BaseController {
     try {
       const bill = await this.billsApplication.getBill(tenantId, billId);
 
-      return res.status(200).send(this.transfromToResponse({ bill }));
+      return res.status(200).send({ bill });
     } catch (error) {
       next(error);
     }
@@ -348,14 +346,11 @@ export default class BillsController extends BaseController {
     };
 
     try {
-      const { bills, pagination, filterMeta } =
-        await this.billsApplication.getBills(tenantId, filter);
-
-      return res.status(200).send({
-        bills: this.transfromToResponse(bills),
-        pagination: this.transfromToResponse(pagination),
-        filter_meta: this.transfromToResponse(filterMeta),
-      });
+      const billsWithPagination = await this.billsApplication.getBills(
+        tenantId,
+        filter
+      );
+      return res.status(200).send(billsWithPagination);
     } catch (error) {
       next(error);
     }
@@ -563,6 +558,16 @@ export default class BillsController extends BaseController {
           errors: [{ type: 'ITEM_ENTRY_TAX_RATE_ID_NOT_FOUND', code: 1900 }],
         });
       }
+      if (error.errorType === 'BILL_AMOUNT_SMALLER_THAN_PAID_AMOUNT') {
+        return res.boom.badRequest(null, {
+          errors: [
+            {
+              type: 'BILL_AMOUNT_SMALLER_THAN_PAID_AMOUNT',
+              code: 2000,
+            },
+          ],
+        });
+      }
     }
     next(error);
   }

packages/server/src/api/controllers/Purchases/BillsPayments.ts

@@ -111,17 +111,21 @@ export default class BillsPayments extends BaseController {
       check('vendor_id').exists().isNumeric().toInt(),
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
 
+      check('amount').exists().isNumeric().toFloat(),
       check('payment_account_id').exists().isNumeric().toInt(),
-      check('payment_number').optional({ nullable: true }).trim().escape(),
+      check('payment_number').optional({ nullable: true }).trim(),
       check('payment_date').exists(),
-      check('statement').optional().trim().escape(),
-      check('reference').optional().trim().escape(),
+      check('statement').optional().trim(),
+      check('reference').optional().trim(),
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
 
-      check('entries').exists().isArray({ min: 1 }),
+      check('entries').exists().isArray(),
       check('entries.*.index').optional().isNumeric().toInt(),
       check('entries.*.bill_id').exists().isNumeric().toInt(),
       check('entries.*.payment_amount').exists().isNumeric().toFloat(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -158,15 +162,11 @@ export default class BillsPayments extends BaseController {
     const { tenantId } = req;
     const { vendorId } = this.matchedQueryData(req);
 
-    try {
-      const entries = await this.billPaymentsPages.getNewPageEntries(
-        tenantId,
-        vendorId
-      );
-      return res.status(200).send({
-        entries: this.transfromToResponse(entries),
-      });
-    } catch (error) {}
+    const entries = await this.billPaymentsPages.getNewPageEntries(
+      tenantId,
+      vendorId
+    );
+    return res.status(200).send({ entries });
   }
 
   /**
@@ -183,16 +183,12 @@ export default class BillsPayments extends BaseController {
     const { id: paymentReceiveId } = req.params;
 
     try {
-      const { billPayment, entries } =
+      const billPaymentsWithEditEntries =
         await this.billPaymentsPages.getBillPaymentEditPage(
           tenantId,
           paymentReceiveId
         );
-
-      return res.status(200).send({
-        bill_payment: this.transfromToResponse(billPayment),
-        entries: this.transfromToResponse(entries),
-      });
+      return res.status(200).send(billPaymentsWithEditEntries);
     } catch (error) {
       next(error);
     }
@@ -304,9 +300,7 @@ export default class BillsPayments extends BaseController {
         tenantId,
         billPaymentId
       );
-      return res.status(200).send({
-        bill_payment: this.transfromToResponse(billPayment),
-      });
+      return res.status(200).send({ billPayment });
     } catch (error) {
       next(error);
     }
@@ -359,17 +353,12 @@ export default class BillsPayments extends BaseController {
     };
 
     try {
-      const { billPayments, pagination, filterMeta } =
+      const billPaymentsWithPagination =
         await this.billPaymentsApplication.getBillPayments(
           tenantId,
           billPaymentsFilter
         );
-
-      return res.status(200).send({
-        bill_payments: this.transfromToResponse(billPayments),
-        pagination: this.transfromToResponse(pagination),
-        filter_meta: this.transfromToResponse(filterMeta),
-      });
+      return res.status(200).send(billPaymentsWithPagination);
     } catch (error) {
       next(error);
     }

packages/server/src/api/controllers/Purchases/VendorCredit.ts

@@ -156,13 +156,10 @@ export default class VendorCreditController extends BaseController {
       check('vendor_id').exists().isNumeric().toInt(),
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
 
