Merge pull request #641 from bigcapitalhq/fix-getting-sheet-columns

fix: Getting the sheet columns in import sheet

.all-contributorsrc

@@ -105,6 +105,60 @@
       "contributions": [
         "bug"
       ]
+    },
+    {
+      "login": "benpsnyder",
+      "name": "Ben Snyder",
+      "avatar_url": "https://avatars.githubusercontent.com/u/707567?v=4",
+      "profile": "https://snyder.tech",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "cloudsbird",
+      "name": "Vederis Leunardus",
+      "avatar_url": "https://avatars.githubusercontent.com/u/13505006?v=4",
+      "profile": "http://vederis.id",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "ccantrell72",
+      "name": "Chris Cantrell",
+      "avatar_url": "https://avatars.githubusercontent.com/u/104120598?v=4",
+      "profile": "http://www.pivoten.com",
+      "contributions": [
+        "bug"
+      ]
+    },
+    {
+      "login": "oleynikd",
+      "name": "Denis",
+      "avatar_url": "https://avatars.githubusercontent.com/u/3976868?v=4",
+      "profile": "https://github.com/oleynikd",
+      "contributions": [
+        "bug"
+      ]
+    },
+    {
+      "login": "mittalsam98",
+      "name": "Sachin Mittal",
+      "avatar_url": "https://avatars.githubusercontent.com/u/42431274?v=4",
+      "profile": "https://myself.vercel.app/",
+      "contributions": [
+        "bug"
+      ]
+    },
+    {
+      "login": "Champetaman",
+      "name": "Camilo Oviedo",
+      "avatar_url": "https://avatars.githubusercontent.com/u/64604272?v=4",
+      "profile": "https://www.camilooviedo.com/",
+      "contributions": [
+        "code"
+      ]
     }
   ],
   "contributorsPerLine": 7,

.env.example

@@ -48,6 +48,9 @@ SIGNUP_DISABLED=false
 SIGNUP_ALLOWED_DOMAINS=
 SIGNUP_ALLOWED_EMAILS=
 
+# Sign-up Email Confirmation
+SIGNUP_EMAIL_CONFIRMATION=false
+
 # API rate limit (points,duration,block duration).
 API_RATE_LIMIT=120,60,600
 
@@ -72,26 +75,17 @@ PLAID_ENV=sandbox
 # Your Plaid keys, which can be found in the Plaid Dashboard.
 # https://dashboard.plaid.com/account/keys
 PLAID_CLIENT_ID=
-PLAID_SECRET_DEVELOPMENT=
-PLAID_SECRET_SANDBOX=
-
+PLAID_SECRET=
 PLAID_LINK_WEBHOOK=
 
-# (Optional) Redirect URI settings section
-# Only required for OAuth redirect URI testing (not common on desktop):
-# Sandbox Mode:
-# Set the PLAID_SANDBOX_REDIRECT_URI below to 'http://localhost:3001/oauth-link'.
-# The OAuth redirect flow requires an endpoint on the developer's website
-# that the bank website should redirect to. You will also need to configure
-# this redirect URI for your client ID through the Plaid developer dashboard
-# at https://dashboard.plaid.com/team/api.
-# Development mode:
-# When running in development mode, you must use an https:// url.
-# You will need to configure this https:// redirect URI in the Plaid developer dashboard.
-# Instructions to create a self-signed certificate for localhost can be found at
-# https://github.com/plaid/pattern/blob/master/README.md#testing-oauth.
-# If your system is not set up to run localhost with https://, you will be unable to test
-# the OAuth in development and should leave the PLAID_DEVELOPMENT_REDIRECT_URI blank.
+# https://docs.lemonsqueezy.com/guides/developer-guide/getting-started#create-an-api-key
+LEMONSQUEEZY_API_KEY=
+LEMONSQUEEZY_STORE_ID=
+LEMONSQUEEZY_WEBHOOK_SECRET=
 
-PLAID_SANDBOX_REDIRECT_URI=
-PLAID_DEVELOPMENT_REDIRECT_URI=
+# S3 documents and attachments 
+S3_REGION=US
+S3_ACCESS_KEY_ID=
+S3_SECRET_ACCESS_KEY=
+S3_ENDPOINT=
+S3_BUCKET=

.github/workflows/build-deploy-container.yml

@@ -6,43 +6,66 @@ on:
   workflow_dispatch:
 
 env:
-  REGISTRY: ghcr.io
-  WEBAPP_IMAGE_NAME: bigcapital/bigcapital-webapp
-  SERVER_IMAGE_NAME: bigcapital/bigcapital-server
+  WEBAPP_IMAGE_NAME: bigcapitalhq/webapp
+  SERVER_IMAGE_NAME: bigcapitalhq/server
 
 jobs:
   build-publish-webapp:
+    strategy:
+      fail-fast: false
     name: Build and deploy webapp container
     runs-on: ubuntu-latest
     environment: production
     steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
       # Login to Container registry.
       - name: Log in to the Container registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
-            registry: ${{ env.REGISTRY }}
-            username: ${{ github.actor }}
-            password: ${{ secrets.GH_TOKEN }}
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
         with:
-            images: ${{ env.REGISTRY }}/${{ env.WEBAPP_IMAGE_NAME }}
+            images: ${{ env.WEBAPP_IMAGE_NAME }}
 
       # Builds and push the Docker image.
       - name: Build and push Docker image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
+        id: build
         with:
-            context: .
-            file: ./packages/webapp/Dockerfile
-            push: true
-            tags: ghcr.io/bigcapitalhq/webapp:latest
-            labels: ${{ steps.meta.outputs.labels }}
+          context: ./
+          file: ./packages/webapp/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: bigcapitalhq/webapp:latest, bigcapitalhq/webapp:${{github.ref_name}}
 
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-webapp
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
       # Send notification to Slack channel.
       - name: Slack Notification built and published webapp container successfully.
         uses: rtCamp/action-slack-notify@v2
@@ -53,29 +76,52 @@ jobs:
     name: Build and deploy server container
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
       # Login to Container registry.
       - name: Log in to the Container registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GH_TOKEN }}
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
 
       # Builds and push the Docker image.
       - name: Build and push Docker image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
+        id: build
         with:
           context: ./
           file: ./packages/server/Dockerfile
+          platforms: linux/amd64,linux/arm64
           push: true
-          tags: ghcr.io/bigcapitalhq/server:latest
+          tags: bigcapitalhq/server:latest, bigcapitalhq/server:${{github.ref_name}}
           labels: ${{ steps.meta.outputs.labels }}
 
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+  
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-server
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
       # Send notification to Slack channel.
       - name: Slack Notification built and published server container successfully.
         uses: rtCamp/action-slack-notify@v2
         env:
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

.github/workflows/build-deploy-develop-container.yaml

@@ -0,0 +1,127 @@
+# This workflow will build a docker container, publish it to Github Registry.
+name: Build and Deploy Develop Docker Container
+on:
+  push:
+    branches:
+      - develop
+
+env:
+  WEBAPP_IMAGE_NAME: bigcapitalhq/webapp
+  SERVER_IMAGE_NAME: bigcapitalhq/server
+
+jobs:
+  build-publish-webapp:
+    strategy:
+      fail-fast: false
+    name: Build and deploy webapp container
+    runs-on: ubuntu-latest
+    environment: production
+    steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Login to Container registry.
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.WEBAPP_IMAGE_NAME }}
+
+      # Builds and push the Docker image.
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        id: build
+        with:
+          context: ./
+          file: ./packages/webapp/Dockerfile
+          platforms: linux/amd64
+          push: true
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: bigcapitalhq/webapp:develop
+
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-webapp
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
+      # Send notification to Slack channel.
+      - name: Slack Notification built and published webapp container successfully.
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+
+  build-publish-server:
+    name: Build and deploy server container
+    runs-on: ubuntu-latest
+    steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Login to Container registry.
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      # Builds and push the Docker image.
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        id: build
+        with:
+          context: ./
+          file: ./packages/server/Dockerfile
+          platforms: linux/amd64
+          push: true
+          tags: bigcapitalhq/server:develop
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-server
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+      # Send notification to Slack channel.
+      - name: Slack Notification built and published server container successfully.
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

.github/workflows/e2e.yml

@@ -8,14 +8,14 @@ on:
       - '**.ts'
       - '**.tsx'
       - '**/tsconfig.json'
-      - 'yarn.lock'
+      - 'pnpm-lock.yaml'
       - '.github/workflows/e2e.yml'
   pull_request:
     paths:
       - '**.ts'
       - '**.tsx'
       - '**/tsconfig.json'
-      - 'yarn.lock'
+      - 'pnpm-lock.yaml'
       - '.github/workflows/e2e.yml'
 
 defaults:

.husky/commit-msg

@@ -1,4 +1,4 @@
 #!/usr/bin/env sh
 . "$(dirname -- "$0")/_/husky.sh"
 
-yarn commitlint --edit 
+pnpx commitlint --edit 

CHANGELOG.md

@@ -2,6 +2,148 @@
 
 All notable changes to Bigcapital server-side will be in this file.
 
+## [0.19.4] - 18-08-2024
+
+* fix: Allow multi-lines to statements transactions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/594
+* feat: Add amount comparators to amount bank rule field by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/595
+* fix: Transaction type and description do not show in general ledger. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/596
+* fix: Refresh accounts and account transactions. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/597
+* fix: Typo payments made by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/598
+* fix: Typo categories list by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/600
+* fix: Autofill the quick created customer/vendor by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/601
+* fix: Remove views tabs from receipts list by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/602
+* fix: Typo payment receive messages by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/599
+* fix: Enhance Dropzone visual of  accept and reject modes by @Champetaman in https://github.com/bigcapitalhq/bigcapital/pull/603
+* fix:  Matching bank transactions should create associate payment transactions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/606
+* fix: Change Dropzone title and subtitle by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/607
+* fix: Inconsistance page size of paginated data tables by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/604
+* fix: Database connection lost error by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/611
+* fix: Language typos by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/613
+* Fix: Correctly display Date, Published At, and Created At in ExpenseDrawerHeader by @Champetaman in https://github.com/bigcapitalhq/bigcapital/pull/612
+* fix: Delete bank account with uncategorized transactions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/614
+* feat: activate/inactivate account from drawer details by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/615
+
+## [v0.18.0] - 10-08-2024
+
+* feat: Bank rules for automated categorization by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/511
+* feat: Categorize & match bank transaction by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/511
+* feat: Reconcile match transactions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/522
+* fix: Issues in matching transactions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/523
+* fix: Cashflow transactions types by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/524
+
+## [v0.17.5] - 17-06-2024
+
+* fix: Balance sheet and P/L nested accounts by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/501
+* fix: add space between buttons on floating actions bar by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/508
+* feat: Migrating to Envoy proxy instead of Nginx by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/509
+* fix: Disable email confirmation does not work with invited users by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/497
+* feat: Setting up the date format in the whole system dates by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/506
+
+## [0.17.0] - 04-06-2024
+
+### New
+
+* feat: Upload and attach documents by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/461
+* feat: Export resource tables to pdf by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/460
+* feat: Build and deploy develop Docker container by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/476
+* feat: Internal docker virtual network by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/478
+
+### Fixes
+
+* fix: Skip send confirmation email if disabled by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/459
+* fix: Lemon Squeezy redirect to base url by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/479
+* fix: Organize Plaid env variables for development and sandbox envs by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/480
+* fix: Plaid syncs deposit imports as withdrawals by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/481
+* fix: Validate the s3 configures exist by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/482
+* fix: Run migrations only for initialized tenants by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/484
+
+## [0.16.16] - 
+
+* feat: handle http exceptions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/456
+* feat: add the missing Newrelic env vars to docker-compose.prod file by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/457
+* fix: add the signup email confirmation env var by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/458
+
+## [0.16.14] - 
+
+* fix: Typo in setup wizard by @ccantrell72 in https://github.com/bigcapitalhq/bigcapital/pull/440
+* fix: Showing the real mail address on email confirmation view by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/445
+* fix: Auto-increment setting parsing by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/453
+
+## [0.16.12] - 
+
+* feat: Create a manifest list for `webapp` Docker image and push it to DockerHub. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/436
+* feat: Combine arm64 and amd64 in one Github action runner by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/437
+
+## [0.16.11] - 06-05-2024
+
+### improvements
+
+* feat: Export resource data to csv, xlsx by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/430
+* feat: User email verification after signing-up. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/426
+
+### Fixes
+* feat(repo): upgrade to latest lerna v8 and pnpm v9 by @benpsnyder in https://github.com/bigcapitalhq/bigcapital/pull/414
+* feat: Update Docker Build-Push Action and Add ARM64 Support by @cloudsbird in https://github.com/bigcapitalhq/bigcapital/pull/412
+* feat: Pushing docker containers by version tag by @cloudsbird in https://github.com/bigcapitalhq/bigcapital/pull/421
+
+## [0.16.10]
+
+* fix: Running migration Docker container on Windows by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/432
+
+## [0.16.9]
+
+* feat: New Relic for tracking by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/429
+
+## [0.16.8]
+
+* feat: Ability to enable/disable the bank connect feature by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/423
+
+## [0.16.6]
+
+* hotfix: fix the subscription plan when subscribe on cloud by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/422
+
+## [0.16.5]
+
+IMPORTANT: If you upgraded to the v0.16 recently you should upgrade to v0.16.4 as soon as possible, because there're some breaking changes affected the sign-in and some users reported couldn't sign-in.
+
+* feat: Seed free subscription to tenants that have no subscription. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/410
+
+## [0.16.3]
+
+* feat: Integrate Lemon Squeezy payment by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/402
+* feat: optimize the onboarding subscription experience. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/404
+* feat: subscription page content by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/405
+* feat: auto subscribe to free plan once signup on community version. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/406
+* chore: add default value to env variable by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/407
+* fix: absolute storage imports path. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/408
+
+## [0.16.0]
+
+* feat: add convert to invoice button on estimate drawer toolbar by @ANasouf in https://github.com/bigcapitalhq/bigcapital/pull/361
+* feat(webapp): add mark as delivered to action bar of invoice details … by @ANasouf in https://github.com/bigcapitalhq/bigcapital/pull/360
+* feat(webapp): Dialog to choose the bank service provider by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/378
+* feat: Categorize the bank synced transactions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/377
+* feat: uncategorize the cashflow transaction by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/381
+* Import resources from csv/xlsx by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/382
+* feat(webapp): import resource UI by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/386
+* fix: import resources improvements by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/388
+* feat: add sample sheet to accounts and bank transactions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/389
+* fix: show the unique row value in the import preview by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/392
+* feat: advanced parser for numeric and boolean import values by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/394
+* feat: validate the given imported sheet whether is empty by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/395
+* feat: linking relation with id in importing by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/393
+* feat: Aggregate rows import by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/396
+* feat: clean up the imported temp files by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/400
+* feat: add hints to import fields by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/401
+
+## [0.15.0]
+
+* feat: Printing financial reports by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/363
+* feat: Convert invoice status after sending mail notification by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/332
+* feat: Bigcapital <> Plaid Integration by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/346
+* fix: Broken transactions by vendor report by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/369
+* fix: Optimize the print style some financial reports by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/370
+
 ## [0.14.0] - 30-01-2024
 
 * feat: purchases by items exporting by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/327

README.md

@@ -1,6 +1,6 @@
 <p align="center">
   <p align="center">
-    <a href="https://bigcapital.ly" target="_blank">
+    <a href="https://bigcapital.app" target="_blank">
       <img src="https://raw.githubusercontent.com/abouolia/blog/main/public/bigcapital.svg" alt="Bigcapital" width="280" height="75">
     </a>
   </p>
@@ -25,6 +25,10 @@
       <img src="https://img.shields.io/twitter/follow/bigcapitalhq?style=social" alt="twitter" />
     </a>
   </p>
+
+  <p align="center">
+    <a href="https://my.bigcapital.app">Bigcapital Cloud</a>
+  </p>
 </p>
 
 # What's Bigcapital?
@@ -47,7 +51,7 @@ Bigcapital is available open-source under AGPL license. You can host it on your
 
 ### Docker
 
-To get started with self-hosted with Docker and Docker Compose, take a look at the [Docker guide](https://docs.bigcapital.ly/deployment/docker).
+To get started with self-hosted with Docker and Docker Compose, take a look at the [Docker guide](https://docs.bigcapital.app/deployment/docker).
 
 ## Development
 
@@ -70,7 +74,7 @@ You can integrate Bigcapital API with your system to organize your transactions
 
 # Resources
 
-- [Documentation](https://docs.bigcapital.ly/) - Learn how to use.
+- [Documentation](https://docs.bigcapital.app/) - Learn how to use.
 - [Contribution](https://github.com/bigcapitalhq/bigcapital/blob/develop/CONTRIBUTING.md) - Welcome to any contributions.
 - [Discord](https://discord.com/invite/c8nPBJafeb) - Ask for help.
 - [Bug Tracker](https://github.com/bigcapitalhq/bigcapital/issues) - Notify us new bugs.
@@ -118,6 +122,14 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/ANasouf"><img src="https://avatars.githubusercontent.com/u/19536487?v=4?s=100" width="100px;" alt="ANasouf"/><br /><sub><b>ANasouf</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/commits?author=ANasouf" title="Code">💻</a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://ragnarlaud.dev"><img src="https://avatars.githubusercontent.com/u/3042904?v=4?s=100" width="100px;" alt="Ragnar Laud"/><br /><sub><b>Ragnar Laud</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/issues?q=author%3Axprnio" title="Bug reports">🐛</a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/asenawritescode"><img src="https://avatars.githubusercontent.com/u/67445192?v=4?s=100" width="100px;" alt="Asena"/><br /><sub><b>Asena</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/issues?q=author%3Aasenawritescode" title="Bug reports">🐛</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://snyder.tech"><img src="https://avatars.githubusercontent.com/u/707567?v=4?s=100" width="100px;" alt="Ben Snyder"/><br /><sub><b>Ben Snyder</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/commits?author=benpsnyder" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="http://vederis.id"><img src="https://avatars.githubusercontent.com/u/13505006?v=4?s=100" width="100px;" alt="Vederis Leunardus"/><br /><sub><b>Vederis Leunardus</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/commits?author=cloudsbird" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="http://www.pivoten.com"><img src="https://avatars.githubusercontent.com/u/104120598?v=4?s=100" width="100px;" alt="Chris Cantrell"/><br /><sub><b>Chris Cantrell</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/issues?q=author%3Accantrell72" title="Bug reports">🐛</a></td>
+    </tr>
+    <tr>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/oleynikd"><img src="https://avatars.githubusercontent.com/u/3976868?v=4?s=100" width="100px;" alt="Denis"/><br /><sub><b>Denis</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/issues?q=author%3Aoleynikd" title="Bug reports">🐛</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://myself.vercel.app/"><img src="https://avatars.githubusercontent.com/u/42431274?v=4?s=100" width="100px;" alt="Sachin Mittal"/><br /><sub><b>Sachin Mittal</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/issues?q=author%3Amittalsam98" title="Bug reports">🐛</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://www.camilooviedo.com/"><img src="https://avatars.githubusercontent.com/u/64604272?v=4?s=100" width="100px;" alt="Camilo Oviedo"/><br /><sub><b>Camilo Oviedo</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/commits?author=Champetaman" title="Code">💻</a></td>
     </tr>
   </tbody>
 </table>

docker-compose.prod.yml

@@ -3,38 +3,31 @@
 version: '3.3'
 
 services:
-  nginx:
-    container_name: bigcapital-nginx-gateway
-    build:
-      context: ./docker/nginx
-      args:
-        - SERVER_PROXY_PORT=3000
-        - WEB_SSL=false
-        - SELF_SIGNED=false
-    volumes:
-      - ./data/logs/nginx/:/var/log/nginx
-      - ./docker/certbot/certs/:/var/certs
+  proxy:
+    image: envoyproxy/envoy:v1.30-latest
+    depends_on:
+      - server
+      - webapp
     ports:
       - '${PUBLIC_PROXY_PORT:-80}:80'
       - '${PUBLIC_PROXY_SSL_PORT:-443}:443'
     tty: true
-    depends_on:
-      - server
-      - webapp
-    deploy:
-      restart_policy:
-        condition: unless-stopped
+    volumes:
+      - ./docker/envoy/envoy.yaml:/etc/envoy/envoy.yaml
+    restart: on-failure
+    networks:
+      - bigcapital_network
 
   webapp:
     container_name: bigcapital-webapp
-    image: ghcr.io/bigcapitalhq/webapp:latest
-    deploy:
-      restart_policy:
-        condition: unless-stopped
+    image: bigcapitalhq/webapp:latest
+    restart: on-failure
+    networks:
+      - bigcapital_network
 
   server:
     container_name: bigcapital-server
-    image: ghcr.io/bigcapitalhq/server:latest
+    image: bigcapitalhq/server:latest
     expose:
       - '3000'
     links:
@@ -45,9 +38,9 @@ services:
       - mysql
       - mongo
       - redis
-    deploy:
-      restart_policy:
-        condition: unless-stopped
+    restart: on-failure
+    networks:
+      - bigcapital_network
     environment:
       # Mail
       - MAIL_HOST=${MAIL_HOST}
@@ -88,10 +81,48 @@ services:
       - SIGNUP_ALLOWED_DOMAINS=${SIGNUP_ALLOWED_DOMAINS}
       - SIGNUP_ALLOWED_EMAILS=${SIGNUP_ALLOWED_EMAILS}
 