-      check('vendor_credit_number')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
-      check('reference_no').optional().trim().escape(),
+      check('vendor_credit_number').optional({ nullable: true }).trim(),
+      check('reference_no').optional().trim(),
       check('vendor_credit_date').exists().isISO8601().toDate(),
-      check('note').optional().trim().escape(),
+      check('note').optional().trim(),
       check('open').default(false).isBoolean().toBoolean(),
 
       check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(),
@@ -178,14 +175,14 @@ export default class VendorCreditController extends BaseController {
         .optional({ nullable: true })
         .isNumeric()
         .toFloat(),
-      check('entries.*.description')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
+      check('entries.*.description').optional({ nullable: true }).trim(),
       check('entries.*.warehouse_id')
         .optional({ nullable: true })
         .isNumeric()
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -199,13 +196,10 @@ export default class VendorCreditController extends BaseController {
       check('vendor_id').exists().isNumeric().toInt(),
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
 
-      check('vendor_credit_number')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
-      check('reference_no').optional().trim().escape(),
+      check('vendor_credit_number').optional({ nullable: true }).trim(),
+      check('reference_no').optional().trim(),
       check('vendor_credit_date').exists().isISO8601().toDate(),
-      check('note').optional().trim().escape(),
+      check('note').optional().trim(),
 
       check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(),
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
@@ -220,14 +214,14 @@ export default class VendorCreditController extends BaseController {
         .optional({ nullable: true })
         .isNumeric()
         .toFloat(),
-      check('entries.*.description')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
+      check('entries.*.description').optional({ nullable: true }).trim(),
       check('entries.*.warehouse_id')
         .optional({ nullable: true })
         .isNumeric()
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -297,8 +291,7 @@ export default class VendorCreditController extends BaseController {
     try {
       const vendorCredit = await this.createVendorCreditService.newVendorCredit(
         tenantId,
-        vendorCreditCreateDTO,
-        user
+        vendorCreditCreateDTO
       );
 
       return res.status(200).send({
@@ -320,20 +313,19 @@ export default class VendorCreditController extends BaseController {
     res: Response,
     next: NextFunction
   ) => {
-    const { id: billId } = req.params;
+    const { id: vendorCreditId } = req.params;
     const { tenantId, user } = req;
     const vendorCreditEditDTO: IVendorCreditEditDTO = this.matchedBodyData(req);
 
     try {
       await this.editVendorCreditService.editVendorCredit(
         tenantId,
-        billId,
-        vendorCreditEditDTO,
-        user
+        vendorCreditId,
+        vendorCreditEditDTO
       );
 
       return res.status(200).send({
-        id: billId,
+        id: vendorCreditId,
         message: 'The vendor credit has been edited successfully.',
       });
     } catch (error) {

packages/server/src/api/controllers/Resources.ts

@@ -18,9 +18,7 @@ export default class ResourceController extends BaseController {
 
     router.get(
       '/:resource_model/meta',
-      [
-        param('resource_model').exists().trim().escape()
-      ],
+      [param('resource_model').exists().trim()],
       this.asyncMiddleware(this.resourceMeta.bind(this)),
       this.handleServiceErrors
     );
@@ -48,9 +46,7 @@ export default class ResourceController extends BaseController {
         resourceModel
       );
       return res.status(200).send({
-        resource_meta: this.transfromToResponse(
-          resourceMeta,
-        ),
+        resource_meta: this.transfromToResponse(resourceMeta),
       });
     } catch (error) {
       next(error);

packages/server/src/api/controllers/Sales/CreditNotes.ts

@@ -26,6 +26,7 @@ import GetCreditNoteAssociatedInvoicesToApply from '@/services/CreditNotes/GetCr
 import GetCreditNoteAssociatedAppliedInvoices from '@/services/CreditNotes/GetCreditNoteAssociatedAppliedInvoices';
 import GetRefundCreditTransaction from '@/services/CreditNotes/GetRefundCreditNoteTransaction';
 import GetCreditNotePdf from '../../../services/CreditNotes/GetCreditNotePdf';
+import { ACCEPT_TYPE } from '@/interfaces/Http';
 /**
  * Credit notes controller.
  * @service
@@ -209,9 +210,9 @@ export default class PaymentReceivesController extends BaseController {
 
       check('credit_note_date').exists().isISO8601().toDate(),
       check('reference_no').optional(),
-      check('credit_note_number').optional({ nullable: true }).trim().escape(),
-      check('note').optional().trim().escape(),
-      check('terms_conditions').optional().trim().escape(),
+      check('credit_note_number').optional({ nullable: true }).trim(),
+      check('note').optional().trim(),
+      check('terms_conditions').optional().trim(),
       check('open').default(false).isBoolean().toBoolean(),
 
       check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(),
@@ -227,14 +228,14 @@ export default class PaymentReceivesController extends BaseController {
         .optional({ nullable: true })
         .isNumeric()
         .toFloat(),
-      check('entries.*.description')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
+      check('entries.*.description').optional({ nullable: true }).trim(),
       check('entries.*.warehouse_id')
         .optional({ nullable: true })
         .isNumeric()
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -293,7 +294,7 @@ export default class PaymentReceivesController extends BaseController {
     return [
       check('from_account_id').exists().isNumeric().toInt(),
       check('description').optional(),
-      
+
       check('amount').exists().isNumeric().toFloat(),
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
 
@@ -337,8 +338,7 @@ export default class PaymentReceivesController extends BaseController {
     try {
       const creditNote = await this.createCreditNoteService.newCreditNote(
         tenantId,
-        creditNoteDTO,
-        user
+        creditNoteDTO
       );
       return res.status(200).send({
         id: creditNote.id,
@@ -438,7 +438,7 @@ export default class PaymentReceivesController extends BaseController {
   };
 
   /**
-   * Retrieve the payment receive details.
+   * Retrieve the credit note details.
    * @param {Request} req
    * @param {Response} res
    * @param {NextFunction} next
@@ -451,38 +451,28 @@ export default class PaymentReceivesController extends BaseController {
     const { tenantId } = req;
     const { id: creditNoteId } = req.params;
 
-    try {
+    const accept = this.accepts(req);
+
+    const acceptType = accept.types([
+      ACCEPT_TYPE.APPLICATION_JSON,
+      ACCEPT_TYPE.APPLICATION_PDF,
+    ]);
+    if (ACCEPT_TYPE.APPLICATION_PDF === acceptType) {
+      const pdfContent = await this.creditNotePdf.getCreditNotePdf(
+        tenantId,
+        creditNoteId
+      );
+      res.set({
+        'Content-Type': 'application/pdf',
+        'Content-Length': pdfContent.length,
+      });
+      res.send(pdfContent);
+    } else {
       const creditNote = await this.getCreditNoteService.getCreditNote(
         tenantId,
         creditNoteId
       );
-      const ACCEPT_TYPE = {
-        APPLICATION_PDF: 'application/pdf',
-        APPLICATION_JSON: 'application/json',
-      };
-      // Response formatter.
-      res.format({
-        // Json content type.
-        [ACCEPT_TYPE.APPLICATION_JSON]: () => {
-          return res
-            .status(200)
-            .send({ credit_note: this.transfromToResponse(creditNote) });
-        },
-        // Pdf content type.
-        [ACCEPT_TYPE.APPLICATION_PDF]: async () => {
-          const pdfContent = await this.creditNotePdf.getCreditNotePdf(
-            tenantId,
-            creditNote
-          );
-          res.set({
-            'Content-Type': 'application/pdf',
-            'Content-Length': pdfContent.length,
-          });
-          res.send(pdfContent);
-        },
-      });
-    } catch (error) {
-      next(error);
+      return res.status(200).send({ creditNote });
     }
   };
 

packages/server/src/api/controllers/Sales/PaymentReceives.ts

@@ -9,11 +9,12 @@ import {
 } from '@/interfaces';
 import BaseController from '@/api/controllers/BaseController';
 import asyncMiddleware from '@/api/middleware/asyncMiddleware';
-import PaymentReceivesPages from '@/services/Sales/PaymentReceives/PaymentReceivesPages';
+import PaymentsReceivedPages from '@/services/Sales/PaymentReceived/PaymentsReceivedPages';
+import { PaymentReceivesApplication } from '@/services/Sales/PaymentReceived/PaymentReceivedApplication';
 import DynamicListingService from '@/services/DynamicListing/DynamicListService';
-import { PaymentReceivesApplication } from '@/services/Sales/PaymentReceives/PaymentReceivesApplication';
 import CheckPolicies from '@/api/middleware/CheckPolicies';
 import { ServiceError } from '@/exceptions';
+import { ACCEPT_TYPE } from '@/interfaces/Http';
 
 @Service()
 export default class PaymentReceivesController extends BaseController {
@@ -21,7 +22,7 @@ export default class PaymentReceivesController extends BaseController {
   private paymentReceiveApplication: PaymentReceivesApplication;
 
   @Inject()
-  private PaymentReceivesPages: PaymentReceivesPages;
+  private PaymentsReceivedPages: PaymentsReceivedPages;
 
   @Inject()
   private dynamicListService: DynamicListingService;
@@ -149,20 +150,23 @@ export default class PaymentReceivesController extends BaseController {
       check('customer_id').exists().isNumeric().toInt(),
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
 
+      check('amount').exists().isNumeric().toFloat(),
       check('payment_date').exists(),
       check('reference_no').optional(),
       check('deposit_account_id').exists().isNumeric().toInt(),
-      check('payment_receive_no').optional({ nullable: true }).trim().escape(),
-      check('statement').optional().trim().escape(),
+      check('payment_receive_no').optional({ nullable: true }).trim(),
+      check('statement').optional().trim(),
 