+      # Sign-up email confirmation
+      - SIGNUP_EMAIL_CONFIRMATION=${SIGNUP_EMAIL_CONFIRMATION}
+
       # Gotenberg (Pdf generator)
       - GOTENBERG_URL=${GOTENBERG_URL}
       - GOTENBERG_DOCS_URL=${GOTENBERG_DOCS_URL}
 
+      # Exchange Rate
+      - EXCHANGE_RATE_SERVICE=${EXCHANGE_RATE_SERVICE}
+      - OPEN_EXCHANGE_RATE_APP_ID-${OPEN_EXCHANGE_RATE_APP_ID}
+
+      # Bank Sync
+      - BANKING_CONNECT=${BANKING_CONNECT}
+
+      # Plaid
+      - PLAID_ENV=${PLAID_ENV}
+      - PLAID_CLIENT_ID=${PLAID_CLIENT_ID}
+      - PLAID_SECRET=${PLAID_SECRET}
+      - PLAID_LINK_WEBHOOK=${PLAID_LINK_WEBHOOK}
+
+      # Lemon Squeez
+      - LEMONSQUEEZY_API_KEY=${LEMONSQUEEZY_API_KEY}
+      - LEMONSQUEEZY_STORE_ID=${LEMONSQUEEZY_STORE_ID}
+      - LEMONSQUEEZY_WEBHOOK_SECRET=${LEMONSQUEEZY_WEBHOOK_SECRET}
+      - HOSTED_ON_BIGCAPITAL_CLOUD=${HOSTED_ON_BIGCAPITAL_CLOUD}
+
+      # New Relic matrics tracking.
+      - NEW_RELIC_DISTRIBUTED_TRACING_ENABLED=${NEW_RELIC_DISTRIBUTED_TRACING_ENABLED}
+      - NEW_RELIC_LOG=${NEW_RELIC_LOG}
+      - NEW_RELIC_AI_MONITORING_ENABLED=${NEW_RELIC_AI_MONITORING_ENABLED}
+      - NEW_RELIC_CUSTOM_INSIGHTS_EVENTS_MAX_SAMPLES_STORED=${NEW_RELIC_CUSTOM_INSIGHTS_EVENTS_MAX_SAMPLES_STORED}
+      - NEW_RELIC_SPAN_EVENTS_MAX_SAMPLES_STORED=${NEW_RELIC_SPAN_EVENTS_MAX_SAMPLES_STORED}
+      - NEW_RELIC_LICENSE_KEY=${NEW_RELIC_LICENSE_KEY}
+      - NEW_RELIC_APP_NAME=${NEW_RELIC_APP_NAME}
+
+      # S3
+      - S3_REGION=${S3_REGION}
+      - S3_ACCESS_KEY_ID=${S3_ACCESS_KEY_ID}
+      - S3_SECRET_ACCESS_KEY=${S3_SECRET_ACCESS_KEY}
+      - S3_ENDPOINT=${S3_ENDPOINT}
+      - S3_BUCKET=${S3_BUCKET}
+
   database_migration:
     container_name: bigcapital-database-migration
     build:
@@ -108,12 +139,12 @@ services:
       - TENANT_DB_NAME_PERFIX=${TENANT_DB_NAME_PERFIX}
     depends_on:
       - mysql
+    networks:
+      - bigcapital_network
 
   mysql:
     container_name: bigcapital-mysql
-    deploy:
-      restart_policy:
-        condition: unless-stopped
+    restart: on-failure
     build:
       context: ./docker/mariadb
     environment:
@@ -125,34 +156,38 @@ services:
       - mysql:/var/lib/mysql
     expose:
       - '3306'
+    networks:
+      - bigcapital_network
 
   mongo:
     container_name: bigcapital-mongo
-    deploy:
-      restart_policy:
-        condition: unless-stopped
+    restart: on-failure
     build: ./docker/mongo
     expose:
       - '27017'
     volumes:
       - mongo:/var/lib/mongodb
+    networks:
+      - bigcapital_network
 
   redis:
     container_name: bigcapital-redis
-    deploy:
-      restart_policy:
-        condition: unless-stopped
+    restart: on-failure
     build:
       context: ./docker/redis
     expose:
       - '6379'
     volumes:
       - redis:/data
+    networks:
+      - bigcapital_network
 
   gotenberg:
     image: gotenberg/gotenberg:7
     expose:
       - '9000'
+    networks:
+      - bigcapital_network
 
 # Volumes
 volumes:
@@ -167,3 +202,8 @@ volumes:
   redis:
     name: bigcapital_prod_redis
     driver: local
+
+# Networks
+networks:
+  bigcapital_network:
+    driver: bridge

docker/envoy/envoy.yaml

@@ -0,0 +1,62 @@
+static_resources:
+  listeners:
+    - name: listener_0
+      address:
+        socket_address:
+          address: 0.0.0.0
+          port_value: 80
+      filter_chains:
+        - filters:
+            - name: envoy.filters.network.http_connection_manager
+              typed_config:
+                '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                stat_prefix: ingress_http
+                route_config:
+                  name: local_route
+                  virtual_hosts:
+                    - name: backend
+                      domains: ['*']
+                      routes:
+                        - match:
+                            prefix: '/api'
+                          route:
+                            cluster: dynamic_server
+                        - match:
+                            prefix: '/'
+                          route:
+                            cluster: webapp
+                http_filters:
+                  - name: envoy.filters.http.router
+                    typed_config:
+                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+
+  clusters:
+    - name: dynamic_server
+      connect_timeout: 0.25s
+      type: STRICT_DNS
+      dns_lookup_family: V4_ONLY
+      lb_policy: ROUND_ROBIN
+      load_assignment:
+        cluster_name: dynamic_server
+        endpoints:
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: server
+                      port_value: 3000
+
+    - name: webapp
+      connect_timeout: 0.25s
+      type: STRICT_DNS
+      dns_lookup_family: V4_ONLY
+      lb_policy: ROUND_ROBIN
+      load_assignment:
+        cluster_name: webapp
+        endpoints:
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: webapp
+                      port_value: 80

docker/migration/Dockerfile

@@ -1,4 +1,4 @@
-FROM ghcr.io/bigcapitalhq/server:latest as build
+FROM bigcapitalhq/server:latest as build
 
 ARG DB_HOST= \
   DB_USER= \
@@ -34,7 +34,5 @@ WORKDIR /app/packages/server
 
 RUN git clone https://github.com/vishnubob/wait-for-it.git
 
-ADD docker/migration/start.sh /
-RUN chmod +x /start.sh
-
-CMD ["/start.sh"]
+# Once we listen the mysql port run the migration task.
+CMD ./wait-for-it/wait-for-it.sh mysql:3306 -- sh -c "node ./build/commands.js system:migrate:latest && node ./build/commands.js tenants:migrate:latest"

docker/migration/start.sh

@@ -1,5 +0,0 @@
-# Migrate the master system database.
-./wait-for-it/wait-for-it.sh mysql:3306 -- node ./build/commands.js system:migrate:latest
-
-# Migrate all tenants.
-./wait-for-it/wait-for-it.sh mysql:3306 -- node ./build/commands.js tenants:migrate:latest

docker/nginx/Dockerfile

@@ -1,21 +0,0 @@
-FROM nginx:1.11
-
-RUN mkdir /etc/nginx/sites-available && rm /etc/nginx/conf.d/default.conf
-ADD nginx.conf /etc/nginx/
-
-COPY scripts /root/scripts/
-COPY certs /etc/ssl/
-
-COPY sites /etc/nginx/templates
-
-ARG SERVER_PROXY_PORT=3000
-ARG WEB_SSL=false
-ARG SELF_SIGNED=false
-
-ENV SERVER_PROXY_PORT=$SERVER_PROXY_PORT
-ENV WEB_SSL=$WEB_SSL
-ENV SELF_SIGNED=$SELF_SIGNED
-
-RUN /bin/bash /root/scripts/build-nginx.sh
-
-CMD nginx

docker/nginx/nginx.conf

@@ -1,33 +0,0 @@
-user www-data;
-worker_processes auto;
-pid /run/nginx.pid;
-daemon off;
-
-events {
-  worker_connections  2048;
-  use epoll;
-}
-
-http {
-  server_tokens off;
-  sendfile on;
-  tcp_nopush on;
-  tcp_nodelay on;
-  keepalive_timeout 15;
-  types_hash_max_size 2048;
-  client_max_body_size 20M;
-  open_file_cache max=100;
-  gzip on;
-  gzip_disable "msie6";
-
-  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-  ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
-
-  include /etc/nginx/mime.types;
-  default_type application/octet-stream;
-
-  include /etc/nginx/conf.d/*.conf;
-  include /etc/nginx/sites-available/*;
-  access_log /var/log/nginx/access.log;
-  error_log /var/log/nginx/error.log;
-}

docker/nginx/scripts/build-nginx.sh

@@ -1,9 +0,0 @@
-#!/bin/bash
-
-for conf in /etc/nginx/templates/*.conf; do
-  mv $conf "/etc/nginx/sites-available/"$(basename $conf) > /dev/null
-done
-
-for template in /etc/nginx/templates/*.template; do
-  envsubst < $template > "/etc/nginx/sites-available/"$(basename $template)".conf"
-done

docker/nginx/sites/server.template

@@ -1,16 +0,0 @@
-server {
-  listen 80 default_server;
-
-  location /api {
-    proxy_pass http://server:${SERVER_PROXY_PORT};
-  }
-
-  location / {
-    proxy_pass http://webapp;
-  }
-
-  location /.well-known/acme-challenge/ {
-    root /var/www/letsencrypt/;
-    log_not_found off;
-  }
-}

lerna.json

@@ -2,6 +2,7 @@
   "$schema": "node_modules/lerna/schemas/lerna-schema.json",
   "version": "independent",
   "npmClient": "pnpm",
-  "useWorkspaces": true,
-  "packages": ["packages/*"]
-}
+  "packages": [
+    "packages/*"
+  ]
+}

package.json

@@ -19,7 +19,8 @@
     "@faker-js/faker": "^8.0.2",
     "@playwright/test": "^1.32.3",
     "husky": "^8.0.3",
-    "lerna": "^6.4.1"
+    "lerna": "^8.1.2",
+    "pnpm": "^9.0.5"
   },
   "engines": {
     "node": "16.x || 17.x || 18.x"

packages/server/.gitignore

@@ -3,3 +3,6 @@
 stdout.log
 /dist
 /build
+/public/imports
+
+dist

packages/server/Dockerfile

@@ -78,6 +78,9 @@ ENV MAIL_HOST=$MAIL_HOST \
   SIGNUP_ALLOWED_DOMAINS=$SIGNUP_ALLOWED_DOMAINS \
   SIGNUP_ALLOWED_EMAILS=$SIGNUP_ALLOWED_EMAILS
 
+# New Relic config file.
+ENV NEW_RELIC_NO_CONFIG_FILE=true
+
 # Create app directory.
 WORKDIR /app
 
@@ -89,8 +92,8 @@ RUN npm install -g pnpm
 # Copy application dependency manifests to the container image.
 COPY ./package*.json ./
 COPY ./pnpm-lock.yaml ./pnpm-lock.yaml
-COPY ./pnpm-workspace.yaml ./pnpm-workspace.yaml
 COPY ./lerna.json ./lerna.json
+COPY ./pnpm-workspace.yaml ./pnpm-workspace.yaml
 COPY ./packages/server/package*.json ./packages/server/
 
 # Install application dependencies

packages/server/package.json

@@ -20,17 +20,24 @@
     "bigcapital": "./bin/bigcapital.js"
   },
   "dependencies": {
+    "@aws-sdk/client-s3": "^3.576.0",
+    "@aws-sdk/s3-request-presigner": "^3.583.0",
     "@casl/ability": "^5.4.3",
     "@hapi/boom": "^7.4.3",
+    "@lemonsqueezy/lemonsqueezy.js": "^2.2.0",
+    "@supercharge/promise-pool": "^3.2.0",
+    "@types/express": "^4.17.21",
     "@types/i18n": "^0.8.7",
     "@types/knex": "^0.16.1",
     "@types/mathjs": "^6.0.12",
+    "@types/yup": "^0.29.13",
     "accepts": "^1.3.7",
     "accounting": "^0.4.1",
     "agenda": "^4.2.1",
     "agendash": "^3.1.0",
     "app-root-path": "^3.0.0",
     "async": "^3.2.0",
+    "async-mutex": "^0.5.0",
     "axios": "^1.6.0",
     "babel-loader": "^9.1.2",
     "bcryptjs": "^2.4.3",
@@ -53,7 +60,6 @@
     "express": "^4.17.1",
     "express-basic-auth": "^1.2.0",
     "express-boom": "^3.0.0",
-    "express-fileupload": "^1.1.7-alpha.3",
     "express-oauth-server": "^2.0.0",
     "express-validator": "^6.12.2",
     "form-data": "^4.0.0",
@@ -64,22 +70,25 @@
     "is-my-json-valid": "^2.20.5",
     "js-money": "^0.6.3",
     "jsonwebtoken": "^8.5.1",
-    "knex": "^0.95.15",
+    "knex": "^3.1.0",
     "knex-cleaner": "^1.3.0",
-    "knex-db-manager": "^0.6.1",
     "libphonenumber-js": "^1.9.6",
     "lodash": "^4.17.15",
     "lru-cache": "^6.0.0",
     "mathjs": "^9.4.0",
     "memory-cache": "^0.2.0",
+    "mime-types": "^2.1.35",
     "moment": "^2.24.0",
     "moment-range": "^4.0.2",
     "moment-timezone": "^0.5.43",
     "mongodb": "^6.1.0",
     "mongoose": "^5.10.0",
+    "multer": "1.4.5-lts.1",
+    "multer-s3": "^3.0.1",
     "mustache": "^3.0.3",
     "mysql": "^2.17.1",
     "mysql2": "^1.6.5",
+    "newrelic": "^11.15.0",
     "node-cache": "^4.2.1",
     "nodemailer": "^6.3.0",
     "nodemon": "^1.19.1",
@@ -88,27 +97,29 @@
     "objection-filter": "^4.0.1",
     "objection-soft-delete": "^1.0.7",
     "objection-unique": "^1.2.2",
+    "plaid": "^10.3.0",
     "pluralize": "^8.0.0",
     "pug": "^3.0.2",
     "puppeteer": "^10.2.0",
-    "plaid": "^10.3.0",
     "qim": "0.0.52",
     "ramda": "^0.27.1",
     "rate-limiter-flexible": "^2.1.14",
     "reflect-metadata": "^0.1.13",
     "rtl-detect": "^1.0.4",
-    "source-map-loader": "^4.0.1",
     "socket.io": "^4.7.4",
+    "source-map-loader": "^4.0.1",
     "tmp-promise": "^3.0.3",
     "ts-transformer-keys": "^0.4.2",
     "tsyringe": "^4.3.0",
     "typedi": "^0.8.0",
     "uniqid": "^5.2.0",
     "winston": "^3.2.1",
-    "xlsx": "^0.18.5"
+    "xlsx": "^0.18.5",
+    "yup": "^0.28.1"
   },
   "devDependencies": {
     "@types/lodash": "^4.14.158",
+    "@types/multer": "^1.4.11",
     "@types/ramda": "^0.27.64",
     "@typescript-eslint/eslint-plugin": "^5.50.0",
     "@typescript-eslint/parser": "^5.50.0",

packages/server/resources/locales/ar.json

@@ -242,7 +242,7 @@
   "account.field.normal.credit": "دائن",
   "account.field.normal.debit": "مدين",
   "account.field.type": "نوع الحساب",
-  "account.field.active": "Activity",
+  "account.field.active": "Active",
   "account.field.balance": "الرصيد",
   "account.field.created_at": "أنشئت في",
   "item.field.type": "نوع الصنف",