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
 
-      check('entries').isArray({ min: 1 }),
-
+      check('entries').isArray({}),
       check('entries.*.id').optional({ nullable: true }).isNumeric().toInt(),
       check('entries.*.index').optional().isNumeric().toInt(),
       check('entries.*.invoice_id').exists().isNumeric().toInt(),
       check('entries.*.payment_amount').exists().isNumeric().toFloat(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -172,7 +176,6 @@ export default class PaymentReceivesController extends BaseController {
   private get validatePaymentReceiveList(): ValidationChain[] {
     return [
       query('stringified_filter_roles').optional().isJSON(),
-
       query('view_slug').optional({ nullable: true }).isString().trim(),
 
       query('column_sort_by').optional(),
@@ -226,7 +229,7 @@ export default class PaymentReceivesController extends BaseController {
 
     try {
       const storedPaymentReceive =
-        await this.paymentReceiveApplication.createPaymentReceive(
+        await this.paymentReceiveApplication.createPaymentReceived(
           tenantId,
           paymentReceive,
           user
@@ -348,17 +351,12 @@ export default class PaymentReceivesController extends BaseController {
     };
 
     try {
-      const { paymentReceives, pagination, filterMeta } =
+      const paymentsReceivedWithPagination =
         await this.paymentReceiveApplication.getPaymentReceives(
           tenantId,
           filter
         );
-
-      return res.status(200).send({
-        payment_receives: this.transfromToResponse(paymentReceives),
-        pagination: this.transfromToResponse(pagination),
-        filter_meta: this.transfromToResponse(filterMeta),
-      });
+      return res.status(200).send(paymentsReceivedWithPagination);
     } catch (error) {
       next(error);
     }
@@ -378,7 +376,7 @@ export default class PaymentReceivesController extends BaseController {
     const { customerId } = this.matchedQueryData(req);
 
     try {
-      const entries = await this.PaymentReceivesPages.getNewPageEntries(
+      const entries = await this.PaymentsReceivedPages.getNewPageEntries(
         tenantId,
         customerId
       );
@@ -406,7 +404,7 @@ export default class PaymentReceivesController extends BaseController {
 
     try {
       const { paymentReceive, entries } =
-        await this.PaymentReceivesPages.getPaymentReceiveEditPage(
+        await this.PaymentsReceivedPages.getPaymentReceiveEditPage(
           tenantId,
           paymentReceiveId,
           user
@@ -435,37 +433,34 @@ export default class PaymentReceivesController extends BaseController {
     const { tenantId } = req;
     const { id: paymentReceiveId } = req.params;
 
-    try {
-      const ACCEPT_TYPE = {
-        APPLICATION_PDF: 'application/pdf',
-        APPLICATION_JSON: 'application/json',
-      };
-      res.format({
-        [ACCEPT_TYPE.APPLICATION_JSON]: async () => {
-          const paymentReceive =
-            await this.paymentReceiveApplication.getPaymentReceive(
-              tenantId,
-              paymentReceiveId
-            );
-          return res.status(200).send({
-            payment_receive: paymentReceive,
-          });
-        },
-        [ACCEPT_TYPE.APPLICATION_PDF]: async () => {
-          const pdfContent =
-            await this.paymentReceiveApplication.getPaymentReceivePdf(
-              tenantId,
-              paymentReceiveId
-            );
-          res.set({
-            'Content-Type': 'application/pdf',
-            'Content-Length': pdfContent.length,
-          });
-          res.send(pdfContent);
-        },
+    const accept = this.accepts(req);
+
+    const acceptType = accept.types([
+      ACCEPT_TYPE.APPLICATION_JSON,
+      ACCEPT_TYPE.APPLICATION_PDF,
+    ]);
+    // Response in pdf format.
+    if (ACCEPT_TYPE.APPLICATION_PDF === acceptType) {
+      const pdfContent =
+        await this.paymentReceiveApplication.getPaymentReceivePdf(
+          tenantId,
+          paymentReceiveId
+        );
+      res.set({
+        'Content-Type': 'application/pdf',
+        'Content-Length': pdfContent.length,
+      });
+      res.send(pdfContent);
+      // Response in json format.
+    } else {
+      const paymentReceive =
+        await this.paymentReceiveApplication.getPaymentReceive(
+          tenantId,
+          paymentReceiveId
+        );
+      return res.status(200).send({
+        payment_receive: paymentReceive,
       });
-    } catch (error) {
-      next(error);
     }
   }
 
@@ -499,7 +494,7 @@ export default class PaymentReceivesController extends BaseController {
   };
 
   /**
-   *
+   * Retrieves the sms details of the given payment receive.
    * @param {Request} req
    * @param {Response} res
    * @param {NextFunction} next
@@ -588,10 +583,10 @@ export default class PaymentReceivesController extends BaseController {
 
   /**
    * Handles service errors.
-   * @param error
-   * @param req
-   * @param res
-   * @param next
+   * @param {Error} error
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
    */
   private handleServiceErrors(
     error: Error,

packages/server/src/api/controllers/Sales/SalesEstimates.ts

@@ -155,7 +155,7 @@ export default class SalesEstimatesController extends BaseController {
       check('estimate_date').exists().isISO8601().toDate(),
       check('expiration_date').exists().isISO8601().toDate(),
       check('reference').optional(),
-      check('estimate_number').optional().trim().escape(),
+      check('estimate_number').optional().trim(),
       check('delivered').default(false).isBoolean().toBoolean(),
 
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
@@ -170,8 +170,7 @@ export default class SalesEstimatesController extends BaseController {
       check('entries.*.rate').exists().isNumeric().toFloat(),
       check('entries.*.description')
         .optional({ nullable: true })
-        .trim()
-        .escape(),
+        .trim(),
       check('entries.*.discount')
         .optional({ nullable: true })
         .isNumeric()
@@ -181,9 +180,12 @@ export default class SalesEstimatesController extends BaseController {
         .isNumeric()
         .toInt(),
 
-      check('note').optional().trim().escape(),
-      check('terms_conditions').optional().trim().escape(),
-      check('send_to_email').optional().trim().escape(),
+      check('note').optional().trim(),
+      check('terms_conditions').optional().trim(),
+      check('send_to_email').optional().trim(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -334,7 +336,6 @@ export default class SalesEstimatesController extends BaseController {
         tenantId,
         estimateId
       );
-
       return res.status(200).send({
         id: estimateId,
         message: 'The sale estimate has been approved successfully.',
@@ -363,7 +364,6 @@ export default class SalesEstimatesController extends BaseController {
         tenantId,
         estimateId
       );
-
       return res.status(200).send({
         id: estimateId,
         message: 'The sale estimate has been rejected successfully.',
@@ -383,33 +383,30 @@ export default class SalesEstimatesController extends BaseController {
     const { id: estimateId } = req.params;
     const { tenantId } = req;
 
-    try {
-      // Response formatter.
-      res.format({
-        // JSON content type.
-        [ACCEPT_TYPE.APPLICATION_JSON]: async () => {
-          const estimate = await this.saleEstimatesApplication.getSaleEstimate(
-            tenantId,
-            estimateId
-          );
-          return res.status(200).send({ estimate });
-        },
-        // PDF content type.
-        [ACCEPT_TYPE.APPLICATION_PDF]: async () => {
-          const pdfContent =
-            await this.saleEstimatesApplication.getSaleEstimatePdf(
-              tenantId,
-              estimateId
-            );
-          res.set({
-            'Content-Type': 'application/pdf',
-            'Content-Length': pdfContent.length,
-          });
-          res.send(pdfContent);
-        },
+    const accept = this.accepts(req);
+
+    const acceptType = accept.types([
+      ACCEPT_TYPE.APPLICATION_JSON,
+      ACCEPT_TYPE.APPLICATION_PDF,
+    ]);
+    // Retrieves estimate in pdf format.
+    if (ACCEPT_TYPE.APPLICATION_PDF == acceptType) {
+      const pdfContent = await this.saleEstimatesApplication.getSaleEstimatePdf(
+        tenantId,
+        estimateId
+      );
+      res.set({
+        'Content-Type': 'application/pdf',
+        'Content-Length': pdfContent.length,
       });
-    } catch (error) {
-      next(error);
+      res.send(pdfContent);
+      // Retrieves estimates in json format.
+    } else {
+      const estimate = await this.saleEstimatesApplication.getSaleEstimate(
+        tenantId,
+        estimateId
+      );
+      return res.status(200).send({ estimate });
     }
   }
 
@@ -427,22 +424,11 @@ export default class SalesEstimatesController extends BaseController {
       pageSize: 12,
       ...this.matchedQueryData(req),
     };
-
     try {
-      const { salesEstimates, pagination, filterMeta } =
+      const salesEstimatesWithPagination =
         await this.saleEstimatesApplication.getSaleEstimates(tenantId, filter);
 
-      res.format({
-        [ACCEPT_TYPE.APPLICATION_JSON]: () => {
-          return res.status(200).send(
-            this.transfromToResponse({
-              salesEstimates,
-              pagination,
-              filterMeta,
-            })
-          );
-        },
-      });
+      return res.status(200).send(salesEstimatesWithPagination);
     } catch (error) {
       next(error);
     }

packages/server/src/api/controllers/Sales/SalesInvoices.ts

@@ -14,11 +14,8 @@ import {
 } from '@/interfaces';
 import CheckPolicies from '@/api/middleware/CheckPolicies';
 import { SaleInvoiceApplication } from '@/services/Sales/Invoices/SaleInvoicesApplication';
+import { ACCEPT_TYPE } from '@/interfaces/Http';
 