packages/server/resources/locales/en.json

@@ -241,28 +241,32 @@
   "account.field.normal.credit": "Credit",
   "account.field.normal.debit": "Debit",
   "account.field.type": "Type",
-  "account.field.active": "Activity",
+  "account.field.active": "Active",
+  "account.field.currency": "Currency",
   "account.field.balance": "Balance",
+  "account.field.bank_balance": "Bank Balance",
+  "account.field.parent_account": "Parent Account",
   "account.field.created_at": "Created at",
-  "item.field.type": "Item type",
+  "item.field.type": "Item Type",
   "item.field.type.inventory": "Inventory",
   "item.field.type.service": "Service",
-  "item.field.type.non-inventory": "Non inventory",
-  "item.field.name": "Name",
-  "item.field.code": "Code",
+  "item.field.type.non-inventory": "Non Inventory",
+  "item.field.name": "Item Name",
+  "item.field.code": "Item Code",
   "item.field.sellable": "Sellable",
   "item.field.purchasable": "Purchasable",
-  "item.field.cost_price": "Cost price",
-  "item.field.cost_account": "Cost account",
-  "item.field.sell_account": "Sell account",
-  "item.field.sell_description": "Sell description",
-  "item.field.inventory_account": "Inventory account",
-  "item.field.purchase_description": "Purchase description",
-  "item.field.quantity_on_hand": "Quantity on hand",
+  "item.field.cost_price": "Cost Price",
+  "item.field.sell_price": "Sell Price",
+  "item.field.cost_account": "Cost Account",
+  "item.field.sell_account": "Sell Account",
+  "item.field.sell_description": "Sell Description",
+  "item.field.inventory_account": "Inventory Account",
+  "item.field.purchase_description": "Purchase Description",
+  "item.field.quantity_on_hand": "Quantity on Hand",
   "item.field.note": "Note",
   "item.field.category": "Category",
   "item.field.active": "Active",
-  "item.field.created_at": "Created at",
+  "item.field.created_at": "Created At",
   "item_category.field.name": "Name",
   "item_category.field.description": "Description",
   "item_category.field.count": "Count",
@@ -275,8 +279,14 @@
   "invoice.field.invoice_message": "Invoice message",
   "invoice.field.terms_conditions": "Terms & conditions",
   "invoice.field.amount": "Amount",
+  "invoice.field.exchange_rate": "Exchange Rate",
   "invoice.field.payment_amount": "Payment amount",
   "invoice.field.due_amount": "Due amount",
+  "invoice.field.delivered": "Delivered",
+  "invoice.field.item_name": "Item Name",
+  "invoice.field.rate": "Rate",
+  "invoice.field.quantity": "Quantity",
+  "invoice.field.description": "Description",
   "invoice.field.status": "Status",
   "invoice.field.status.paid": "Paid",
   "invoice.field.status.partially-paid": "Partially paid",
@@ -285,6 +295,8 @@
   "invoice.field.status.delivered": "Delivered",
   "invoice.field.status.draft": "Draft",
   "invoice.field.created_at": "Created at",
+  "invoice.field.currency": "Currency",
+  "invoice.field.entries": "Entries",
   "estimate.field.amount": "Amount",
   "estimate.field.estimate_number": "Estimate number",
   "estimate.field.customer": "Customer",
@@ -299,22 +311,31 @@
   "estimate.field.status.approved": "Approved",
   "estimate.field.status.draft": "Draft",
   "estimate.field.created_at": "Created at",
-  "payment_receive.field.customer": "Customer",
-  "payment_receive.field.payment_date": "Payment date",
   "payment_receive.field.amount": "Amount",
-  "payment_receive.field.reference_no": "Reference No.",
-  "payment_receive.field.deposit_account": "Deposit account",
   "payment_receive.field.payment_receive_no": "Payment receive No.",
   "payment_receive.field.statement": "Statement",
   "payment_receive.field.created_at": "Created at",
+  "payment_receive.field.customer": "Customer",
+  "payment_receive.field.exchange_rate": "Exchange Rate",
+  "payment_receive.field.payment_date": "Payment Date",
+  "payment_receive.field.reference_no": "Reference No.",
+  "payment_receive.field.deposit_account": "Deposit Account",
+  "payment_receive.field.entries": "Entries",
+  "payment_receive.field.invoice": "Invoice",
+  "payment_receive.field.entries.payment_amount": "Payment Amount",
   "bill_payment.field.vendor": "Vendor",
   "bill_payment.field.amount": "Amount",
-  "bill_payment.field.due_amount": "Due amount",
-  "bill_payment.field.payment_account": "Payment account",
-  "bill_payment.field.payment_number": "Payment number",
-  "bill_payment.field.payment_date": "Payment date",
+  "bill_payment.field.due_amount": "Due Amount",
+  "bill_payment.field.payment_account": "Payment Account",
+  "bill_payment.field.payment_number": "Payment No.",
+  "bill_payment.field.payment_date": "Payment Date",
   "bill_payment.field.reference_no": "Reference No.",
   "bill_payment.field.description": "Description",
+  "bill_payment.field.exchange_rate": "Exchange Rate",
+  "bill_payment.field.note": "Note",
+  "bill_payment.field.entries.bill": "Bill No.",
+  "bill_payment.field.entries.payment_amount": "Payment Amount",
+  "bill_payment.field.reference": "Reference No.",
   "bill_payment.field.created_at": "Created at",
   "bill.field.vendor": "Vendor",
   "bill.field.bill_number": "Bill number",
@@ -342,22 +363,30 @@
   "inventory_adjustment.field.description": "Description",
   "inventory_adjustment.field.published_at": "Published at",
   "inventory_adjustment.field.created_at": "Created at",
-  "expense.field.payment_date": "Payment date",
-  "expense.field.payment_account": "Payment account",
+  "expense.field.payment_date": "Payment Date",
+  "expense.field.payment_account": "Payment Account",
   "expense.field.amount": "Amount",
+  "expense.field.currency_code": "Currency",
+  "expense.field.exchange_rate": "Exchange Rate", 
   "expense.field.reference_no": "Reference No.",
   "expense.field.description": "Description",
+  "expense.field.line_description": "Line Description",
   "expense.field.published": "Published",
+  "expense.field.categories": "Categories",
+  "expense.field.expense_account": "Expense Account",
+  "expense.field.publish": "Publish",
   "expense.field.status": "Status",
   "expense.field.status.draft": "Draft",
   "expense.field.status.published": "Published",
   "expense.field.created_at": "Created at",
   "manual_journal.field.date": "Date",
-  "manual_journal.field.journal_number": "Journal number",
+  "manual_journal.field.journal_number": "Journal No.",
   "manual_journal.field.reference": "Reference No.",
-  "manual_journal.field.journal_type": "Journal type",
+  "manual_journal.field.journal_type": "Journal Type",
   "manual_journal.field.amount": "Amount",
   "manual_journal.field.description": "Description",
+  "manual_journal.field.currency": "Currency",
+  "manual_journal.field.exchange_rate": "Exchange Rate",
   "manual_journal.field.status": "Status",
   "manual_journal.field.created_at": "Created at",
   "receipt.field.amount": "Amount",
@@ -376,8 +405,8 @@
   "customer.field.last_name": "Last name",
   "customer.field.display_name": "Display name",
   "customer.field.email": "Email",
-  "customer.field.work_phone": "Work phone",
-  "customer.field.personal_phone": "Personal phone",
+  "customer.field.work_phone": "Work Phone Number",
+  "customer.field.personal_phone": "Personal Phone Number",
   "customer.field.company_name": "Company name",
   "customer.field.website": "Website",
   "customer.field.opening_balance_at": "Opening balance at",
@@ -385,7 +414,7 @@
   "customer.field.created_at": "Created at",
   "customer.field.balance": "Balance",
   "customer.field.status": "Status",
-  "customer.field.currency": "Curreny",
+  "customer.field.currency": "Currency",
   "customer.field.status.active": "Active",
   "customer.field.status.inactive": "Inactive",
   "customer.field.status.overdue": "Overdue",
@@ -394,8 +423,8 @@
   "vendor.field.last_name": "Last name",
   "vendor.field.display_name": "Display name",
   "vendor.field.email": "Email",
-  "vendor.field.work_phone": "Work phone",
-  "vendor.field.personal_phone": "Personal phone",
+  "vendor.field.work_phone": "Work Phone Number",
+  "vendor.field.personal_phone": "Personal Phone Number",
   "vendor.field.company_name": "Company name",
   "vendor.field.website": "Website",
   "vendor.field.opening_balance_at": "Opening balance at",
@@ -403,13 +432,16 @@
   "vendor.field.created_at": "Created at",
   "vendor.field.balance": "Balance",
   "vendor.field.status": "Status",
-  "vendor.field.currency": "Curreny",
+  "vendor.field.note": "Note",
+  "vendor.field.currency": "Currency",
   "vendor.field.status.active": "Active",
   "vendor.field.status.inactive": "Inactive",
   "vendor.field.status.overdue": "Overdue",
   "vendor.field.status.unpaid": "Unpaid",
   "Invoice write-off": "Invoice write-off",
 
+  
+
   "transaction_type.credit_note": "Credit note",
   "transaction_type.refund_credit_note": "Refund credit note",
   "transaction_type.vendor_credit": "Vendor credit",

packages/server/resources/scss/modules/export-resource-table.scss

@@ -0,0 +1,38 @@
+@import "../base.scss";
+
+body {
+  font-family: system-ui,-apple-system,"Segoe UI",Roboto,"Helvetica Neue","Noto Sans","Liberation Sans",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";
+  font-size: 12px;
+  line-height: 1.4;
+  margin: 0;
+}
+.sheet__title{
+  margin-bottom: 18px;
+}
+.sheet__title h2{
+  line-height: 1;
+  margin-top: 0;
+  margin-bottom: 10px;
+  font-size: 16px;
+}
+.sheet__table {
+  font-size: inherit;
+  line-height: inherit;
+  width: 100%;
+}
+.sheet__table {
+  table-layout: auto;
+  border-collapse: collapse;  
+  width: 100%;
+}
+.sheet__table thead tr th {
+  border-top: 1px solid #000;
+  border-bottom: 1px solid #000;
+  background: #fff;
+  padding: 8px;
+  line-height: 1.2;
+}
+.sheet__table tbody tr td {
+  padding: 4px 8px;
+  border-bottom: 1px solid #CCC;    
+}

packages/server/resources/views/modules/export-resource-table.pug

@@ -0,0 +1,24 @@
+block head
+  style 
+    include ../../css/modules/export-resource-table.css
+
+style.
+  !{customCSS}
+
+block content 
+  .sheet
+    .sheet__title 
+      h2.sheetTitle= sheetTitle
+      p.sheetDesc= sheetDescription
+
+    table.sheet__table
+      thead
+        tr
+          each column in table.columns
+            th(style=column.style class='column--' + column.key)= column.name
+      tbody
+        each row in table.rows
+          tr(class=row.classNames)
+            each cell in row.cells 
+              td(class='cell--' + cell.key)
+                span!= cell.value

packages/server/scripts/gulpConfig.js

@@ -70,6 +70,10 @@ module.exports = {
         src: `${RESOURCES_PATH}/scss/modules/financial-sheet.scss`,
         dest: `${RESOURCES_PATH}/css/modules`,
       },
+      {
+        src: `${RESOURCES_PATH}/scss/modules/export-resource-table.scss`,
+        dest: `${RESOURCES_PATH}/css/modules`,
+      },
     ],
     // RTL builds.
     rtl: [

packages/server/src/api/controllers/Accounts.ts

@@ -27,7 +27,7 @@ export default class AccountsController extends BaseController {
   /**
    * Router constructor method.
    */
-  router() {
+  public router() {
     const router = Router();
 
     router.get(
@@ -98,29 +98,25 @@ export default class AccountsController extends BaseController {
   /**
    * Create account DTO Schema validation.
    */
-  get createAccountDTOSchema() {
+  private get createAccountDTOSchema() {
     return [
       check('name')
         .exists()
         .isLength({ min: 3, max: DATATYPES_LENGTH.STRING })
-        .trim()
-        .escape(),
+        .trim(),
       check('code')
         .optional({ nullable: true })
         .isLength({ min: 3, max: 6 })
-        .trim()
-        .escape(),
+        .trim(),
       check('currency_code').optional(),
       check('account_type')
         .exists()
         .isLength({ min: 3, max: DATATYPES_LENGTH.STRING })
-        .trim()
-        .escape(),
+        .trim(),
       check('description')
         .optional({ nullable: true })
         .isLength({ max: DATATYPES_LENGTH.TEXT })
-        .trim()
-        .escape(),
+        .trim(),
       check('parent_account_id')
         .optional({ nullable: true })
         .isInt({ min: 0, max: DATATYPES_LENGTH.INT_10 })
@@ -131,28 +127,24 @@ export default class AccountsController extends BaseController {
   /**
    * Account DTO Schema validation.
    */
-  get editAccountDTOSchema() {
+  private get editAccountDTOSchema() {
     return [
       check('name')
         .exists()
         .isLength({ min: 3, max: DATATYPES_LENGTH.STRING })
-        .trim()
-        .escape(),
+        .trim(),
       check('code')
         .optional({ nullable: true })
         .isLength({ min: 3, max: 6 })
-        .trim()
-        .escape(),
+        .trim(),
       check('account_type')
         .exists()
         .isLength({ min: 3, max: DATATYPES_LENGTH.STRING })
-        .trim()
-        .escape(),
+        .trim(),
       check('description')
         .optional({ nullable: true })
         .isLength({ max: DATATYPES_LENGTH.TEXT })
-        .trim()
-        .escape(),
+        .trim(),
       check('parent_account_id')
         .optional({ nullable: true })
         .isInt({ min: 0, max: DATATYPES_LENGTH.INT_10 })
@@ -160,14 +152,14 @@ export default class AccountsController extends BaseController {
     ];
   }
 
-  get accountParamSchema() {
+  private get accountParamSchema() {
     return [param('id').exists().isNumeric().toInt()];
   }
 
   /**
    * Accounts list validation schema.
    */
-  get accountsListSchema() {
+  private get accountsListSchema() {
     return [
       query('view_slug').optional({ nullable: true }).isString().trim(),
       query('stringified_filter_roles').optional().isJSON(),
@@ -207,7 +199,6 @@ export default class AccountsController extends BaseController {
         tenantId,
         accountDTO
       );
-
       return res.status(200).send({
         id: account.id,
         message: 'The account has been created successfully.',

packages/server/src/api/controllers/Attachments/AttachmentsController.ts

@@ -0,0 +1,266 @@
+import mime from 'mime-types';
+import { Service, Inject } from 'typedi';
+import { Router, Response, NextFunction, Request } from 'express';
+import { body, param } from 'express-validator';
+import BaseController from '@/api/controllers/BaseController';
+import { AttachmentsApplication } from '@/services/Attachments/AttachmentsApplication';
+import { AttachmentUploadPipeline } from '@/services/Attachments/S3UploadPipeline';
+
+@Service()
+export class AttachmentsController extends BaseController {
+  @Inject()
+  private attachmentsApplication: AttachmentsApplication;
+
+  @Inject()
+  private uploadPipelineService: AttachmentUploadPipeline;
+
+  /**
+   * Router constructor.
+   */
+  public router() {
+    const router = Router();
+
+    router.post(
+      '/',
+      this.uploadPipelineService.validateS3Configured,
+      this.uploadPipelineService.uploadPipeline().single('file'),
+      this.validateUploadedFileExistance,
+      this.uploadAttachment.bind(this)
+    );
+    router.delete(
+      '/:id',
+      [param('id').exists()],
+      this.validationResult,
+      this.deleteAttachment.bind(this)
+    );
+    router.get(
+      '/:id',
+      [param('id').exists()],
+      this.validationResult,
+      this.getAttachment.bind(this)
+    );
+    router.post(
+      '/:id/link',
+      [body('modelRef').exists(), body('modelId').exists()],
+      this.validationResult
+    );
+    router.post(
+      '/:id/link',
+      [body('modelRef').exists(), body('modelId').exists()],
+      this.validationResult,
+      this.linkDocument.bind(this)
+    );
+    router.post(
+      '/:id/unlink',
+      [body('modelRef').exists(), body('modelId').exists()],
+      this.validationResult,
+      this.unlinkDocument.bind(this)
+    );
+    router.get(
+      '/:id/presigned-url',
+      [param('id').exists()],
+      this.validationResult,
+      this.getAttachmentPresignedUrl.bind(this)
+    );
+    return router;
+  }
+
+  /**
+   * Validates the upload file existance.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Response|void}
+   */
+  private validateUploadedFileExistance(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    if (!req.file) {
+      return res.boom.badRequest(null, {
+        errorType: 'FILE_UPLOAD_FAILED',
+        message: 'Now file uploaded.',
+      });
+    }
+    next();
+  }
+
+  /**
+   * Uploads the attachments to S3 and store the file metadata to DB.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Response|void}
+   */
+  private async uploadAttachment(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const file = req.file;
+
+    try {
+      const data = await this.attachmentsApplication.upload(tenantId, file);
+
+      return res.status(200).send({
+        status: 200,
+        message: 'The document has uploaded successfully.',
+        data,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the given attachment key.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|void>}
+   */
+  private async getAttachment(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { id } = req.params;
+
+    try {
+      const data = await this.attachmentsApplication.get(tenantId, id);
+
+      const byte = await data.Body.transformToByteArray();
+      const extension = mime.extension(data.ContentType);
+      const buffer = Buffer.from(byte);
+
+      res.set(
+        'Content-Disposition',
+        `filename="${req.params.id}.${extension}"`
+      );
+      res.set('Content-Type', data.ContentType);
+      res.send(buffer);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Deletes the given document key.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|void>}
+   */
+  private async deleteAttachment(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { id: documentId } = req.params;
+
+    try {
+      await this.attachmentsApplication.delete(tenantId, documentId);
+
+      return res.status(200).send({
+        status: 200,
+        message: 'The document has been delete successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Links the given document key.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|void>}
+   */
+  private async linkDocument(
+    req: Request,
+    res: Response,
+    next: Function
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { id: documentId } = req.params;
+    const { modelRef, modelId } = this.matchedBodyData(req);
+
+    try {
+      await this.attachmentsApplication.link(
+        tenantId,
+        documentId,
+        modelRef,
+        modelId
+      );
+      return res.status(200).send({
+        status: 200,
+        message: 'The document has been linked successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Links the given document key.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|void>}
+   */
+  private async unlinkDocument(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { id: documentId } = req.params;
+    const { modelRef, modelId } = this.matchedBodyData(req);
+
+    try {
+      await this.attachmentsApplication.link(
+        tenantId,
+        documentId,
+        modelRef,
+        modelId
+      );
+      return res.status(200).send({
+        status: 200,
+        message: 'The document has been linked successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retreives the presigned url of the given attachment key.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|void>}
+   */
+  private async getAttachmentPresignedUrl(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { id: documentKey } = req.params;
+
+    try {
+      const presignedUrl = await this.attachmentsApplication.getPresignedUrl(
+        tenantId,
+        documentKey
+      );
+      return res.status(200).send({ presignedUrl });
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Authentication.ts

@@ -9,6 +9,8 @@ import { DATATYPES_LENGTH } from '@/data/DataTypes';
 import LoginThrottlerMiddleware from '@/api/middleware/LoginThrottlerMiddleware';
 import AuthenticationApplication from '@/services/Authentication/AuthApplication';
 
+import JWTAuth from '@/api/middleware/jwtAuth';
+import AttachCurrentTenantUser from '@/api/middleware/AttachCurrentTenantUser';
 @Service()
 export default class AuthenticationController extends BaseController {
   @Inject()
@@ -28,6 +30,20 @@ export default class AuthenticationController extends BaseController {
       asyncMiddleware(this.login.bind(this)),
       this.handlerErrors
     );
+    router.use('/register/verify/resend', JWTAuth);
+    router.use('/register/verify/resend', AttachCurrentTenantUser);
+    router.post(
+      '/register/verify/resend',
+      asyncMiddleware(this.registerVerifyResendMail.bind(this)),
+      this.handlerErrors
+    );
+    router.post(
+      '/register/verify',
+      this.signupVerifySchema,
+      this.validationResult,
+      asyncMiddleware(this.registerVerify.bind(this)),
+      this.handlerErrors
+    );
     router.post(
       '/register',
       this.registerSchema,
@@ -74,31 +90,38 @@ export default class AuthenticationController extends BaseController {
         .exists()
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('last_name')
         .exists()
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('email')
         .exists()
         .isString()
         .isEmail()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('password')
         .exists()
         .isString()
         .isLength({ min: 6 })
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
     ];
   }
 
+  private get signupVerifySchema(): ValidationChain[] {
+    return [
+      check('email')
+        .exists()
+        .isString()
+        .isEmail()
+        .isLength({ max: DATATYPES_LENGTH.STRING }),
+      check('token').exists().isString(),
+    ];
+  }
+
   /**
    * Reset password schema.
    * @returns {ValidationChain[]}
@@ -123,7 +146,7 @@ export default class AuthenticationController extends BaseController {
    * @returns {ValidationChain[]}
    */
   private get sendResetPasswordSchema(): ValidationChain[] {
-    return [check('email').exists().isEmail().trim().escape()];
+    return [check('email').exists().isEmail().trim()];
   }
 
   /**
@@ -131,7 +154,11 @@ export default class AuthenticationController extends BaseController {
    * @param {Request} req
    * @param {Response} res
    */
-  private async login(req: Request, res: Response, next: Function): Response {
+  private async login(
+    req: Request,
+    res: Response,
+    next: Function
+  ): Promise<Response | null> {
     const userDTO: ILoginDTO = this.matchedBodyData(req);
 
     try {
@@ -166,6 +193,58 @@ export default class AuthenticationController extends BaseController {
     }
   }
 