-const ACCEPT_TYPE = {
-  APPLICATION_PDF: 'application/pdf',
-  APPLICATION_JSON: 'application/json',
-};
 @Service()
 export default class SaleInvoicesController extends BaseController {
   @Inject()
@@ -39,6 +36,8 @@ export default class SaleInvoicesController extends BaseController {
       [
         ...this.saleInvoiceValidationSchema,
         check('from_estimate_id').optional().isNumeric().toInt(),
+        check('attachments').isArray().optional(),
+        check('attachments.*.key').exists().isString(),
       ],
       this.validationResult,
       asyncMiddleware(this.newSaleInvoice.bind(this)),
@@ -101,6 +100,8 @@ export default class SaleInvoicesController extends BaseController {
       [
         ...this.saleInvoiceValidationSchema,
         ...this.specificSaleInvoiceValidation,
+        check('attachments').isArray().optional(),
+        check('attachments.*.key').exists().isString(),
       ],
       this.validationResult,
       asyncMiddleware(this.editSaleInvoice.bind(this)),
@@ -199,12 +200,12 @@ export default class SaleInvoicesController extends BaseController {
       check('customer_id').exists().isNumeric().toInt(),
       check('invoice_date').exists().isISO8601().toDate(),
       check('due_date').exists().isISO8601().toDate(),
-      check('invoice_no').optional().trim().escape(),
-      check('reference_no').optional().trim().escape(),
+      check('invoice_no').optional().trim(),
+      check('reference_no').optional().trim(),
       check('delivered').default(false).isBoolean().toBoolean(),
 
-      check('invoice_message').optional().trim().escape(),
-      check('terms_conditions').optional().trim().escape(),
+      check('invoice_message').optional().trim(),
+      check('terms_conditions').optional().trim(),
 
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
 
@@ -225,12 +226,10 @@ export default class SaleInvoicesController extends BaseController {
         .toFloat(),
       check('entries.*.description')
         .optional({ nullable: true })
-        .trim()
-        .escape(),
+        .trim(),
       check('entries.*.tax_code')
         .optional({ nullable: true })
         .trim()
-        .escape()
         .isString(),
       check('entries.*.tax_rate_id')
         .optional({ nullable: true })
@@ -403,7 +402,6 @@ export default class SaleInvoicesController extends BaseController {
         saleInvoiceId,
         user
       );
-
       return res.status(200).send({
         id: saleInvoiceId,
         message: 'The sale invoice has been deleted successfully.',
@@ -422,30 +420,32 @@ export default class SaleInvoicesController extends BaseController {
     const { id: saleInvoiceId } = req.params;
     const { tenantId, user } = req;
 
-    // Response formatter.
-    return res.format({
-      // JSON content type.
-      [ACCEPT_TYPE.APPLICATION_JSON]: async () => {
-        const saleInvoice = await this.saleInvoiceApplication.getSaleInvoice(
-          tenantId,
-          saleInvoiceId,
-          user
-        );
-        return res.status(200).send(this.transfromToResponse({ saleInvoice }));
-      },
-      // PDF content type.
-      [ACCEPT_TYPE.APPLICATION_PDF]: async () => {
-        const pdfContent = await this.saleInvoiceApplication.saleInvoicePdf(
-          tenantId,
-          saleInvoiceId
-        );
-        res.set({
-          'Content-Type': 'application/pdf',
-          'Content-Length': pdfContent.length,
-        });
-        res.send(pdfContent);
-      },
-    });
+    const accept = this.accepts(req);
+
+    const acceptType = accept.types([
+      ACCEPT_TYPE.APPLICATION_JSON,
+      ACCEPT_TYPE.APPLICATION_PDF,
+    ]);
+    // Retrieves invoice in pdf format.
+    if (ACCEPT_TYPE.APPLICATION_PDF == acceptType) {
+      const pdfContent = await this.saleInvoiceApplication.saleInvoicePdf(
+        tenantId,
+        saleInvoiceId
+      );
+      res.set({
+        'Content-Type': 'application/pdf',
+        'Content-Length': pdfContent.length,
+      });
+      res.send(pdfContent);
+      // Retrieves invoice in json format.
+    } else {
+      const saleInvoice = await this.saleInvoiceApplication.getSaleInvoice(
+        tenantId,
+        saleInvoiceId,
+        user
+      );
+      return res.status(200).send({ saleInvoice });
+    }
   }
   /**
    * Retrieve paginated sales invoices with custom view metadata.
@@ -467,14 +467,10 @@ export default class SaleInvoicesController extends BaseController {
       ...this.matchedQueryData(req),
     };
     try {
-      const { salesInvoices, filterMeta, pagination } =
+      const salesInvoicesWithPagination =
         await this.saleInvoiceApplication.getSaleInvoices(tenantId, filter);
 
-      return res.status(200).send({
-        sales_invoices: this.transfromToResponse(salesInvoices),
-        pagination: this.transfromToResponse(pagination),
-        filter_meta: this.transfromToResponse(filterMeta),
-      });
+      return res.status(200).send(salesInvoicesWithPagination);
     } catch (error) {
       next(error);
     }
@@ -501,9 +497,7 @@ export default class SaleInvoicesController extends BaseController {
           tenantId,
           customerId
         );
-      return res.status(200).send({
-        sales_invoices: this.transfromToResponse(salesInvoices),
-      });
+      return res.status(200).send({ salesInvoices });
     } catch (error) {
       next(error);
     }
@@ -531,7 +525,6 @@ export default class SaleInvoicesController extends BaseController {
         invoiceId,
         writeoffDTO
       );
-
       return res.status(200).send({
         id: saleInvoice.id,
         message: 'The given sale invoice has been written-off successfully.',

packages/server/src/api/controllers/Sales/SalesReceipts.ts

@@ -3,12 +3,17 @@ import { body, check, param, query } from 'express-validator';
 import { Inject, Service } from 'typedi';
 import asyncMiddleware from '@/api/middleware/asyncMiddleware';
 import BaseController from '../BaseController';
-import { ISaleReceiptDTO, SaleReceiptMailOpts, SaleReceiptMailOptsDTO } from '@/interfaces/SaleReceipt';
+import {
+  ISaleReceiptDTO,
+  SaleReceiptMailOpts,
+  SaleReceiptMailOptsDTO,
+} from '@/interfaces/SaleReceipt';
 import { ServiceError } from '@/exceptions';
 import DynamicListingService from '@/services/DynamicListing/DynamicListService';
 import CheckPolicies from '@/api/middleware/CheckPolicies';
 import { AbilitySubject, SaleReceiptAction } from '@/interfaces';
 import { SaleReceiptApplication } from '@/services/Sales/Receipts/SaleReceiptApplication';
+import { ACCEPT_TYPE } from '@/interfaces/Http';
 
 @Service()
 export default class SalesReceiptsController extends BaseController {
@@ -62,9 +67,7 @@ export default class SalesReceiptsController extends BaseController {
     );
     router.get(
       '/:id/mail',
-      [
-        ...this.specificReceiptValidationSchema,
-      ],
+      [...this.specificReceiptValidationSchema],
       this.validationResult,
       asyncMiddleware(this.getSaleReceiptMail.bind(this)),
       this.handleServiceErrors
@@ -127,8 +130,8 @@ export default class SalesReceiptsController extends BaseController {
 
       check('deposit_account_id').exists().isNumeric().toInt(),
       check('receipt_date').exists().isISO8601(),
-      check('receipt_number').optional().trim().escape(),
-      check('reference_no').optional().trim().escape(),
+      check('receipt_number').optional().trim(),
+      check('reference_no').optional().trim(),
       check('closed').default(false).isBoolean().toBoolean(),
 
       check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(),
@@ -147,14 +150,15 @@ export default class SalesReceiptsController extends BaseController {
         .toInt(),
       check('entries.*.description')
         .optional({ nullable: true })
-        .trim()
-        .escape(),
+        .trim(),
       check('entries.*.warehouse_id')
         .optional({ nullable: true })
         .isNumeric()
         .toInt(),
-      check('receipt_message').optional().trim().escape(),
-      check('statement').optional().trim().escape(),
+      check('receipt_message').optional().trim(),
+      check('statement').optional().trim(),
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -228,7 +232,6 @@ export default class SalesReceiptsController extends BaseController {
         tenantId,
         saleReceiptId
       );
-
       return res.status(200).send({
         id: saleReceiptId,
         message: 'Sale receipt has been deleted successfully.',
@@ -317,15 +320,10 @@ export default class SalesReceiptsController extends BaseController {
       ...this.matchedQueryData(req),
     };
     try {
-      const { data, pagination, filterMeta } =
+      const salesReceiptsWithPagination =
         await this.saleReceiptsApplication.getSaleReceipts(tenantId, filter);
 
-      const response = this.transfromToResponse({
-        data,
-        pagination,
-        filterMeta,
-      });
-      return res.status(200).send(response);
+      return res.status(200).send(salesReceiptsWithPagination);
     } catch (error) {
       next(error);
     }
@@ -337,34 +335,34 @@ export default class SalesReceiptsController extends BaseController {
    * @param {Response} res
    * @param {NextFunction} next
    */
-  public async getSaleReceipt(req: Request, res: Response, next: NextFunction) {
+  public async getSaleReceipt(req: Request, res: Response) {
     const { id: saleReceiptId } = req.params;
     const { tenantId } = req;
 