+  /**
+   * Verifies the provider user's email after signin-up.
+   * @param {Request} req
+   * @param {Response}| res
+   * @param {Function} next
+   * @returns {Response|void}
+   */
+  private async registerVerify(req: Request, res: Response, next: Function) {
+    const signUpVerifyDTO: { email: string; token: string } =
+      this.matchedBodyData(req);
+
+    try {
+      const user = await this.authApplication.signUpConfirm(
+        signUpVerifyDTO.email,
+        signUpVerifyDTO.token
+      );
+      return res.status(200).send({
+        type: 'success',
+        message: 'The given user has verified successfully',
+        user,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Resends the confirmation email to the user.
+   * @param {Request} req
+   * @param {Response}| res
+   * @param {Function} next
+   */
+  private async registerVerifyResendMail(
+    req: Request,
+    res: Response,
+    next: Function
+  ) {
+    const { user } = req;
+
+    try {
+      const data = await this.authApplication.signUpConfirmResend(user.id);
+
+      return res.status(200).send({
+        type: 'success',
+        message: 'The given user has verified successfully',
+        data,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
   /**
    * Send reset password handler
    * @param {Request} req

packages/server/src/api/controllers/Banking/BankAccountsController.ts

@@ -0,0 +1,218 @@
+import { Inject, Service } from 'typedi';
+import { NextFunction, Request, Response, Router } from 'express';
+import { param, query } from 'express-validator';
+import BaseController from '@/api/controllers/BaseController';
+import { GetBankAccountSummary } from '@/services/Banking/BankAccounts/GetBankAccountSummary';
+import { BankAccountsApplication } from '@/services/Banking/BankAccounts/BankAccountsApplication';
+import { GetPendingBankAccountTransactions } from '@/services/Cashflow/GetPendingBankAccountTransaction';
+
+@Service()
+export class BankAccountsController extends BaseController {
+  @Inject()
+  private getBankAccountSummaryService: GetBankAccountSummary;
+
+  @Inject()
+  private bankAccountsApp: BankAccountsApplication;
+
+  @Inject()
+  private getPendingTransactionsService: GetPendingBankAccountTransactions;
+
+  /**
+   * Router constructor.
+   */
+  router() {
+    const router = Router();
+
+    router.get('/:bankAccountId/meta', this.getBankAccountSummary.bind(this));
+    router.get(
+      '/pending_transactions',
+      [
+        query('account_id').optional().isNumeric().toInt(),
+        query('page').optional().isNumeric().toInt(),
+        query('page_size').optional().isNumeric().toInt(),
+      ],
+      this.validationResult,
+      this.getBankAccountsPendingTransactions.bind(this)
+    );
+    router.post(
+      '/:bankAccountId/disconnect',
+      this.disconnectBankAccount.bind(this)
+    );
+    router.post('/:bankAccountId/update', this.refreshBankAccount.bind(this));
+    router.post(
+      '/:bankAccountId/pause_feeds',
+      [param('bankAccountId').exists().isNumeric().toInt()],
+      this.validationResult,
+      this.pauseBankAccountFeeds.bind(this)
+    );
+    router.post(
+      '/:bankAccountId/resume_feeds',
+      [param('bankAccountId').exists().isNumeric().toInt()],
+      this.validationResult,
+      this.resumeBankAccountFeeds.bind(this)
+    );
+
+    return router;
+  }
+
+  /**
+   * Retrieves the bank account meta summary.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  async getBankAccountSummary(
+    req: Request<{ bankAccountId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { bankAccountId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      const data =
+        await this.getBankAccountSummaryService.getBankAccountSummary(
+          tenantId,
+          bankAccountId
+        );
+      return res.status(200).send({ data });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the bank account pending transactions.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  async getBankAccountsPendingTransactions(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const query = this.matchedQueryData(req);
+
+    try {
+      const data =
+        await this.getPendingTransactionsService.getPendingTransactions(
+          tenantId,
+          query
+        );
+      return res.status(200).send(data);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Disonnect the given bank account.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  async disconnectBankAccount(
+    req: Request<{ bankAccountId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { bankAccountId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      await this.bankAccountsApp.disconnectBankAccount(tenantId, bankAccountId);
+
+      return res.status(200).send({
+        id: bankAccountId,
+        message: 'The bank account has been disconnected.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Refresh the given bank account.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  async refreshBankAccount(
+    req: Request<{ bankAccountId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { bankAccountId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      await this.bankAccountsApp.refreshBankAccount(tenantId, bankAccountId);
+
+      return res.status(200).send({
+        id: bankAccountId,
+        message: 'The bank account has been disconnected.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Resumes the bank account feeds sync.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response | void>}
+   */
+  async resumeBankAccountFeeds(
+    req: Request<{ bankAccountId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { bankAccountId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      await this.bankAccountsApp.resumeBankAccount(tenantId, bankAccountId);
+
+      return res.status(200).send({
+        message: 'The bank account feeds syncing has been resumed.',
+        id: bankAccountId,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Pauses the bank account feeds sync.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response | void>}
+   */
+  async pauseBankAccountFeeds(
+    req: Request<{ bankAccountId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { bankAccountId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      await this.bankAccountsApp.pauseBankAccount(tenantId, bankAccountId);
+
+      return res.status(200).send({
+        message: 'The bank account feeds syncing has been paused.',
+        id: bankAccountId,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Banking/BankTransactionsMatchingController.ts

@@ -0,0 +1,101 @@
+import { Inject, Service } from 'typedi';
+import { body, param } from 'express-validator';
+import { NextFunction, Request, Response, Router } from 'express';
+import BaseController from '@/api/controllers/BaseController';
+import { MatchBankTransactionsApplication } from '@/services/Banking/Matching/MatchBankTransactionsApplication';
+
+@Service()
+export class BankTransactionsMatchingController extends BaseController {
+  @Inject()
+  private bankTransactionsMatchingApp: MatchBankTransactionsApplication;
+
+  /**
+   * Router constructor.
+   */
+  public router() {
+    const router = Router();
+
+    router.post(
+      '/unmatch/:transactionId',
+      [param('transactionId').exists()],
+      this.validationResult,
+      this.unmatchMatchedBankTransaction.bind(this)
+    );
+    router.post(
+      '/match',
+      [
+        body('uncategorizedTransactions').exists().isArray({ min: 1 }),
+        body('uncategorizedTransactions.*').isNumeric().toInt(),
+
+        body('matchedTransactions').isArray({ min: 1 }),
+        body('matchedTransactions.*.reference_type').exists(),
+        body('matchedTransactions.*.reference_id').isNumeric().toInt(),
+      ],
+      this.validationResult,
+      this.matchBankTransaction.bind(this)
+    );
+    return router;
+  }
+
+  /**
+   * Matches the given bank transaction.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  private async matchBankTransaction(
+    req: Request<{ transactionId: number }>,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | null> {
+    const { tenantId } = req;
+    const bodyData = this.matchedBodyData(req);
+
+    const uncategorizedTransactions = bodyData?.uncategorizedTransactions;
+    const matchedTransactions = bodyData?.matchedTransactions;
+
+    try {
+      await this.bankTransactionsMatchingApp.matchTransaction(
+        tenantId,
+        uncategorizedTransactions,
+        matchedTransactions
+      );
+      return res.status(200).send({
+        ids: uncategorizedTransactions,
+        message: 'The bank transaction has been matched.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Unmatches the matched bank transaction.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  private async unmatchMatchedBankTransaction(
+    req: Request<{ transactionId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const { transactionId } = req.params;
+
+    try {
+      await this.bankTransactionsMatchingApp.unmatchMatchedTransaction(
+        tenantId,
+        transactionId
+      );
+      return res.status(200).send({
+        id: transactionId,
+        message: 'The bank matched transaction has been unmatched.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Banking/BankingController.ts

@@ -2,17 +2,38 @@ import Container, { Inject, Service } from 'typedi';
 import { Router } from 'express';
 import BaseController from '@/api/controllers/BaseController';
 import { PlaidBankingController } from './PlaidBankingController';
+import { BankingRulesController } from './BankingRulesController';
+import { BankTransactionsMatchingController } from './BankTransactionsMatchingController';
+import { RecognizedTransactionsController } from './RecognizedTransactionsController';
+import { BankAccountsController } from './BankAccountsController';
+import { BankingUncategorizedController } from './BankingUncategorizedController';
 
 @Service()
 export class BankingController extends BaseController {
   /**
    * Router constructor.
    */
-  router() {
+  public router() {
     const router = Router();
 
     router.use('/plaid', Container.get(PlaidBankingController).router());
-
+    router.use('/rules', Container.get(BankingRulesController).router());
+    router.use(
+      '/matches',
+      Container.get(BankTransactionsMatchingController).router()
+    );
+    router.use(
+      '/recognized',
+      Container.get(RecognizedTransactionsController).router()
+    );
+    router.use(
+      '/bank_accounts',
+      Container.get(BankAccountsController).router()
+    );
+    router.use(
+      '/categorize',
+      Container.get(BankingUncategorizedController).router()
+    );
     return router;
   }
 }

packages/server/src/api/controllers/Banking/BankingRulesController.ts

@@ -0,0 +1,214 @@
+import { Inject, Service } from 'typedi';
+import { NextFunction, Request, Response, Router } from 'express';
+import BaseController from '@/api/controllers/BaseController';
+import { BankRulesApplication } from '@/services/Banking/Rules/BankRulesApplication';
+import { body, param } from 'express-validator';
+import {
+  ICreateBankRuleDTO,
+  IEditBankRuleDTO,
+} from '@/services/Banking/Rules/types';
+
+@Service()
+export class BankingRulesController extends BaseController {
+  @Inject()
+  private bankRulesApplication: BankRulesApplication;
+
+  /**
+   * Bank rule DTO validation schema.
+   */
+  private get bankRuleValidationSchema() {
+    return [
+      body('name').isString().exists(),
+      body('order').isInt({ min: 0 }),
+
+      // Apply to if transaction is.
+      body('apply_if_account_id')
+        .isInt({ min: 0 })
+        .optional({ nullable: true }),
+      body('apply_if_transaction_type').isIn(['deposit', 'withdrawal']),
+
+      // Conditions
+      body('conditions_type').isString().isIn(['and', 'or']).default('and'),
+      body('conditions').isArray({ min: 1 }),
+      body('conditions.*.field').exists().isIn(['description', 'amount']),
+      body('conditions.*.comparator')
+        .exists()
+        .isIn([
+          'equals',
+          'equal',
+          'contains',
+          'not_contain',
+          'bigger',
+          'bigger_or_equal',
+          'smaller',
+          'smaller_or_equal',
+        ])
+        .default('contain')
+        .trim(),
+      body('conditions.*.value').exists().trim(),
+
+      // Assign
+      body('assign_category').isString(),
+      body('assign_account_id').isInt({ min: 0 }),
+      body('assign_payee').isString().optional({ nullable: true }),
+      body('assign_memo').isString().optional({ nullable: true }),
+    ];
+  }
+
+  /**
+   * Router constructor.
+   */
+  public router() {
+    const router = Router();
+
+    router.post(
+      '/',
+      [...this.bankRuleValidationSchema],
+      this.validationResult,
+      this.createBankRule.bind(this)
+    );
+    router.post(
+      '/:id',
+      [param('id').toInt().exists(), ...this.bankRuleValidationSchema],
+      this.validationResult,
+      this.editBankRule.bind(this)
+    );
+    router.delete(
+      '/:id',
+      [param('id').toInt().exists()],
+      this.validationResult,
+      this.deleteBankRule.bind(this)
+    );
+    router.get(
+      '/:id',
+      [param('id').toInt().exists()],
+      this.validationResult,
+      this.getBankRule.bind(this)
+    );
+    router.get(
+      '/',
+      [param('id').toInt().exists()],
+      this.validationResult,
+      this.getBankRules.bind(this)
+    );
+    return router;
+  }
+
+  /**
+   * Creates a new bank rule.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async createBankRule(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const createBankRuleDTO = this.matchedBodyData(req) as ICreateBankRuleDTO;
+
+    try {
+      const bankRule = await this.bankRulesApplication.createBankRule(
+        tenantId,
+        createBankRuleDTO
+      );
+      return res.status(200).send({
+        id: bankRule.id,
+        message: 'The bank rule has been created successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Edits the given bank rule.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async editBankRule(req: Request, res: Response, next: NextFunction) {
+    const { tenantId } = req;
+    const { id: ruleId } = req.params;
+    const editBankRuleDTO = this.matchedBodyData(req) as IEditBankRuleDTO;
+
+    try {
+      await this.bankRulesApplication.editBankRule(
+        tenantId,
+        ruleId,
+        editBankRuleDTO
+      );
+      return res.status(200).send({
+        id: ruleId,
+        message: 'The bank rule has been updated successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Deletes the given bank rule.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async deleteBankRule(
+    req: Request<{ id: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { id: ruleId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      await this.bankRulesApplication.deleteBankRule(tenantId, ruleId);
+
+      return res
+        .status(200)
+        .send({ message: 'The bank rule has been deleted.', id: ruleId });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieve the given bank rule.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async getBankRule(req: Request, res: Response, next: NextFunction) {
+    const { id: ruleId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      const bankRule = await this.bankRulesApplication.getBankRule(
+        tenantId,
+        ruleId
+      );
+
+      return res.status(200).send({ bankRule });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the bank rules.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async getBankRules(req: Request, res: Response, next: NextFunction) {
+    const { tenantId } = req;
+
+    try {
+      const bankRules = await this.bankRulesApplication.getBankRules(tenantId);
+      return res.status(200).send({ bankRules });
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Banking/BankingUncategorizedController.ts

@@ -0,0 +1,57 @@
+import { Inject, Service } from 'typedi';
+import { NextFunction, Request, Response, Router } from 'express';
+import { query } from 'express-validator';
+import BaseController from '../BaseController';
+import { GetAutofillCategorizeTransaction } from '@/services/Banking/RegonizeTranasctions/GetAutofillCategorizeTransaction';
+
+@Service()
+export class BankingUncategorizedController extends BaseController {
+  @Inject()
+  private getAutofillCategorizeTransactionService: GetAutofillCategorizeTransaction;
+
+  /**
+   * Router constructor.
+   */
+  router() {
+    const router = Router();
+
+    router.get(
+      '/autofill',
+      [
+        query('uncategorizedTransactionIds').isArray({ min: 1 }),
+        query('uncategorizedTransactionIds.*').isNumeric().toInt(),
+      ],
+      this.validationResult,
+      this.getAutofillCategorizeTransaction.bind(this)
+    );
+    return router;
+  }
+
+  /**
+   * Retrieves the autofill values of the categorize form of the given
+   * uncategorized transactions.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response | null>}
+   */
+  public async getAutofillCategorizeTransaction(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const uncategorizedTransactionIds = req.query.uncategorizedTransactionIds;
+
+    try {
+      const data =
+        await this.getAutofillCategorizeTransactionService.getAutofillCategorizeTransaction(
+          tenantId,
+          uncategorizedTransactionIds
+        );
+      return res.status(200).send({ data });
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Banking/ExcludeBankTransactionsController.ts

@@ -0,0 +1,201 @@
+import { Inject, Service } from 'typedi';
+import { body, param, query } from 'express-validator';
+import { NextFunction, Request, Response, Router } from 'express';
+import BaseController from '../BaseController';
+import { ExcludeBankTransactionsApplication } from '@/services/Banking/Exclude/ExcludeBankTransactionsApplication';
+import { map, parseInt, trim } from 'lodash';
+
+@Service()
+export class ExcludeBankTransactionsController extends BaseController {
+  @Inject()
+  private excludeBankTransactionApp: ExcludeBankTransactionsApplication;
+
+  /**
+   * Router constructor.
+   */
+  public router() {
+    const router = Router();
+
+    router.put(
+      '/transactions/exclude',
+      [body('ids').exists()],
+      this.validationResult,
+      this.excludeBulkBankTransactions.bind(this)
+    );
+    router.put(
+      '/transactions/unexclude',
+      [body('ids').exists()],
+      this.validationResult,
+      this.unexcludeBulkBankTransactins.bind(this)
+    );
+    router.put(
+      '/transactions/:transactionId/exclude',
+      [param('transactionId').exists().toInt()],
+      this.validationResult,
+      this.excludeBankTransaction.bind(this)
+    );
+    router.put(
+      '/transactions/:transactionId/unexclude',
+      [param('transactionId').exists()],
+      this.validationResult,
+      this.unexcludeBankTransaction.bind(this)
+    );
+    router.get(
+      '/excluded',
+      [
+        query('account_id').optional().isNumeric().toInt(),
+        query('page').optional().isNumeric().toInt(),
+        query('page_size').optional().isNumeric().toInt(),
+        query('min_date').optional({ nullable: true }).isISO8601().toDate(),
+        query('max_date').optional({ nullable: true }).isISO8601().toDate(),
+        query('min_amount').optional({ nullable: true }).isFloat().toFloat(),
+        query('max_amount').optional({ nullable: true }).isFloat().toFloat(),
+      ],
+      this.validationResult,
+      this.getExcludedBankTransactions.bind(this)
+    );
+    return router;
+  }
+
+  /**
+   * Marks a bank transaction as excluded.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns
+   */
+  private async excludeBankTransaction(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { transactionId } = req.params;
+
+    try {
+      await this.excludeBankTransactionApp.excludeBankTransaction(
+        tenantId,
+        transactionId
+      );
+      return res.status(200).send({
+        message: 'The bank transaction has been excluded.',
+        id: transactionId,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Marks a bank transaction as not excluded.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|void>}
+   */
+  private async unexcludeBankTransaction(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { transactionId } = req.params;
+
+    try {
+      await this.excludeBankTransactionApp.unexcludeBankTransaction(
+        tenantId,
+        transactionId
+      );
+      return res.status(200).send({
+        message: 'The bank transaction has been unexcluded.',
+        id: transactionId,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Exclude bank transactions in bulk.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async excludeBulkBankTransactions(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const { ids } = this.matchedBodyData(req);
+
+    try {
+      await this.excludeBankTransactionApp.excludeBankTransactions(
+        tenantId,
+        ids
+      );
+      return res.status(200).send({
+        message: 'The given bank transactions have been excluded',
+        ids,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Unexclude the given bank transactions in bulk.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response | null>}
+   */
+  private async unexcludeBulkBankTransactins(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | null> {
+    const { tenantId } = req;
+    const { ids } = this.matchedBodyData(req);
+
+    try {
+      await this.excludeBankTransactionApp.unexcludeBankTransactions(
+        tenantId,
+        ids
+      );
+      return res.status(200).send({
+        message: 'The given bank transactions have been excluded',
+        ids,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the excluded uncategorized bank transactions.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  private async getExcludedBankTransactions(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const filter = this.matchedQueryData(req);
+
+    try {
+      const data =
+        await this.excludeBankTransactionApp.getExcludedBankTransactions(
+          tenantId,
+          filter
+        );
+      return res.status(200).send(data);
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Banking/RecognizedTransactionsController.ts

@@ -0,0 +1,91 @@
+import { Inject, Service } from 'typedi';
+import { NextFunction, Request, Response, Router } from 'express';
+import { query } from 'express-validator';
+import BaseController from '@/api/controllers/BaseController';
+import { CashflowApplication } from '@/services/Cashflow/CashflowApplication';
+
+@Service()
+export class RecognizedTransactionsController extends BaseController {
+  @Inject()
+  private cashflowApplication: CashflowApplication;
+
+  /**
+   * Router constructor.
+   */
+  router() {
+    const router = Router();
+
+    router.get(
+      '/',
+      [
+        query('page').optional().isNumeric().toInt(),
+        query('page_size').optional().isNumeric().toInt(),
+        query('account_id').optional().isNumeric().toInt(),
+        query('min_date').optional({ nullable: true }).isISO8601().toDate(),
+        query('max_date').optional({ nullable: true }).isISO8601().toDate(),
+        query('min_amount').optional({ nullable: true }).isFloat().toFloat(),
+        query('max_amount').optional({ nullable: true }).isFloat().isFloat(),
+      ],
+      this.validationResult,
+      this.getRecognizedTransactions.bind(this)
+    );
+    router.get(
+      '/transactions/:uncategorizedTransactionId',
+      this.getRecognizedTransaction.bind(this)
+    );
+
+    return router;
+  }
+
+  /**
+   * Retrieves the recognized bank transactions.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  async getRecognizedTransactions(
+    req: Request<{ accountId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const filter = this.matchedQueryData(req);
+    const { tenantId } = req;
+
+    try {
+      const data = await this.cashflowApplication.getRecognizedTransactions(
+        tenantId,
+        filter
+      );
+      return res.status(200).send(data);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the recognized transaction of the ginen uncategorized transaction.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  async getRecognizedTransaction(
+    req: Request<{ uncategorizedTransactionId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const { uncategorizedTransactionId } = req.params;
+
+    try {
+      const data = await this.cashflowApplication.getRecognizedTransaction(
+        tenantId,
+        uncategorizedTransactionId
+      );
+      return res.status(200).send({ data });
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Cashflow/CashflowController.ts

@@ -4,6 +4,7 @@ import CommandCashflowTransaction from './NewCashflowTransaction';
 import DeleteCashflowTransaction from './DeleteCashflowTransaction';
 import GetCashflowTransaction from './GetCashflowTransaction';
 import GetCashflowAccounts from './GetCashflowAccounts';
+import { ExcludeBankTransactionsController } from '../Banking/ExcludeBankTransactionsController';
 
 @Service()
 export default class CashflowController {
@@ -13,9 +14,10 @@ export default class CashflowController {
   router() {
     const router = Router();
 
+    router.use(Container.get(CommandCashflowTransaction).router());
+    router.use(Container.get(ExcludeBankTransactionsController).router());
     router.use(Container.get(GetCashflowTransaction).router());
     router.use(Container.get(GetCashflowAccounts).router());
-    router.use(Container.get(CommandCashflowTransaction).router());
     router.use(Container.get(DeleteCashflowTransaction).router());
 
     return router;

packages/server/src/api/controllers/Cashflow/DeleteCashflowTransaction.ts

@@ -3,14 +3,15 @@ import { Router, Request, Response, NextFunction } from 'express';
 import { param } from 'express-validator';
 import BaseController from '../BaseController';
 import { ServiceError } from '@/exceptions';
-import DeleteCashflowTransactionService from '../../../services/Cashflow/DeleteCashflowTransactionService';
 import CheckPolicies from '@/api/middleware/CheckPolicies';
+
 import { AbilitySubject, CashflowAction } from '@/interfaces';
+import { CashflowApplication } from '@/services/Cashflow/CashflowApplication';
 
 @Service()
-export default class DeleteCashflowTransaction extends BaseController {
+export default class DeleteCashflowTransactionController extends BaseController {
   @Inject()
-  deleteCashflowService: DeleteCashflowTransactionService;
+  private cashflowApplication: CashflowApplication;
 
   /**
    * Controller router.
@@ -44,7 +45,7 @@ export default class DeleteCashflowTransaction extends BaseController {
 
     try {
       const { oldCashflowTransaction } =
-        await this.deleteCashflowService.deleteCashflowTransaction(
+        await this.cashflowApplication.deleteTransaction(
           tenantId,
           transactionId
         );
@@ -92,6 +93,19 @@ export default class DeleteCashflowTransaction extends BaseController {
           ],
         });
       }
+      if (
+        error.errorType ===
+        'CANNOT_DELETE_TRANSACTION_CONVERTED_FROM_UNCATEGORIZED'
+      ) {
+        return res.boom.badRequest(null, {
+          errors: [
+            {
+              type: 'CANNOT_DELETE_TRANSACTION_CONVERTED_FROM_UNCATEGORIZED',
+              code: 4100,
+            },
+          ],
+        });
+      }
     }
     next(error);
   }

packages/server/src/api/controllers/Cashflow/GetCashflowAccounts.ts

@@ -1,20 +1,16 @@
 import { Service, Inject } from 'typedi';
 import { Router, Request, Response, NextFunction } from 'express';
-import { param, query } from 'express-validator';
-import GetCashflowAccountsService from '@/services/Cashflow/GetCashflowAccountsService';
+import { query } from 'express-validator';
 import BaseController from '../BaseController';
-import GetCashflowTransactionsService from '@/services/Cashflow/GetCashflowTransactionsService';
 import { ServiceError } from '@/exceptions';
 import CheckPolicies from '@/api/middleware/CheckPolicies';
 import { AbilitySubject, CashflowAction } from '@/interfaces';
+import { CashflowApplication } from '@/services/Cashflow/CashflowApplication';
 
 @Service()
 export default class GetCashflowAccounts extends BaseController {
   @Inject()
-  getCashflowAccountsService: GetCashflowAccountsService;
-
-  @Inject()
-  getCashflowTransactionsService: GetCashflowTransactionsService;
+  private cashflowApplication: CashflowApplication;
 
   /**
    * Controller router.
@@ -35,7 +31,6 @@ export default class GetCashflowAccounts extends BaseController {
         query('search_keyword').optional({ nullable: true }).isString().trim(),
       ],
       this.asyncMiddleware(this.getCashflowAccounts),
-      this.catchServiceErrors
     );
     return router;
   }
@@ -62,10 +57,7 @@ export default class GetCashflowAccounts extends BaseController {
 
     try {
       const cashflowAccounts =
-        await this.getCashflowAccountsService.getCashflowAccounts(
-          tenantId,
-          filter
-        );
+        await this.cashflowApplication.getCashflowAccounts(tenantId, filter);
 
       return res.status(200).send({
         cashflow_accounts: this.transfromToResponse(cashflowAccounts),
@@ -74,22 +66,4 @@ export default class GetCashflowAccounts extends BaseController {
       next(error);
     }
   };
-
-  /**
-   * Catches the service errors.
-   * @param {Error} error - Error.
-   * @param {Request} req - Request.
-   * @param {Response} res - Response.
-   * @param {NextFunction} next -
-   */
-  private catchServiceErrors(
-    error,
-    req: Request,
-    res: Response,
-    next: NextFunction
-  ) {
-    if (error instanceof ServiceError) {
-    }
-    next(error);
-  }
 }

packages/server/src/api/controllers/Cashflow/GetCashflowTransaction.ts

@@ -1,16 +1,21 @@
 import { Service, Inject } from 'typedi';
 import { Router, Request, Response, NextFunction } from 'express';
-import { param } from 'express-validator';
+import { param, query } from 'express-validator';
 import BaseController from '../BaseController';
-import GetCashflowTransactionsService from '@/services/Cashflow/GetCashflowTransactionsService';
 import { ServiceError } from '@/exceptions';
 import CheckPolicies from '@/api/middleware/CheckPolicies';
 import { AbilitySubject, CashflowAction } from '@/interfaces';
+import { CashflowApplication } from '@/services/Cashflow/CashflowApplication';
+import { GetMatchedTransactionsFilter } from '@/services/Banking/Matching/types';
+import { MatchBankTransactionsApplication } from '@/services/Banking/Matching/MatchBankTransactionsApplication';
 
 @Service()
 export default class GetCashflowAccounts extends BaseController {
   @Inject()
-  getCashflowTransactionsService: GetCashflowTransactionsService;
+  private cashflowApplication: CashflowApplication;
+
+  @Inject()
+  private bankTransactionsMatchingApp: MatchBankTransactionsApplication;
 
   /**
    * Controller router.
@@ -18,6 +23,15 @@ export default class GetCashflowAccounts extends BaseController {
   public router() {
     const router = Router();
 
+    router.get(
+      '/transactions/matches',
+      [
+        query('uncategorizeTransactionsIds').exists().isArray({ min: 1 }),
+        query('uncategorizeTransactionsIds.*').exists().isNumeric().toInt(),
+      ],
+      this.validationResult,
+      this.getMatchedTransactions.bind(this)
+    );
     router.get(
       '/transactions/:transactionId',
       CheckPolicies(CashflowAction.View, AbilitySubject.Cashflow),
@@ -35,7 +49,7 @@ export default class GetCashflowAccounts extends BaseController {
    * @param {NextFunction} next
    */
   private getCashflowTransaction = async (
-    req: Request,
+    req: Request<{ transactionId: number }>,
     res: Response,
     next: NextFunction
   ) => {
@@ -43,12 +57,10 @@ export default class GetCashflowAccounts extends BaseController {
     const { transactionId } = req.params;
 
     try {
-      const cashflowTransaction =
-        await this.getCashflowTransactionsService.getCashflowTransaction(
-          tenantId,
-          transactionId
-        );
-
+      const cashflowTransaction = await this.cashflowApplication.getTransaction(
+        tenantId,
+        transactionId
+      );
       return res.status(200).send({
         cashflow_transaction: this.transfromToResponse(cashflowTransaction),
       });
@@ -57,6 +69,39 @@ export default class GetCashflowAccounts extends BaseController {
     }
   };
 
+  /**
+   * Retrieves the matched transactions.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async getMatchedTransactions(
+    req: Request<
+      { transactionId: number },
+      null,
+      null,
+      { uncategorizeTransactionsIds: Array<number> }
+    >,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const uncategorizeTransactionsIds = req.query.uncategorizeTransactionsIds;
+    const filter = this.matchedQueryData(req) as GetMatchedTransactionsFilter;
+
+    try {
+      const data =
+        await this.bankTransactionsMatchingApp.getMatchedTransactions(
+          tenantId,
+          uncategorizeTransactionsIds,
+          filter
+        );
+      return res.status(200).send(data);
+    } catch (error) {
+      next(error);
+    }
+  }
+
   /**
    * Catches the service errors.
    * @param {Error} error - Error.

packages/server/src/api/controllers/Cashflow/NewCashflowTransaction.ts

@@ -1,16 +1,21 @@
 import { Service, Inject } from 'typedi';
-import { check } from 'express-validator';
+import { ValidationChain, body, check, param, query } from 'express-validator';
 import { Router, Request, Response, NextFunction } from 'express';
+import { omit } from 'lodash';
 import BaseController from '../BaseController';
 import { ServiceError } from '@/exceptions';
-import NewCashflowTransactionService from '@/services/Cashflow/NewCashflowTransactionService';
 import CheckPolicies from '@/api/middleware/CheckPolicies';
-import { AbilitySubject, CashflowAction } from '@/interfaces';
+import {
+  AbilitySubject,
+  CashflowAction,
+  ICategorizeCashflowTransactioDTO,
+} from '@/interfaces';
+import { CashflowApplication } from '@/services/Cashflow/CashflowApplication';
 
 @Service()
 export default class NewCashflowTransactionController extends BaseController {
   @Inject()
-  private newCashflowTranscationService: NewCashflowTransactionService;
+  private cashflowApplication: CashflowApplication;
 
   /**
    * Router constructor.
@@ -18,6 +23,18 @@ export default class NewCashflowTransactionController extends BaseController {
   public router() {
     const router = Router();
 
+    router.get(
+      '/transactions/uncategorized/:id',
+      this.asyncMiddleware(this.getUncategorizedCashflowTransaction),
+      this.catchServiceErrors
+    );
+    router.get(
+      '/transactions/:id/uncategorized',
+      this.getUncategorizedTransactionsValidationSchema,
+      this.validationResult,
+      this.asyncMiddleware(this.getUncategorizedCashflowTransactions),
+      this.catchServiceErrors
+    );
     router.post(
       '/transactions',
       CheckPolicies(CashflowAction.Create, AbilitySubject.Cashflow),
@@ -26,21 +43,94 @@ export default class NewCashflowTransactionController extends BaseController {
       this.asyncMiddleware(this.newCashflowTransaction),
       this.catchServiceErrors
     );
+    router.post(
+      '/transactions/uncategorize/bulk',
+      [
+        body('ids').isArray({ min: 1 }),
+        body('ids.*').exists().isNumeric().toInt(),
+      ],
+      this.validationResult,
+      this.uncategorizeBulkTransactions.bind(this),
+      this.catchServiceErrors
+    );
+    router.post(
+      '/transactions/:id/uncategorize',
+      this.revertCategorizedCashflowTransaction,
+      this.catchServiceErrors
+    );
+    router.post(
+      '/transactions/categorize',
+      this.categorizeCashflowTransactionValidationSchema,
+      this.validationResult,
+      this.categorizeCashflowTransaction,
+      this.catchServiceErrors
+    );
+    router.post(
+      '/transaction/:id/categorize/expense',
+      this.categorizeAsExpenseValidationSchema,
+      this.validationResult,
+      this.categorizesCashflowTransactionAsExpense,
+      this.catchServiceErrors
+    );
     return router;
   }
 
+  /**
+   * Getting uncategorized transactions validation schema.
+   * @returns {ValidationChain}
+   */
+  public get getUncategorizedTransactionsValidationSchema() {
+    return [
+      param('id').exists().isNumeric().toInt(),
+      query('page').optional().isNumeric().toInt(),
+      query('page_size').optional().isNumeric().toInt(),
+      query('min_date').optional({ nullable: true }).isISO8601().toDate(),
+      query('max_date').optional({ nullable: true }).isISO8601().toDate(),
+      query('min_amount').optional({ nullable: true }).isFloat().toFloat(),
+      query('max_amount').optional({ nullable: true }).isFloat().toFloat(),
+    ];
+  }
+
+  /**
+   * Categorize as expense validation schema.
+   */
+  public get categorizeAsExpenseValidationSchema() {
+    return [
+      check('expense_account_id').exists(),
+      check('date').isISO8601().exists(),
+      check('reference_no').optional(),
+      check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
+    ];
+  }
+
+  /**
+   * Categorize cashflow tranasction validation schema.
+   */
+  public get categorizeCashflowTransactionValidationSchema() {
+    return [
+      check('uncategorized_transaction_ids').exists().isArray({ min: 1 }),
+      check('date').exists().isISO8601().toDate(),
+      check('credit_account_id').exists().isInt().toInt(),
+      check('transaction_number').optional(),
+      check('transaction_type').exists(),
+      check('reference_no').optional(),
+      check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
+      check('description').optional(),
+      check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
+    ];
+  }
+
   /**
    * New cashflow transaction validation schema.
    */
-  get newTransactionValidationSchema() {
+  public get newTransactionValidationSchema() {
     return [
       check('date').exists().isISO8601().toDate(),
-      check('reference_no').optional({ nullable: true }).trim().escape(),
+      check('reference_no').optional({ nullable: true }).trim(),
       check('description')
         .optional({ nullable: true })
         .isLength({ min: 3 })
-        .trim()
-        .escape(),
+        .trim(),
       check('transaction_type').exists(),
 
       check('amount').exists().isFloat().toFloat(),
@@ -48,9 +138,7 @@ export default class NewCashflowTransactionController extends BaseController {
       check('credit_account_id').exists().isInt().toInt(),
 
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
-
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
-
       check('publish').default(false).isBoolean().toBoolean(),
     ];
   }
@@ -70,13 +158,12 @@ export default class NewCashflowTransactionController extends BaseController {
     const ownerContributionDTO = this.matchedBodyData(req);
 
     try {
-      const { cashflowTransaction } =
-        await this.newCashflowTranscationService.newCashflowTransaction(
+      const cashflowTransaction =
+        await this.cashflowApplication.createTransaction(
           tenantId,
           ownerContributionDTO,
           userId
         );
-
       return res.status(200).send({
         id: cashflowTransaction.id,
         message: 'New cashflow transaction has been created successfully.',
@@ -86,11 +173,180 @@ export default class NewCashflowTransactionController extends BaseController {
     }
   };
 
+  /**
+   * Revert the categorized cashflow transaction.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private revertCategorizedCashflowTransaction = async (
+    req: Request<{ id: number }>,
+    res: Response,
+    next: NextFunction
+  ) => {
+    const { tenantId } = req;
+    const { id: cashflowTransactionId } = req.params;
+
+    try {
+      const data = await this.cashflowApplication.uncategorizeTransaction(
+        tenantId,
+        cashflowTransactionId
+      );
+      return res.status(200).send({ data });
+    } catch (error) {
+      next(error);
+    }
+  };
+
+  /**
+   * Uncategorize the given transactions in bulk.
+   * @param {Request<{}>} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response | null>}
+   */
+  private uncategorizeBulkTransactions = async (
+    req: Request<{}>,
+    res: Response,
+    next: NextFunction
+  ) => {
+    const { tenantId } = req;
+    const { ids: uncategorizedTransactionIds } = this.matchedBodyData(req);
+
+    try {
+      await this.cashflowApplication.uncategorizeTransactions(
+        tenantId,
+        uncategorizedTransactionIds
+      );
+      return res.status(200).send({
+        message: 'The given transactions have been uncategorized successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  };
+
+  /**
+   * Categorize the cashflow transaction.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private categorizeCashflowTransaction = async (
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) => {
+    const { tenantId } = req;
+    const matchedObject = this.matchedBodyData(req);
+    const categorizeDTO = omit(matchedObject, [
+      'uncategorizedTransactionIds',
+    ]) as ICategorizeCashflowTransactioDTO;
+
+    const uncategorizedTransactionIds =
+      matchedObject.uncategorizedTransactionIds;
+
+    try {
+      await this.cashflowApplication.categorizeTransaction(
+        tenantId,
+        uncategorizedTransactionIds,
+        categorizeDTO
+      );
+      return res.status(200).send({
+        message: 'The cashflow transaction has been created successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  };
+
+  /**
+   * Categorize the transaction as expense transaction.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private categorizesCashflowTransactionAsExpense = async (
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) => {
+    const { tenantId } = req;
+    const { id: cashflowTransactionId } = req.params;
+    const cashflowTransaction = this.matchedBodyData(req);
+
+    try {
+      await this.cashflowApplication.categorizeAsExpense(
+        tenantId,
+        cashflowTransactionId,
+        cashflowTransaction
+      );
+      return res.status(200).send({
+        message: 'The cashflow transaction has been created successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  };
+
+  /**
+   * Retrieves the uncategorized cashflow transactions.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  public getUncategorizedCashflowTransaction = async (
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) => {
+    const { tenantId } = req;
+    const { id: transactionId } = req.params;
+
+    try {
+      const data = await this.cashflowApplication.getUncategorizedTransaction(
+        tenantId,
+        transactionId
+      );
+      return res.status(200).send({ data });
+    } catch (error) {
+      next(error);
+    }
+  };
+
+  /**
+   * Retrieves the uncategorized cashflow transactions.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  public getUncategorizedCashflowTransactions = async (
+    req: Request<{ id: number }>,
+    res: Response,
+    next: NextFunction
+  ) => {
+    const { tenantId } = req;
+    const { id: accountId } = req.params;
+    const query = this.matchedQueryData(req);
+
+    try {
+      const data = await this.cashflowApplication.getUncategorizedTransactions(
+        tenantId,
+        accountId,
+        query
+      );
+
+      return res.status(200).send(data);
+    } catch (error) {
+      next(error);
+    }
+  };
+
   /**
    * Handle the service errors.
    * @param error
-   * @param req
-   * @param res
+   * @param {Request} req
+   * @param {res
    * @param next
    * @returns
    */
@@ -140,6 +396,16 @@ export default class NewCashflowTransactionController extends BaseController {
           ],
         });
       }
+      if (error.errorType === 'UNCATEGORIZED_TRANSACTION_TYPE_INVALID') {
+        return res.boom.badRequest(null, {
+          errors: [
+            {
+              type: 'UNCATEGORIZED_TRANSACTION_TYPE_INVALID',
+              code: 4100,
+            },
+          ],
+        });
+      }
     }
     next(error);
   }

packages/server/src/api/controllers/Contacts/Contacts.ts

@@ -56,7 +56,7 @@ export default class ContactsController extends BaseController {
    */
   get autocompleteQuerySchema() {
     return [
-      query('column_sort_by').optional().trim().escape(),
+      query('column_sort_by').optional().trim(),
       query('sort_order').optional().isIn(['desc', 'asc']),
 
       query('stringified_filter_roles').optional().isJSON(),
@@ -122,32 +122,27 @@ export default class ContactsController extends BaseController {
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('first_name')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('last_name')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('company_name')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
 
       check('display_name')
         .exists()
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
 
       check('email')
@@ -165,120 +160,101 @@ export default class ContactsController extends BaseController {
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('personal_phone')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
 
       check('billing_address_1')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_2')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_city')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_country')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_email')
         .optional({ nullable: true })
         .isString()
         .isEmail()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_postcode')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_phone')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_state')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
 
       check('shipping_address_1')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_2')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_city')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_country')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_email')
         .optional({ nullable: true })
         .isString()
         .isEmail()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_postcode')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_phone')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_state')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
 
       check('note')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.TEXT }),
       check('active').optional().isBoolean().toBoolean(),
     ];

packages/server/src/api/controllers/Contacts/Customers.ts

@@ -106,11 +106,7 @@ export default class CustomersController extends ContactsController {
    */
   get customerDTOSchema() {
     return [
-      check('customer_type')
-        .exists()
-        .isIn(['business', 'individual'])
-        .trim()
-        .escape(),
+      check('customer_type').exists().isIn(['business', 'individual']).trim(),
     ];
   }
 
@@ -123,7 +119,6 @@ export default class CustomersController extends ContactsController {
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: 3 }),
     ];
   }
@@ -133,7 +128,7 @@ export default class CustomersController extends ContactsController {
    */
   get validateListQuerySchema() {
     return [
-      query('column_sort_by').optional().trim().escape(),
+      query('column_sort_by').optional().trim(),
       query('sort_order').optional().isIn(['desc', 'asc']),
 
       query('page').optional().isNumeric().toInt(),
@@ -160,10 +155,8 @@ export default class CustomersController extends ContactsController {
     try {
       const contact = await this.customersApplication.createCustomer(
         tenantId,
-        contactDTO,
-        user
+        contactDTO
       );
-
       return res.status(200).send({
         id: contact.id,
         message: 'The customer has been created successfully.',

packages/server/src/api/controllers/Contacts/Vendors.ts

@@ -106,7 +106,6 @@ export default class VendorsController extends ContactsController {
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ min: 3, max: 3 }),
     ];
   }
@@ -144,10 +143,8 @@ export default class VendorsController extends ContactsController {
     try {
       const vendor = await this.vendorsApplication.createVendor(
         tenantId,
-        contactDTO,
-        user
+        contactDTO
       );
-
       return res.status(200).send({
         id: vendor.id,
         message: 'The vendor has been created successfully.',

packages/server/src/api/controllers/Currencies.ts

@@ -67,7 +67,7 @@ export default class CurrenciesController extends BaseController {
   }
 
   get currencyParamSchema(): ValidationChain[] {
-    return [param('currency_code').exists().trim().escape()];
+    return [param('currency_code').exists().trim()];
   }
 
   get listSchema(): ValidationChain[] {
@@ -187,11 +187,13 @@ export default class CurrenciesController extends BaseController {
       }
       if (error.errorType === 'currency_code_exists') {
         return res.boom.badRequest(null, {
-          errors: [{
-            type: 'CURRENCY_CODE_EXISTS',
-            message: 'The given currency code is already exists.',
-            code: 200,
-           }],
+          errors: [
+            {
+              type: 'CURRENCY_CODE_EXISTS',
+              message: 'The given currency code is already exists.',
+              code: 200,
+            },
+          ],
         });
       }
       if (error.errorType === 'CANNOT_DELETE_BASE_CURRENCY') {

packages/server/src/api/controllers/Dashboard/index.ts

@@ -5,13 +5,13 @@ import DashboardService from '@/services/Dashboard/DashboardService';
 @Service()
 export default class DashboardMetaController {
   @Inject()
-  dashboardService: DashboardService;
+  private dashboardService: DashboardService;
 