-    try {
-      res.format({
-        'application/json': async () => {
-          const saleReceipt = await this.saleReceiptsApplication.getSaleReceipt(
-            tenantId,
-            saleReceiptId
-          );
-          return res.status(200).send({ saleReceipt });
-        },
-        'application/pdf': async () => {
-          const pdfContent =
-            await this.saleReceiptsApplication.getSaleReceiptPdf(
-              tenantId,
-              saleReceiptId
-            );
-          res.set({
-            'Content-Type': 'application/pdf',
-            'Content-Length': pdfContent.length,
-          });
-          res.send(pdfContent);
-        },
+    const accept = this.accepts(req);
+
+    const acceptType = accept.types([
+      ACCEPT_TYPE.APPLICATION_JSON,
+      ACCEPT_TYPE.APPLICATION_PDF,
+    ]);
+    // Retrieves receipt in pdf format.
+    if (ACCEPT_TYPE.APPLICATION_PDF == acceptType) {
+      const pdfContent = await this.saleReceiptsApplication.getSaleReceiptPdf(
+        tenantId,
+        saleReceiptId
+      );
+      res.set({
+        'Content-Type': 'application/pdf',
+        'Content-Length': pdfContent.length,
       });
-    } catch (error) {
-      next(error);
+      res.send(pdfContent);
+      // Retrieves receipt in json format.
+    } else {
+      const saleReceipt = await this.saleReceiptsApplication.getSaleReceipt(
+        tenantId,
+        saleReceiptId
+      );
+      return res.status(200).send({ saleReceipt });
     }
   }
 

packages/server/src/api/controllers/Settings/Settings.ts

@@ -52,10 +52,7 @@ export default class SettingsController extends BaseController {
    * Retrieve the application options from the storage.
    */
   private get getSettingsSchema() {
-    return [
-      query('key').optional().trim().escape(),
-      query('group').optional().trim().escape(),
-    ];
+    return [query('key').optional().trim(), query('group').optional().trim()];
   }
 
   /**

packages/server/src/api/controllers/Subscription/SubscriptionController.ts

@@ -0,0 +1,180 @@
+import { Router, Request, Response, NextFunction } from 'express';
+import { Service, Inject } from 'typedi';
+import { body } from 'express-validator';
+import JWTAuth from '@/api/middleware/jwtAuth';
+import TenancyMiddleware from '@/api/middleware/TenancyMiddleware';
+import AttachCurrentTenantUser from '@/api/middleware/AttachCurrentTenantUser';
+import SubscriptionService from '@/services/Subscription/SubscriptionService';
+import asyncMiddleware from '@/api/middleware/asyncMiddleware';
+import BaseController from '../BaseController';
+import { LemonSqueezyService } from '@/services/Subscription/LemonSqueezyService';
+import { SubscriptionApplication } from '@/services/Subscription/SubscriptionApplication';
+
+@Service()
+export class SubscriptionController extends BaseController {
+  @Inject()
+  private subscriptionService: SubscriptionService;
+
+  @Inject()
+  private lemonSqueezyService: LemonSqueezyService;
+
+  @Inject()
+  private subscriptionApp: SubscriptionApplication;
+
+  /**
+   * Router constructor.
+   */
+  router() {
+    const router = Router();
+
+    router.use(JWTAuth);
+    router.use(AttachCurrentTenantUser);
+    router.use(TenancyMiddleware);
+
+    router.post(
+      '/lemon/checkout_url',
+      [body('variantId').exists().trim()],
+      this.validationResult,
+      this.getCheckoutUrl.bind(this)
+    );
+    router.post('/cancel', asyncMiddleware(this.cancelSubscription.bind(this)));
+    router.post('/resume', asyncMiddleware(this.resumeSubscription.bind(this)));
+    router.post(
+      '/change',
+      [body('variant_id').exists().trim()],
+      this.validationResult,
+      asyncMiddleware(this.changeSubscriptionPlan.bind(this))
+    );
+    router.get('/', asyncMiddleware(this.getSubscriptions.bind(this)));
+
+    return router;
+  }
+
+  /**
+   * Retrieve all subscriptions of the authenticated user's tenant.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async getSubscriptions(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+
+    try {
+      const subscriptions = await this.subscriptionService.getSubscriptions(
+        tenantId
+      );
+      return res.status(200).send({ subscriptions });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the LemonSqueezy checkout url.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async getCheckoutUrl(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { variantId } = this.matchedBodyData(req);
+    const { user } = req;
+
+    try {
+      const checkout = await this.lemonSqueezyService.getCheckout(
+        variantId,
+        user
+      );
+      return res.status(200).send(checkout);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Cancels the subscription of the current organization.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  private async cancelSubscription(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+
+    try {
+      await this.subscriptionApp.cancelSubscription(tenantId);
+
+      return res.status(200).send({
+        status: 200,
+        message: 'The organization subscription has been canceled.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Resumes the subscription of the current organization.
+   * @param {Request} req 
+   * @param {Response} res 
+   * @param {NextFunction} next 
+   * @returns {Promise<Response | null>}
+   */
+  private async resumeSubscription(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+
+    try {
+      await this.subscriptionApp.resumeSubscription(tenantId);
+
+      return res.status(200).send({
+        status: 200,
+        message: 'The organization subscription has been resumed.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Changes the main subscription plan of the current organization.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response | null>}
+   */
+  public async changeSubscriptionPlan(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const body = this.matchedBodyData(req);
+
+    try {
+      await this.subscriptionApp.changeSubscriptionPlan(
+        tenantId,
+        body.variantId
+      );
+      return res.status(200).send({
+        message: 'The subscription plan has been changed.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+}