   /**
-   *
+   * Constructor router.
    * @returns
    */
-  router() {
+  public router() {
     const router = Router();
 
     router.get('/boot', this.getDashboardBoot);
@@ -25,7 +25,7 @@ export default class DashboardMetaController {
    * @param {Response} res - 
    * @param {NextFunction} next -
    */
-  getDashboardBoot = async (
+  private getDashboardBoot = async (
     req: Request,
     res: Response,
     next: NextFunction

packages/server/src/api/controllers/Expenses/Expenses.ts

@@ -84,12 +84,11 @@ export class ExpensesController extends BaseController {
   /**
    * Expense DTO schema.
    */
-  get expenseDTOSchema() {
+  private get expenseDTOSchema() {
     return [
       check('reference_no')
         .optional({ nullable: true })
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('payment_date').exists().isISO8601().toDate(),
       check('payment_account_id')
@@ -123,13 +122,15 @@ export class ExpensesController extends BaseController {
       check('categories.*.description')
         .optional()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('categories.*.landed_cost').optional().isBoolean().toBoolean(),
       check('categories.*.project_id')
         .optional({ nullable: true })
         .isInt({ max: DATATYPES_LENGTH.INT_10 })
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -141,7 +142,6 @@ export class ExpensesController extends BaseController {
       check('reference_no')
         .optional({ nullable: true })
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('payment_date').exists().isISO8601().toDate(),
       check('payment_account_id')
@@ -176,13 +176,15 @@ export class ExpensesController extends BaseController {
       check('categories.*.description')
         .optional()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('categories.*.landed_cost').optional().isBoolean().toBoolean(),
       check('categories.*.project_id')
         .optional({ nullable: true })
         .isInt({ max: DATATYPES_LENGTH.INT_10 })
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -269,7 +271,7 @@ export class ExpensesController extends BaseController {
    * @param {Response} res
    * @param {NextFunction} next
    */
-  async deleteExpense(req: Request, res: Response, next: NextFunction) {
+  private async deleteExpense(req: Request, res: Response, next: NextFunction) {
     const { tenantId, user } = req;
     const { id: expenseId } = req.params;
 
@@ -291,7 +293,11 @@ export class ExpensesController extends BaseController {
    * @param {Response} res
    * @param {NextFunction} next
    */
-  async publishExpense(req: Request, res: Response, next: NextFunction) {
+  private async publishExpense(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
     const { tenantId, user } = req;
     const { id: expenseId } = req.params;
 
@@ -313,7 +319,11 @@ export class ExpensesController extends BaseController {
    * @param {Response} res
    * @param {NextFunction} next
    */
-  async getExpensesList(req: Request, res: Response, next: NextFunction) {
+  private async getExpensesList(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
     const { tenantId } = req;
     const filter = {
       sortOrder: 'desc',
@@ -343,7 +353,7 @@ export class ExpensesController extends BaseController {
    * @param {Response} res
    * @param {NextFunction} next
    */
-  async getExpense(req: Request, res: Response, next: NextFunction) {
+  private async getExpense(req: Request, res: Response, next: NextFunction) {
     const { tenantId } = req;
     const { id: expenseId } = req.params;
 

packages/server/src/api/controllers/Export/ExportController.ts

@@ -0,0 +1,87 @@
+import { Inject, Service } from 'typedi';
+import { Router, Request, Response, NextFunction } from 'express';
+import { query } from 'express-validator';
+import BaseController from '@/api/controllers/BaseController';
+import { ServiceError } from '@/exceptions';
+import { ExportApplication } from '@/services/Export/ExportApplication';
+import { ACCEPT_TYPE } from '@/interfaces/Http';
+import { convertAcceptFormatToFormat } from './_utils';
+
+@Service()
+export class ExportController extends BaseController {
+  @Inject()
+  private exportResourceApp: ExportApplication;
+
+  /**
+   * Router constructor method.
+   */
+  public router() {
+    const router = Router();
+
+    router.get(
+      '/',
+      [
+        query('resource').exists(),
+        query('format').isIn(['csv', 'xlsx']).optional(),
+      ],
+      this.validationResult,
+      this.export.bind(this),
+    );
+    return router;
+  }
+
+  /**
+   * Imports xlsx/csv to the given resource type.
+   * @param {Request} req -
+   * @param {Response} res -
+   * @param {NextFunction} next -
+   */
+  private async export(req: Request, res: Response, next: NextFunction) {
+    const { tenantId } = req;
+    const query = this.matchedQueryData(req);
+
+    try {
+      const accept = this.accepts(req);
+
+      const acceptType = accept.types([
+        ACCEPT_TYPE.APPLICATION_XLSX,
+        ACCEPT_TYPE.APPLICATION_CSV,
+        ACCEPT_TYPE.APPLICATION_PDF,
+      ]);
+      const applicationFormat = convertAcceptFormatToFormat(acceptType);
+
+      const data = await this.exportResourceApp.export(
+        tenantId,
+        query.resource,
+        applicationFormat
+      );
+      // Retrieves the csv format.
+      if (ACCEPT_TYPE.APPLICATION_CSV === acceptType) {
+        res.setHeader('Content-Disposition', 'attachment; filename=output.csv');
+        res.setHeader('Content-Type', 'text/csv');
+
+        return res.send(data);
+        // Retrieves the xlsx format.
+      } else if (ACCEPT_TYPE.APPLICATION_XLSX === acceptType) {
+        res.setHeader(
+          'Content-Disposition',
+          'attachment; filename=output.xlsx'
+        );
+        res.setHeader(
+          'Content-Type',
+          'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'
+        );
+        return res.send(data);
+        //
+      } else if (ACCEPT_TYPE.APPLICATION_PDF === acceptType) {
+        res.set({
+          'Content-Type': 'application/pdf',
+          'Content-Length': data.length,
+        });
+        res.send(data);
+      }
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Export/_utils.ts

@@ -0,0 +1,13 @@
+import { ACCEPT_TYPE } from '@/interfaces/Http';
+import { ExportFormat } from '@/services/Export/common';
+
+export const convertAcceptFormatToFormat = (accept: string): ExportFormat => {
+  switch (accept) {
+    case ACCEPT_TYPE.APPLICATION_CSV:
+      return ExportFormat.Csv;
+    case ACCEPT_TYPE.APPLICATION_PDF:
+      return ExportFormat.Pdf;
+    case ACCEPT_TYPE.APPLICATION_XLSX:
+      return ExportFormat.Xlsx;
+  }
+};

packages/server/src/api/controllers/FinancialStatements/BaseFinancialReportController.ts

@@ -1,9 +1,7 @@
 import { query } from 'express-validator';
-import BaseController from "../BaseController";
+import BaseController from '../BaseController';
 
 export default class BaseFinancialReportController extends BaseController {
-
-
   get sheetNumberFormatValidationSchema() {
     return [
       query('number_format.precision')
@@ -19,8 +17,7 @@ export default class BaseFinancialReportController extends BaseController {
       query('number_format.negative_format')
         .optional()
         .isIn(['parentheses', 'mines'])
-        .trim()
-        .escape(),
+        .trim(),
     ];
   }
-}
+}

packages/server/src/api/controllers/FinancialStatements/InventoryDetails/index.ts

@@ -51,8 +51,7 @@ export default class InventoryDetailsController extends BaseController {
       query('number_format.negative_format')
         .optional()
         .isIn(['parentheses', 'mines'])
-        .trim()
-        .escape(),
+        .trim(),
       query('from_date').optional(),
       query('to_date').optional(),
 

packages/server/src/api/controllers/FinancialStatements/JournalSheet.ts

@@ -36,7 +36,7 @@ export default class JournalSheetController extends BaseFinancialReportControlle
     return [
       query('from_date').optional().isISO8601(),
       query('to_date').optional().isISO8601(),
-      query('transaction_type').optional().trim().escape(),
+      query('transaction_type').optional().trim(),
       query('transaction_id').optional().isInt().toInt(),
       oneOf(
         [

packages/server/src/api/controllers/FinancialStatements/TransactionsByReference/index.ts

@@ -40,8 +40,7 @@ export default class TransactionsByReferenceController extends BaseController {
       query('number_format.negative_format')
         .optional()
         .isIn(['parentheses', 'mines'])
-        .trim()
-        .escape(),
+        .trim(),
     ];
   }
 

packages/server/src/api/controllers/Import/ImportController.ts

@@ -0,0 +1,246 @@
+import { Inject, Service } from 'typedi';
+import { Router, Request, Response, NextFunction } from 'express';
+import { body, param, query } from 'express-validator';
+import { defaultTo } from 'lodash';
+import BaseController from '@/api/controllers/BaseController';
+import { ServiceError } from '@/exceptions';
+import { ImportResourceApplication } from '@/services/Import/ImportResourceApplication';
+import { uploadImportFile } from './_utils';
+import { parseJsonSafe } from '@/utils/parse-json-safe';
+
+@Service()
+export class ImportController extends BaseController {
+  @Inject()
+  private importResourceApp: ImportResourceApplication;
+
+  /**
+   * Router constructor method.
+   */
+  public router() {
+    const router = Router();
+
+    router.post(
+      '/file',
+      uploadImportFile.single('file'),
+      this.importValidationSchema,
+      this.validationResult,
+      this.asyncMiddleware(this.fileUpload.bind(this)),
+      this.catchServiceErrors
+    );
+    router.post(
+      '/:import_id/import',
+      this.asyncMiddleware(this.import.bind(this)),
+      this.catchServiceErrors
+    );
+    router.post(
+      '/:import_id/mapping',
+      [
+        param('import_id').exists().isString(),
+        body('mapping').exists().isArray({ min: 1 }),
+        body('mapping.*.group').optional(),
+        body('mapping.*.from').exists(),
+        body('mapping.*.to').exists(),
+      ],
+      this.validationResult,
+      this.asyncMiddleware(this.mapping.bind(this)),
+      this.catchServiceErrors
+    );
+    router.get(
+      '/sample',
+      [query('resource').exists(), query('format').optional()],
+      this.validationResult,
+      this.downloadImportSample.bind(this),
+      this.catchServiceErrors
+    );
+    router.get(
+      '/:import_id',
+      this.asyncMiddleware(this.getImportFileMeta.bind(this)),
+      this.catchServiceErrors
+    );
+    router.get(
+      '/:import_id/preview',
+      this.asyncMiddleware(this.preview.bind(this)),
+      this.catchServiceErrors
+    );
+    return router;
+  }
+
+  /**
+   * Import validation schema.
+   * @returns {ValidationSchema[]}
+   */
+  private get importValidationSchema() {
+    return [body('resource').exists(), body('params').optional()];
+  }
+
+  /**
+   * Imports xlsx/csv to the given resource type.
+   * @param {Request} req -
+   * @param {Response} res -
+   * @param {NextFunction} next -
+   */
+  private async fileUpload(req: Request, res: Response, next: NextFunction) {
+    const { tenantId } = req;
+    const body = this.matchedBodyData(req);
+    const params = defaultTo(parseJsonSafe(body.params), {});
+
+    try {
+      const data = await this.importResourceApp.import(
+        tenantId,
+        body.resource,
+        req.file.filename,
+        params
+      );
+      return res.status(200).send(data);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Maps the columns of the imported file.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async mapping(req: Request, res: Response, next: NextFunction) {
+    const { tenantId } = req;
+    const { import_id: importId } = req.params;
+    const body = this.matchedBodyData(req);
+
+    try {
+      const mapping = await this.importResourceApp.mapping(
+        tenantId,
+        importId,
+        body?.mapping
+      );
+      return res.status(200).send(mapping);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Preview the imported file before actual importing.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async preview(req: Request, res: Response, next: NextFunction) {
+    const { tenantId } = req;
+    const { import_id: importId } = req.params;
+
+    try {
+      const preview = await this.importResourceApp.preview(tenantId, importId);
+
+      return res.status(200).send(preview);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Importing the imported file to the application storage.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async import(req: Request, res: Response, next: NextFunction) {
+    const { tenantId } = req;
+    const { import_id: importId } = req.params;
+
+    try {
+      const result = await this.importResourceApp.process(tenantId, importId);
+
+      return res.status(200).send(result);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the csv/xlsx sample sheet of the given resource name.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async downloadImportSample(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const { format, resource } = this.matchedQueryData(req);
+
+    try {
+      const result = this.importResourceApp.sample(tenantId, resource, format);
+
+      return res.status(200).send(result);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the import file meta.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async getImportFileMeta(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const { import_id: importId } = req.params;
+
+    try {
+      const result = await this.importResourceApp.importMeta(
+        tenantId,
+        importId
+      );
+      return res.status(200).send(result);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Transforms service errors to response.
+   * @param {Error}
+   * @param {Request} req
+   * @param {Response} res
+   * @param {ServiceError} error
+   */
+  private catchServiceErrors(
+    error,
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    if (error instanceof ServiceError) {
+      if (error.errorType === 'INVALID_MAP_ATTRS') {
+        return res.status(400).send({
+          errors: [{ type: 'INVALID_MAP_ATTRS' }],
+        });
+      }
+      if (error.errorType === 'DUPLICATED_FROM_MAP_ATTR') {
+        return res.status(400).send({
+          errors: [{ type: 'DUPLICATED_FROM_MAP_ATTR' }],
+        });
+      }
+      if (error.errorType === 'DUPLICATED_TO_MAP_ATTR') {
+        return res.status(400).send({
+          errors: [{ type: 'DUPLICATED_TO_MAP_ATTR' }],
+        });
+      }
+      if (error.errorType === 'IMPORTED_FILE_EXTENSION_INVALID') {
+        return res.status(400).send({
+          errors: [{ type: 'IMPORTED_FILE_EXTENSION_INVALID' }],
+        });
+      }
+    }
+    next(error);
+  }
+}

packages/server/src/api/controllers/Import/_utils.ts

@@ -0,0 +1,34 @@
+import Multer from 'multer';
+import { ServiceError } from '@/exceptions';
+import { getImportsStoragePath } from '@/services/Import/_utils';
+
+export function allowSheetExtensions(req, file, cb) {
+  if (
+    file.mimetype !== 'text/csv' &&
+    file.mimetype !== 'application/vnd.ms-excel' &&
+    file.mimetype !==
+      'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'
+  ) {
+    cb(new ServiceError('IMPORTED_FILE_EXTENSION_INVALID'));
+    return;
+  }
+  cb(null, true);
+}
+
+const storage = Multer.diskStorage({
+  destination: function (req, file, cb) {
+    const path = getImportsStoragePath();
+    cb(null, path);
+  },
+  filename: function (req, file, cb) {
+    // Add the creation timestamp to clean up temp files later.
+    const uniqueSuffix = Date.now() + '-' + Math.round(Math.random() * 1e9);
+    cb(null, uniqueSuffix);
+  },
+});
+
+export const uploadImportFile = Multer({
+  storage,
+  limits: { fileSize: 5 * 1024 * 1024 },
+  fileFilter: allowSheetExtensions,
+});

packages/server/src/api/controllers/Inventory/InventoryAdjustments.ts

@@ -86,7 +86,7 @@ export default class InventoryAdjustmentsController extends BaseController {
    */
   get validateListQuerySchema() {
     return [
-      query('column_sort_by').optional().trim().escape(),
+      query('column_sort_by').optional().trim(),
       query('sort_order').optional().isIn(['desc', 'asc']),
 
       query('page').optional().isNumeric().toInt(),

packages/server/src/api/controllers/InviteUsers.ts

@@ -25,7 +25,7 @@ export default class InviteUsersController extends BaseController {
     router.post(
       '/send',
       [
-        body('email').exists().trim().escape(),
+        body('email').exists().trim(),
         body('role_id').exists().isNumeric().toInt(),
       ],
       this.validationResult,
@@ -57,7 +57,7 @@ export default class InviteUsersController extends BaseController {
     );
     router.get(
       '/invited/:token',
-      [param('token').exists().trim().escape()],
+      [param('token').exists().trim()],
       this.validationResult,
       asyncMiddleware(this.invited.bind(this)),
       this.handleServicesError
@@ -72,10 +72,10 @@ export default class InviteUsersController extends BaseController {
    */
   private get inviteUserDTO() {
     return [
-      check('first_name').exists().trim().escape(),
-      check('last_name').exists().trim().escape(),
-      check('password').exists().trim().escape().isLength({ min: 5 }),
-      param('token').exists().trim().escape(),
+      check('first_name').exists().trim(),
+      check('last_name').exists().trim(),
+      check('password').exists().trim().isLength({ min: 5 }),
+      param('token').exists().trim(),
     ];
   }
 

packages/server/src/api/controllers/ItemCategories.ts

@@ -73,13 +73,11 @@ export default class ItemsCategoriesController extends BaseController {
       check('name')
         .exists()
         .trim()
-        .escape()
         .isLength({ min: 0, max: DATATYPES_LENGTH.STRING }),
       check('description')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.TEXT }),
       check('sell_account_id')
         .optional({ nullable: true })
@@ -101,9 +99,8 @@ export default class ItemsCategoriesController extends BaseController {
    */
   get categoriesListValidationSchema() {
     return [
-      query('column_sort_by').optional().trim().escape(),
-      query('sort_order').optional().trim().escape().isIn(['desc', 'asc']),
-
+      query('column_sort_by').optional().trim(),
+      query('sort_order').optional().trim().isIn(['desc', 'asc']),
       query('stringified_filter_roles').optional().isJSON(),
     ];
   }
@@ -207,14 +204,12 @@ export default class ItemsCategoriesController extends BaseController {
     };
 
     try {
-      const {
-        itemCategories,
-        filterMeta,
-      } = await this.itemCategoriesService.getItemCategoriesList(
-        tenantId,
-        itemCategoriesFilter,
-        user
-      );
+      const { itemCategories, filterMeta } =
+        await this.itemCategoriesService.getItemCategoriesList(
+          tenantId,
+          itemCategoriesFilter,
+          user
+        );
       return res.status(200).send({
         item_categories: itemCategories,
         filter_meta: this.transfromToResponse(filterMeta),

packages/server/src/api/controllers/Items/Items.ts

@@ -96,13 +96,11 @@ export default class ItemsController extends BaseController {
         .exists()
         .isString()
         .trim()
-        .escape()
         .isIn(['service', 'non-inventory', 'inventory']),
       check('code')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       // Purchase attributes.
       check('purchasable').optional().isBoolean().toBoolean(),
@@ -141,13 +139,11 @@ export default class ItemsController extends BaseController {
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.TEXT }),
       check('purchase_description')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.TEXT }),
       check('sell_tax_rate_id').optional({ nullable: true }).isInt().toInt(),
       check('purchase_tax_rate_id')
@@ -162,7 +158,6 @@ export default class ItemsController extends BaseController {
         .optional()
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.TEXT }),
       check('active').optional().isBoolean().toBoolean(),
 
@@ -184,7 +179,7 @@ export default class ItemsController extends BaseController {
    */
   private get validateListQuerySchema() {
     return [
-      query('column_sort_by').optional().trim().escape(),
+      query('column_sort_by').optional().trim(),
       query('sort_order').optional().isIn(['desc', 'asc']),
 
       query('page').optional().isNumeric().toInt(),

packages/server/src/api/controllers/Items/index.ts

@@ -6,7 +6,7 @@ import ItemTransactionsController from './ItemsTransactions';
 
 @Service()
 export default class ItemsBaseController {
-  router() {
+  public router() {
     const router = Router();
 
     router.use('/', Container.get(ItemsController).router());

packages/server/src/api/controllers/ManualJournals.ts

@@ -77,14 +77,14 @@ export default class ManualJournalsController extends BaseController {
   /**
    * Specific manual journal id param validation schema.
    */
-  get manualJournalParamSchema() {
+  private get manualJournalParamSchema() {
     return [param('id').exists().isNumeric().toInt()];
   }
 
   /**
    * Manual journal DTO schema.
    */
-  get manualJournalValidationSchema() {
+  private get manualJournalValidationSchema() {
     return [
       check('date').exists().isISO8601(),
       check('currency_code').optional(),
@@ -94,25 +94,21 @@ export default class ManualJournalsController extends BaseController {
         .optional()
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('journal_type')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('reference')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('description')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.TEXT }),
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
       check('publish').optional().isBoolean().toBoolean(),
@@ -148,19 +144,22 @@ export default class ManualJournalsController extends BaseController {
         .optional({ nullable: true })
         .isNumeric()
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
   /**
    * Manual journals list validation schema.
    */
-  get manualJournalsListSchema() {
+  private get manualJournalsListSchema() {
     return [
       query('page').optional().isNumeric().toInt(),
       query('page_size').optional().isNumeric().toInt(),
       query('custom_view_id').optional().isNumeric().toInt(),
 
-      query('column_sort_by').optional().trim().escape(),
+      query('column_sort_by').optional().trim(),
       query('sort_order').optional().isIn(['desc', 'asc']),
 
       query('stringified_filter_roles').optional().isJSON(),
@@ -320,7 +319,7 @@ export default class ManualJournalsController extends BaseController {
    * @param {Response} res
    * @param {NextFunction} next
    */
-  getManualJournalsList = async (
+  private getManualJournalsList = async (
     req: Request,
     res: Response,
     next: NextFunction

packages/server/src/api/controllers/Media.ts

@@ -61,15 +61,14 @@ export default class MediaController extends BaseController {
 
   get uploadValidationSchema() {
     return [
-      // check('attachment'),
-      check('model_name').optional().trim().escape(),
-      check('model_id').optional().isNumeric().toInt(),
+      check('model_name').optional().trim(),
+      check('model_id').optional().isNumeric(),
     ];
   }
 
   get linkValidationSchema() {
     return [
-      check('model_name').exists().trim().escape(),
+      check('model_name').exists().trim(),
       check('model_id').exists().isNumeric().toInt(),
     ]
   }

packages/server/src/api/controllers/OneClickDemo/OneClickDemoController.ts

@@ -0,0 +1,87 @@
+import { Router, Request, Response, NextFunction } from 'express';
+import { Service, Inject } from 'typedi';
+import { body } from 'express-validator';
+import asyncMiddleware from '@/api/middleware/asyncMiddleware';
+import BaseController from '@/api/controllers/BaseController';
+import { OneClickDemoApplication } from '@/services/OneClickDemo/OneClickDemoApplication';
+import config from '@/config';
+@Service()
+export class OneClickDemoController extends BaseController {
+  @Inject()
+  private oneClickDemoApp: OneClickDemoApplication;
+
+  /**
+   * Router constructor method.
+   */
+  router() {
+    const router = Router();
+
+    // Protects the endpoints if the feature is not enabled.
+    const protectMiddleware = (
+      req: Request,
+      res: Response,
+      next: NextFunction
+    ) => {
+      // Add your protection logic here
+      if (config.oneClickDemoAccounts) {
+        next();
+      } else {
+        res.status(403).send({ message: 'Forbidden' });
+      }
+    };
+    router.post(
+      '/one_click',
+      protectMiddleware,
+      asyncMiddleware(this.oneClickDemo.bind(this))
+    );
+    router.post(
+      '/one_click_signin',
+      [body('demo_id').exists()],
+      this.validationResult,
+      protectMiddleware,
+      asyncMiddleware(this.oneClickSignIn.bind(this))
+    );
+    return router;
+  }
+
+  /**
+   * One-click demo application.
+   * @param {Request} req -
+   * @param {Response} res -
+   * @param {NextFunction} next -
+   */
+  private async oneClickDemo(req: Request, res: Response, next: NextFunction) {
+    try {
+      const data = await this.oneClickDemoApp.createOneClick();
+
+      return res.status(200).send({
+        data,
+        message: 'The one-click demo has been created successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Sign-in to one-click demo account.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async oneClickSignIn(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { demoId } = this.matchedBodyData(req);
+
+    try {
+      const data = await this.oneClickDemoApp.autoSignIn(demoId);
+
+      return res.status(200).send(data);
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Organization.ts

@@ -6,6 +6,7 @@ import { check, ValidationChain } from 'express-validator';
 import asyncMiddleware from '@/api/middleware/asyncMiddleware';
 import JWTAuth from '@/api/middleware/jwtAuth';
 import TenancyMiddleware from '@/api/middleware/TenancyMiddleware';
+import SubscriptionMiddleware from '@/api/middleware/SubscriptionMiddleware';
 import AttachCurrentTenantUser from '@/api/middleware/AttachCurrentTenantUser';
 import OrganizationService from '@/services/Organization/OrganizationService';
 import { MONTHS, ACCEPTED_LOCALES } from '@/services/Organization/constants';
@@ -17,7 +18,7 @@ import BaseController from '@/api/controllers/BaseController';
 @Service()
 export default class OrganizationController extends BaseController {
   @Inject()
-  private organizationService: OrganizationService;
+  organizationService: OrganizationService;
 
   /**
    * Router constructor.
@@ -25,10 +26,13 @@ export default class OrganizationController extends BaseController {
   router() {
     const router = Router();
 
+    // Should before build tenant database the user be authorized and
+    // most important than that, should be subscribed to any plan.
     router.use(JWTAuth);
     router.use(AttachCurrentTenantUser);
     router.use(TenancyMiddleware);
 
+    router.use('/build', SubscriptionMiddleware('main'));
     router.post(
       '/build',
       this.buildOrganizationValidationSchema,
@@ -58,7 +62,7 @@ export default class OrganizationController extends BaseController {
   private get commonOrganizationValidationSchema(): ValidationChain[] {
     return [
       check('name').exists().trim(),
-      check('industry').optional({ nullable: true }).isString().trim().escape(),
+      check('industry').optional({ nullable: true }).isString().trim(),
       check('location').exists().isString().isISO31661Alpha2(),
       check('base_currency').exists().isISO4217(),
       check('timezone').exists().isIn(moment.tz.names()),
@@ -83,11 +87,7 @@ export default class OrganizationController extends BaseController {
   private get updateOrganizationValidationSchema(): ValidationChain[] {
     return [
       ...this.commonOrganizationValidationSchema,
-      check('tax_number')
-        .optional({ nullable: true })
-        .isString()
-        .trim()
-        .escape(),
+      check('tax_number').optional({ nullable: true }).isString().trim(),
     ];
   }
 

packages/server/src/api/controllers/OrganizationDashboard.ts

@@ -33,17 +33,17 @@ export default class OrganizationDashboardController extends BaseController {
   }
 
   /**
-   *
-   * @param req
-   * @param res
-   * @param next
-   * @returns
+   * Detarmines whether the current authed organization to able to change its currency/.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Response|void}
    */
   private async baseCurrencyMutateAbility(
     req: Request,
     res: Response,
     next: Function
-  ) {
+  ): Promise<Response|void> {
     const { tenantId } = req;
 
     try {

packages/server/src/api/controllers/Projects/Projects.ts

@@ -29,8 +29,7 @@ export class ProjectsController extends BaseController {
         check('cost_estimate').exists().isDecimal(),
       ],
       this.validationResult,
-      asyncMiddleware(this.createProject.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.createProject.bind(this))
     );
     router.post(
       '/:id',
@@ -43,8 +42,7 @@ export class ProjectsController extends BaseController {
         check('cost_estimate').exists().isDecimal(),
       ],
       this.validationResult,
-      asyncMiddleware(this.editProject.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.editProject.bind(this))
     );
     router.patch(
       '/:projectId/status',
@@ -56,16 +54,14 @@ export class ProjectsController extends BaseController {
           .isIn([IProjectStatus.InProgress, IProjectStatus.Closed]),
       ],
       this.validationResult,
-      asyncMiddleware(this.editProject.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.editProject.bind(this))
     );
     router.get(
       '/:id',
       CheckPolicies(ProjectAction.VIEW, AbilitySubject.Project),
       [param('id').exists().isInt().toInt()],
       this.validationResult,
-      asyncMiddleware(this.getProject.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.getProject.bind(this))
     );
     router.get(
       '/:projectId/billable/entries',
@@ -76,24 +72,21 @@ export class ProjectsController extends BaseController {
         query('to_date').optional().isISO8601(),
       ],
       this.validationResult,
-      asyncMiddleware(this.projectBillableEntries.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.projectBillableEntries.bind(this))
     );
     router.get(
       '/',
       CheckPolicies(ProjectAction.VIEW, AbilitySubject.Project),
       [],
       this.validationResult,
-      asyncMiddleware(this.getProjects.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.getProjects.bind(this))
     );
     router.delete(
       '/:id',
       CheckPolicies(ProjectAction.DELETE, AbilitySubject.Project),
       [param('id').exists().isInt().toInt()],
       this.validationResult,
-      asyncMiddleware(this.deleteProject.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.deleteProject.bind(this))
     );
     return router;
   }
@@ -252,22 +245,4 @@ export class ProjectsController extends BaseController {
       next(error);
     }
   };
-
-  /**
-   * Transforms service errors to response.
-   * @param {Error}
-   * @param {Request} req
-   * @param {Response} res
-   * @param {ServiceError} error
-   */
-  private catchServiceErrors(
-    error,
-    req: Request,
-    res: Response,
-    next: NextFunction
-  ) {
-    if (error instanceof ServiceError) {
-    }
-    next(error);
-  }
 }

packages/server/src/api/controllers/Purchases/Bills.ts

@@ -100,8 +100,8 @@ export default class BillsController extends BaseController {
    */
   private get billValidationSchema() {
     return [
-      check('bill_number').exists().trim().escape(),
-      check('reference_no').optional().trim().escape(),
+      check('bill_number').exists().trim(),
+      check('reference_no').optional().trim(),
       check('bill_date').exists().isISO8601(),
       check('due_date').optional().isISO8601(),
 
@@ -112,13 +112,12 @@ export default class BillsController extends BaseController {
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
       check('project_id').optional({ nullable: true }).isNumeric().toInt(),
 
-      check('note').optional().trim().escape(),
+      check('note').optional().trim(),
       check('open').default(false).isBoolean().toBoolean(),
 
       check('is_inclusive_tax').default(false).isBoolean().toBoolean(),
 
       check('entries').isArray({ min: 1 }),
-
       check('entries.*.index').exists().isNumeric().toInt(),
       check('entries.*.item_id').exists().isNumeric().toInt(),
       check('entries.*.rate').exists().isNumeric().toFloat(),
@@ -127,10 +126,7 @@ export default class BillsController extends BaseController {
         .optional({ nullable: true })
         .isNumeric()
         .toFloat(),
-      check('entries.*.description')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
+      check('entries.*.description').optional({ nullable: true }).trim(),
       check('entries.*.landed_cost')
         .optional({ nullable: true })
         .isBoolean()
@@ -142,12 +138,14 @@ export default class BillsController extends BaseController {
       check('entries.*.tax_code')
         .optional({ nullable: true })
         .trim()
-        .escape()
         .isString(),
       check('entries.*.tax_rate_id')
         .optional({ nullable: true })
         .isNumeric()
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -156,8 +154,8 @@ export default class BillsController extends BaseController {
    */
   private get billEditValidationSchema() {
     return [
-      check('bill_number').optional().trim().escape(),
-      check('reference_no').optional().trim().escape(),
+      check('bill_number').optional().trim(),
+      check('reference_no').optional().trim(),
       check('bill_date').exists().isISO8601(),
       check('due_date').optional().isISO8601(),
 
@@ -168,7 +166,7 @@ export default class BillsController extends BaseController {
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
       check('project_id').optional({ nullable: true }).isNumeric().toInt(),
 
-      check('note').optional().trim().escape(),
+      check('note').optional().trim(),
       check('open').default(false).isBoolean().toBoolean(),
 
       check('entries').isArray({ min: 1 }),
@@ -182,14 +180,14 @@ export default class BillsController extends BaseController {
         .optional({ nullable: true })
         .isNumeric()
         .toFloat(),
-      check('entries.*.description')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
+      check('entries.*.description').optional({ nullable: true }).trim(),
       check('entries.*.landed_cost')
         .optional({ nullable: true })
         .isBoolean()
         .toBoolean(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -217,8 +215,8 @@ export default class BillsController extends BaseController {
 
   private get dueBillsListingValidationSchema() {
     return [
-      query('vendor_id').optional().trim().escape(),
-      query('payment_made_id').optional().trim().escape(),
+      query('vendor_id').optional().trim(),
+      query('payment_made_id').optional().trim(),
     ];
   }
 

packages/server/src/api/controllers/Purchases/BillsPayments.ts

@@ -111,17 +111,21 @@ export default class BillsPayments extends BaseController {
       check('vendor_id').exists().isNumeric().toInt(),
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
 
+      check('amount').exists().isNumeric().toFloat(),
       check('payment_account_id').exists().isNumeric().toInt(),
-      check('payment_number').optional({ nullable: true }).trim().escape(),
+      check('payment_number').optional({ nullable: true }).trim(),
       check('payment_date').exists(),
-      check('statement').optional().trim().escape(),
-      check('reference').optional().trim().escape(),
+      check('statement').optional().trim(),
+      check('reference').optional().trim(),
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
 
-      check('entries').exists().isArray({ min: 1 }),
+      check('entries').exists().isArray(),
       check('entries.*.index').optional().isNumeric().toInt(),
       check('entries.*.bill_id').exists().isNumeric().toInt(),
       check('entries.*.payment_amount').exists().isNumeric().toFloat(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 

packages/server/src/api/controllers/Purchases/VendorCredit.ts

@@ -156,13 +156,10 @@ export default class VendorCreditController extends BaseController {
       check('vendor_id').exists().isNumeric().toInt(),
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
 
-      check('vendor_credit_number')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
-      check('reference_no').optional().trim().escape(),
+      check('vendor_credit_number').optional({ nullable: true }).trim(),
+      check('reference_no').optional().trim(),
       check('vendor_credit_date').exists().isISO8601().toDate(),
-      check('note').optional().trim().escape(),
+      check('note').optional().trim(),
       check('open').default(false).isBoolean().toBoolean(),
 
       check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(),
@@ -178,14 +175,14 @@ export default class VendorCreditController extends BaseController {
         .optional({ nullable: true })
         .isNumeric()
         .toFloat(),
-      check('entries.*.description')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
+      check('entries.*.description').optional({ nullable: true }).trim(),
       check('entries.*.warehouse_id')
         .optional({ nullable: true })
         .isNumeric()
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -199,13 +196,10 @@ export default class VendorCreditController extends BaseController {
       check('vendor_id').exists().isNumeric().toInt(),
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
 
-      check('vendor_credit_number')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
-      check('reference_no').optional().trim().escape(),
+      check('vendor_credit_number').optional({ nullable: true }).trim(),
+      check('reference_no').optional().trim(),
       check('vendor_credit_date').exists().isISO8601().toDate(),
-      check('note').optional().trim().escape(),
+      check('note').optional().trim(),
 
       check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(),
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
@@ -220,14 +214,14 @@ export default class VendorCreditController extends BaseController {
         .optional({ nullable: true })
         .isNumeric()
         .toFloat(),
-      check('entries.*.description')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
+      check('entries.*.description').optional({ nullable: true }).trim(),
       check('entries.*.warehouse_id')
         .optional({ nullable: true })
         .isNumeric()
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -297,8 +291,7 @@ export default class VendorCreditController extends BaseController {
     try {
       const vendorCredit = await this.createVendorCreditService.newVendorCredit(
         tenantId,
-        vendorCreditCreateDTO,
-        user
+        vendorCreditCreateDTO
       );
 
       return res.status(200).send({

packages/server/src/api/controllers/Resources.ts

@@ -18,9 +18,7 @@ export default class ResourceController extends BaseController {
 
     router.get(
       '/:resource_model/meta',
-      [
-        param('resource_model').exists().trim().escape()
-      ],
+      [param('resource_model').exists().trim()],
       this.asyncMiddleware(this.resourceMeta.bind(this)),
       this.handleServiceErrors
     );
@@ -48,9 +46,7 @@ export default class ResourceController extends BaseController {
         resourceModel
       );
       return res.status(200).send({
-        resource_meta: this.transfromToResponse(
-          resourceMeta,
-        ),
+        resource_meta: this.transfromToResponse(resourceMeta),
       });
     } catch (error) {
       next(error);

packages/server/src/api/controllers/Sales/CreditNotes.ts

@@ -210,9 +210,9 @@ export default class PaymentReceivesController extends BaseController {
 
       check('credit_note_date').exists().isISO8601().toDate(),
       check('reference_no').optional(),
-      check('credit_note_number').optional({ nullable: true }).trim().escape(),
-      check('note').optional().trim().escape(),
-      check('terms_conditions').optional().trim().escape(),
+      check('credit_note_number').optional({ nullable: true }).trim(),
+      check('note').optional().trim(),
+      check('terms_conditions').optional().trim(),
       check('open').default(false).isBoolean().toBoolean(),
 
       check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(),
@@ -228,14 +228,14 @@ export default class PaymentReceivesController extends BaseController {
         .optional({ nullable: true })
         .isNumeric()
         .toFloat(),
-      check('entries.*.description')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
+      check('entries.*.description').optional({ nullable: true }).trim(),
       check('entries.*.warehouse_id')
         .optional({ nullable: true })
         .isNumeric()
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -338,8 +338,7 @@ export default class PaymentReceivesController extends BaseController {
     try {
       const creditNote = await this.createCreditNoteService.newCreditNote(
         tenantId,
-        creditNoteDTO,
-        user
+        creditNoteDTO
       );
       return res.status(200).send({
         id: creditNote.id,

packages/server/src/api/controllers/Sales/PaymentReceives.ts

@@ -9,9 +9,9 @@ import {
 } from '@/interfaces';
 import BaseController from '@/api/controllers/BaseController';
 import asyncMiddleware from '@/api/middleware/asyncMiddleware';
-import PaymentReceivesPages from '@/services/Sales/PaymentReceives/PaymentReceivesPages';
+import PaymentsReceivedPages from '@/services/Sales/PaymentReceived/PaymentsReceivedPages';
+import { PaymentReceivesApplication } from '@/services/Sales/PaymentReceived/PaymentReceivedApplication';
 import DynamicListingService from '@/services/DynamicListing/DynamicListService';
-import { PaymentReceivesApplication } from '@/services/Sales/PaymentReceives/PaymentReceivesApplication';
 import CheckPolicies from '@/api/middleware/CheckPolicies';
 import { ServiceError } from '@/exceptions';
 import { ACCEPT_TYPE } from '@/interfaces/Http';
@@ -22,7 +22,7 @@ export default class PaymentReceivesController extends BaseController {
   private paymentReceiveApplication: PaymentReceivesApplication;
 
   @Inject()
-  private PaymentReceivesPages: PaymentReceivesPages;
+  private PaymentsReceivedPages: PaymentsReceivedPages;
 
   @Inject()
   private dynamicListService: DynamicListingService;
@@ -150,20 +150,23 @@ export default class PaymentReceivesController extends BaseController {
       check('customer_id').exists().isNumeric().toInt(),
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
 
+      check('amount').exists().isNumeric().toFloat(),
       check('payment_date').exists(),
       check('reference_no').optional(),
       check('deposit_account_id').exists().isNumeric().toInt(),
-      check('payment_receive_no').optional({ nullable: true }).trim().escape(),
-      check('statement').optional().trim().escape(),
+      check('payment_receive_no').optional({ nullable: true }).trim(),
+      check('statement').optional().trim(),
 
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
 
-      check('entries').isArray({ min: 1 }),
-
+      check('entries').isArray({}),
       check('entries.*.id').optional({ nullable: true }).isNumeric().toInt(),
       check('entries.*.index').optional().isNumeric().toInt(),
       check('entries.*.invoice_id').exists().isNumeric().toInt(),
       check('entries.*.payment_amount').exists().isNumeric().toFloat(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -173,7 +176,6 @@ export default class PaymentReceivesController extends BaseController {
   private get validatePaymentReceiveList(): ValidationChain[] {
     return [
       query('stringified_filter_roles').optional().isJSON(),
-
       query('view_slug').optional({ nullable: true }).isString().trim(),
 
       query('column_sort_by').optional(),
@@ -227,7 +229,7 @@ export default class PaymentReceivesController extends BaseController {
 
     try {
       const storedPaymentReceive =
-        await this.paymentReceiveApplication.createPaymentReceive(
+        await this.paymentReceiveApplication.createPaymentReceived(
           tenantId,
           paymentReceive,
           user
@@ -374,7 +376,7 @@ export default class PaymentReceivesController extends BaseController {
     const { customerId } = this.matchedQueryData(req);
 
     try {
-      const entries = await this.PaymentReceivesPages.getNewPageEntries(
+      const entries = await this.PaymentsReceivedPages.getNewPageEntries(
         tenantId,
         customerId
       );
@@ -402,7 +404,7 @@ export default class PaymentReceivesController extends BaseController {
 
     try {
       const { paymentReceive, entries } =
-        await this.PaymentReceivesPages.getPaymentReceiveEditPage(
+        await this.PaymentsReceivedPages.getPaymentReceiveEditPage(
           tenantId,
           paymentReceiveId,
           user

packages/server/src/api/controllers/Sales/SalesEstimates.ts

@@ -155,7 +155,7 @@ export default class SalesEstimatesController extends BaseController {
       check('estimate_date').exists().isISO8601().toDate(),
       check('expiration_date').exists().isISO8601().toDate(),
       check('reference').optional(),
-      check('estimate_number').optional().trim().escape(),
+      check('estimate_number').optional().trim(),
       check('delivered').default(false).isBoolean().toBoolean(),
 
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
@@ -170,8 +170,7 @@ export default class SalesEstimatesController extends BaseController {
       check('entries.*.rate').exists().isNumeric().toFloat(),
       check('entries.*.description')
         .optional({ nullable: true })
-        .trim()
-        .escape(),
+        .trim(),
       check('entries.*.discount')
         .optional({ nullable: true })
         .isNumeric()
@@ -181,9 +180,12 @@ export default class SalesEstimatesController extends BaseController {
         .isNumeric()
         .toInt(),
 
-      check('note').optional().trim().escape(),
-      check('terms_conditions').optional().trim().escape(),
-      check('send_to_email').optional().trim().escape(),
+      check('note').optional().trim(),
+      check('terms_conditions').optional().trim(),
+      check('send_to_email').optional().trim(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 

packages/server/src/api/controllers/Sales/SalesInvoices.ts

@@ -36,6 +36,8 @@ export default class SaleInvoicesController extends BaseController {
       [
         ...this.saleInvoiceValidationSchema,
         check('from_estimate_id').optional().isNumeric().toInt(),
+        check('attachments').isArray().optional(),
+        check('attachments.*.key').exists().isString(),
       ],
       this.validationResult,
       asyncMiddleware(this.newSaleInvoice.bind(this)),
@@ -98,6 +100,8 @@ export default class SaleInvoicesController extends BaseController {
       [
         ...this.saleInvoiceValidationSchema,
         ...this.specificSaleInvoiceValidation,
+        check('attachments').isArray().optional(),
+        check('attachments.*.key').exists().isString(),
       ],
       this.validationResult,
       asyncMiddleware(this.editSaleInvoice.bind(this)),
@@ -196,12 +200,12 @@ export default class SaleInvoicesController extends BaseController {
       check('customer_id').exists().isNumeric().toInt(),
       check('invoice_date').exists().isISO8601().toDate(),
       check('due_date').exists().isISO8601().toDate(),
-      check('invoice_no').optional().trim().escape(),
-      check('reference_no').optional().trim().escape(),
+      check('invoice_no').optional().trim(),
+      check('reference_no').optional().trim(),
       check('delivered').default(false).isBoolean().toBoolean(),
 
-      check('invoice_message').optional().trim().escape(),
-      check('terms_conditions').optional().trim().escape(),
+      check('invoice_message').optional().trim(),
+      check('terms_conditions').optional().trim(),
 
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
 
@@ -222,12 +226,10 @@ export default class SaleInvoicesController extends BaseController {
         .toFloat(),
       check('entries.*.description')
         .optional({ nullable: true })
-        .trim()
-        .escape(),
+        .trim(),
       check('entries.*.tax_code')
         .optional({ nullable: true })
         .trim()
-        .escape()
         .isString(),
       check('entries.*.tax_rate_id')
         .optional({ nullable: true })

packages/server/src/api/controllers/Sales/SalesReceipts.ts

@@ -130,8 +130,8 @@ export default class SalesReceiptsController extends BaseController {
 
       check('deposit_account_id').exists().isNumeric().toInt(),
       check('receipt_date').exists().isISO8601(),
-      check('receipt_number').optional().trim().escape(),
-      check('reference_no').optional().trim().escape(),
+      check('receipt_number').optional().trim(),
+      check('reference_no').optional().trim(),
       check('closed').default(false).isBoolean().toBoolean(),
 
       check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(),
@@ -150,14 +150,15 @@ export default class SalesReceiptsController extends BaseController {
         .toInt(),
       check('entries.*.description')
         .optional({ nullable: true })
-        .trim()
-        .escape(),
+        .trim(),
       check('entries.*.warehouse_id')
         .optional({ nullable: true })
         .isNumeric()
         .toInt(),
-      check('receipt_message').optional().trim().escape(),
-      check('statement').optional().trim().escape(),
+      check('receipt_message').optional().trim(),
+      check('statement').optional().trim(),
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 

packages/server/src/api/controllers/Settings/Settings.ts

@@ -52,10 +52,7 @@ export default class SettingsController extends BaseController {
    * Retrieve the application options from the storage.
    */
   private get getSettingsSchema() {
-    return [
-      query('key').optional().trim().escape(),
-      query('group').optional().trim().escape(),
-    ];
+    return [query('key').optional().trim(), query('group').optional().trim()];
   }
 
   /**

packages/server/src/api/controllers/Subscription/SubscriptionController.ts

@@ -0,0 +1,180 @@
+import { Router, Request, Response, NextFunction } from 'express';
+import { Service, Inject } from 'typedi';
+import { body } from 'express-validator';
+import JWTAuth from '@/api/middleware/jwtAuth';
+import TenancyMiddleware from '@/api/middleware/TenancyMiddleware';
+import AttachCurrentTenantUser from '@/api/middleware/AttachCurrentTenantUser';
+import SubscriptionService from '@/services/Subscription/SubscriptionService';
+import asyncMiddleware from '@/api/middleware/asyncMiddleware';
+import BaseController from '../BaseController';
+import { LemonSqueezyService } from '@/services/Subscription/LemonSqueezyService';
+import { SubscriptionApplication } from '@/services/Subscription/SubscriptionApplication';
+
+@Service()
+export class SubscriptionController extends BaseController {
+  @Inject()
+  private subscriptionService: SubscriptionService;
+
+  @Inject()
+  private lemonSqueezyService: LemonSqueezyService;
+
+  @Inject()
+  private subscriptionApp: SubscriptionApplication;
+
+  /**
+   * Router constructor.
+   */
+  router() {
+    const router = Router();
+
+    router.use(JWTAuth);
+    router.use(AttachCurrentTenantUser);
+    router.use(TenancyMiddleware);
+
+    router.post(
+      '/lemon/checkout_url',
+      [body('variantId').exists().trim()],
+      this.validationResult,
+      this.getCheckoutUrl.bind(this)
+    );
+    router.post('/cancel', asyncMiddleware(this.cancelSubscription.bind(this)));
+    router.post('/resume', asyncMiddleware(this.resumeSubscription.bind(this)));
+    router.post(
+      '/change',
+      [body('variant_id').exists().trim()],
+      this.validationResult,
+      asyncMiddleware(this.changeSubscriptionPlan.bind(this))
+    );
+    router.get('/', asyncMiddleware(this.getSubscriptions.bind(this)));
+
+    return router;
+  }
+
+  /**
+   * Retrieve all subscriptions of the authenticated user's tenant.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async getSubscriptions(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+
+    try {
+      const subscriptions = await this.subscriptionService.getSubscriptions(
+        tenantId
+      );
+      return res.status(200).send({ subscriptions });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the LemonSqueezy checkout url.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async getCheckoutUrl(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { variantId } = this.matchedBodyData(req);
+    const { user } = req;
+
+    try {
+      const checkout = await this.lemonSqueezyService.getCheckout(
+        variantId,
+        user
+      );
+      return res.status(200).send(checkout);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Cancels the subscription of the current organization.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  private async cancelSubscription(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+
+    try {
+      await this.subscriptionApp.cancelSubscription(tenantId);
+
+      return res.status(200).send({
+        status: 200,
+        message: 'The organization subscription has been canceled.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Resumes the subscription of the current organization.
+   * @param {Request} req 
+   * @param {Response} res 
+   * @param {NextFunction} next 
+   * @returns {Promise<Response | null>}
+   */
+  private async resumeSubscription(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+
+    try {
+      await this.subscriptionApp.resumeSubscription(tenantId);
+
+      return res.status(200).send({
+        status: 200,
+        message: 'The organization subscription has been resumed.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Changes the main subscription plan of the current organization.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response | null>}
+   */
+  public async changeSubscriptionPlan(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const body = this.matchedBodyData(req);
+
+    try {
+      await this.subscriptionApp.changeSubscriptionPlan(
+        tenantId,
+        body.variantId
+      );
+      return res.status(200).send({
+        message: 'The subscription plan has been changed.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Subscription/index.ts

@@ -0,0 +1 @@
+export * from './SubscriptionController';

packages/server/src/api/controllers/Users.ts

@@ -155,6 +155,7 @@ export default class UsersController extends BaseController {
 
     try {
       const user = await this.usersService.getUser(tenantId, userId);
+
       return res.status(200).send({ user });
     } catch (error) {
       next(error);
@@ -229,7 +230,7 @@ export default class UsersController extends BaseController {
    * @param {Response} res
    * @param {NextFunction} next
    */
-  catchServiceErrors(
+  private catchServiceErrors(
     error: Error,
     req: Request,
     res: Response,

packages/server/src/api/controllers/Views.ts

@@ -32,7 +32,7 @@ export default class ViewsController extends BaseController {
    * Custom views list validation schema.
    */
   get viewsListSchemaValidation() {
-    return [param('resource_model').exists().trim().escape()];
+    return [param('resource_model').exists().trim()];
   }
 
   /**

packages/server/src/api/controllers/Warehouses/index.ts

@@ -17,7 +17,7 @@ export class WarehousesController extends BaseController {
    *
    * @returns
    */
-  router() {
+  public router() {
     const router = Router();
 
     router.post(

packages/server/src/api/controllers/Webhooks/Webhooks.ts

@@ -1,8 +1,8 @@
-import { Router } from 'express';
-import { PlaidApplication } from '@/services/Banking/Plaid/PlaidApplication';
-import { Request, Response } from 'express';
+import { NextFunction, Router, Request, Response } from 'express';
 import { Inject, Service } from 'typedi';
+import { PlaidApplication } from '@/services/Banking/Plaid/PlaidApplication';
 import BaseController from '../BaseController';
+import { LemonSqueezyWebhooks } from '@/services/Subscription/LemonSqueezyWebhooks';
 import { PlaidWebhookTenantBootMiddleware } from '@/services/Banking/Plaid/PlaidWebhookTenantBootMiddleware';
 
 @Service()
@@ -10,38 +10,71 @@ export class Webhooks extends BaseController {
   @Inject()
   private plaidApp: PlaidApplication;
 
+  @Inject()
+  private lemonWebhooksService: LemonSqueezyWebhooks;
+
   /**
    * Router constructor.
    */
   router() {
     const router = Router();
 
-    router.use(PlaidWebhookTenantBootMiddleware);
+    router.use('/plaid', PlaidWebhookTenantBootMiddleware);
     router.post('/plaid', this.plaidWebhooks.bind(this));
 
+    router.post('/lemon', this.lemonWebhooks.bind(this));
+
     return router;
   }
 
+  /**
+   * Listens to Lemon Squeezy webhooks events.
+   * @param {Request} req
+   * @param {Response} res
+   * @returns {Response}
+   */
+  public async lemonWebhooks(req: Request, res: Response, next: NextFunction) {
+    const data = req.body;
+    const signature = req.headers['x-signature'] as string ?? '';
+    const rawBody = req.rawBody;
+
+    try {
+      await this.lemonWebhooksService.handlePostWebhook(
+        rawBody,
+        data,
+        signature
+      );
+      return res.status(200).send();
+    } catch (error) {
+      next(error);
+    }
+  }
+
   /**
    * Listens to Plaid webhooks.
    * @param {Request} req
    * @param {Response} res
    * @returns {Response}
    */
-  public async plaidWebhooks(req: Request, res: Response) {
+  public async plaidWebhooks(req: Request, res: Response, next: NextFunction) {
     const { tenantId } = req;
-    const {
-      webhook_type: webhookType,
-      webhook_code: webhookCode,
-      item_id: plaidItemId,
-    } = req.body;
 
-    await this.plaidApp.webhooks(
-      tenantId,
-      plaidItemId,
-      webhookType,
-      webhookCode
-    );
-    return res.status(200).send({ code: 200, message: 'ok' });
+    try {
+      const {
+        webhook_type: webhookType,
+        webhook_code: webhookCode,
+        item_id: plaidItemId,
+      } = req.body;
+
+      await this.plaidApp.webhooks(
+        tenantId,
+        plaidItemId,
+        webhookType,
+        webhookCode
+      );
+      return res.status(200).send({ code: 200, message: 'ok' });
+    } catch (error) {
+      next(error);
+    }
   }
 }

packages/server/src/api/exceptions/GlobalErrorException.ts

@@ -0,0 +1,20 @@
+import { Request, Response, NextFunction } from 'express';
+
+/**
+ * Global error handler.
+ * @param {Error} err
+ * @param {Request} req
+ * @param {Response} res
+ * @param {NextFunction} next
+ */
+export function GlobalErrorException(
+  err: Error,
+  req: Request,
+  res: Response,
+  next: NextFunction
+) {
+  console.error(err.stack);
+
+  res.status(500);
+  res.boom.badImplementation('', { stack: err.stack });
+}

packages/server/src/api/exceptions/ObjectionErrorException.ts

@@ -10,8 +10,14 @@ import {
   DataError,
 } from 'objection';
 
-// In this example `res` is an express response object.
-export default function ObjectionErrorHandlerMiddleware(
+/**
+ * Handles the Objection error exception.
+ * @param {Error} err
+ * @param {Request} req
+ * @param {Response} res
+ * @param {NextFunction} next
+ */
+export function ObjectionErrorException(
   err: Error,
   req: Request,
   res: Response,
@@ -108,6 +114,7 @@ export default function ObjectionErrorHandlerMiddleware(
       type: 'UnknownDatabaseError',
       data: {},
     });
+  } else {
+    next(err);
   }
-  next(err);
 }

packages/server/src/api/exceptions/ServiceErrorException.ts

@@ -0,0 +1,25 @@
+import { NextFunction, Request, Response } from 'express';
+import { ServiceError } from '@/exceptions';
+
+/**
+ * Handles service error exception.
+ * @param {Error | ServiceError} err
+ * @param {Request} req
+ * @param {Response} res
+ * @param {NextFunction} next
+ */
+export function ServiceErrorException(
+  err: Error | ServiceError,
+  req: Request,
+  res: Response,
+  next: NextFunction
+) {
+  if (err instanceof ServiceError) {
+    res.boom.badRequest('', {
+      errors: [{ type: err.errorType, message: err.message }],
+      type: 'ServiceError',
+    });
+  } else {
+    next(err);
+  }
+}

packages/server/src/api/index.ts

@@ -4,6 +4,7 @@ import { Container } from 'typedi';
 // Middlewares
 import JWTAuth from '@/api/middleware/jwtAuth';
 import AttachCurrentTenantUser from '@/api/middleware/AttachCurrentTenantUser';
+import SubscriptionMiddleware from '@/api/middleware/SubscriptionMiddleware';
 import TenancyMiddleware from '@/api/middleware/TenancyMiddleware';
 import EnsureTenantIsInitialized from '@/api/middleware/EnsureTenantIsInitialized';
 import SettingsMiddleware from '@/api/middleware/SettingsMiddleware';
@@ -36,6 +37,7 @@ import Resources from './controllers/Resources';
 import ExchangeRates from '@/api/controllers/ExchangeRates';
 import Media from '@/api/controllers/Media';
 import Ping from '@/api/controllers/Ping';
+import { SubscriptionController } from '@/api/controllers/Subscription';
 import InventoryAdjustments from '@/api/controllers/Inventory/InventoryAdjustments';
 import asyncRenderMiddleware from './middleware/AsyncRenderMiddleware';
 import Jobs from './controllers/Jobs';
@@ -56,8 +58,12 @@ import { ProjectsController } from './controllers/Projects/Projects';
 import { ProjectTasksController } from './controllers/Projects/Tasks';
 import { ProjectTimesController } from './controllers/Projects/Times';
 import { TaxRatesController } from './controllers/TaxRates/TaxRates';
+import { ImportController } from './controllers/Import/ImportController';
 import { BankingController } from './controllers/Banking/BankingController';
 import { Webhooks } from './controllers/Webhooks/Webhooks';
+import { ExportController } from './controllers/Export/ExportController';
+import { AttachmentsController } from './controllers/Attachments/AttachmentsController';
+import { OneClickDemoController } from './controllers/OneClickDemo/OneClickDemoController';
 
 export default () => {
   const app = Router();
@@ -69,11 +75,13 @@ export default () => {
 
   app.use('/auth', Container.get(Authentication).router());
   app.use('/invite', Container.get(InviteUsers).nonAuthRouter());
+  app.use('/subscription', Container.get(SubscriptionController).router());
   app.use('/organization', Container.get(Organization).router());
   app.use('/ping', Container.get(Ping).router());
   app.use('/jobs', Container.get(Jobs).router());
   app.use('/account', Container.get(Account).router());
   app.use('/webhooks', Container.get(Webhooks).router());
+  app.use('/demo', Container.get(OneClickDemoController).router())
 
   // - Dashboard routes.
   // ---------------------------
@@ -82,6 +90,7 @@ export default () => {
   dashboard.use(JWTAuth);
   dashboard.use(AttachCurrentTenantUser);
   dashboard.use(TenancyMiddleware);
+  dashboard.use(SubscriptionMiddleware('main'));
   dashboard.use(EnsureTenantIsInitialized);
   dashboard.use(SettingsMiddleware);
   dashboard.use(I18nAuthenticatedMiddlware);
@@ -135,9 +144,12 @@ export default () => {
   dashboard.use('/warehouses', Container.get(WarehousesController).router());
   dashboard.use('/projects', Container.get(ProjectsController).router());
   dashboard.use('/tax-rates', Container.get(TaxRatesController).router());
+  dashboard.use('/import', Container.get(ImportController).router());
+  dashboard.use('/export', Container.get(ExportController).router());
+  dashboard.use('/attachments', Container.get(AttachmentsController).router());
+
   dashboard.use('/', Container.get(ProjectTasksController).router());
   dashboard.use('/', Container.get(ProjectTimesController).router());
-
   dashboard.use('/', Container.get(WarehousesItemController).router());
 
   dashboard.use('/dashboard', Container.get(DashboardController).router());

packages/server/src/api/middleware/SettingsMiddleware.ts

@@ -1,11 +1,21 @@
-import { Request, Response, NextFunction } from 'express';
 import { Container } from 'typedi';
+import { Request, Response, NextFunction } from 'express';
 import SettingsStore from '@/services/Settings/SettingsStore';
- 
+
 export default async (req: Request, res: Response, next: NextFunction) => {
   const { tenantId } = req.user;
 
-  const Logger = Container.get('logger');
+  const settings = await initializeTenantSettings(tenantId);
+  req.settings = settings;
+
+  res.on('finish', async () => {
+    await settings.save();
+  });
+  next();
+}
+
+
+export const initializeTenantSettings = async (tenantId: number) => {
   const tenantContainer = Container.of(`tenant-${tenantId}`);
 
   if (tenantContainer && !tenantContainer.has('settings')) {
@@ -18,10 +28,5 @@ export default async (req: Request, res: Response, next: NextFunction) => {
 
   await settings.load();
 
-  req.settings = settings;
-
-  res.on('finish', async () => {
-    await settings.save();
-  });
-  next();
+  return settings;
 }

packages/server/src/api/middleware/SubscriptionMiddleware.ts

@@ -0,0 +1,33 @@
+import { Container } from 'typedi';
+import { Request, Response, NextFunction } from 'express';
+
+const SupportedMethods = ['POST', 'PUT'];
+
+export default (subscriptionSlug = 'main') =>
+  async (req: Request, res: Response, next: NextFunction) => {
+    const { tenant, tenantId } = req;
+    const { subscriptionRepository } = Container.get('repositories');
+
+    if (!tenant) {
+      throw new Error('Should load `TenancyMiddlware` before this middleware.');
+    }
+    const subscription = await subscriptionRepository.getBySlugInTenant(
+      subscriptionSlug,
+      tenantId
+    );
+    // Validate in case there is no any already subscription.
+    if (!subscription) {
+      return res.boom.badRequest('Tenant has no subscription.', {
+        errors: [{ type: 'TENANT.HAS.NO.SUBSCRIPTION' }],
+      });
+    }
+    const isMethodSupported = SupportedMethods.includes(req.method);
+    const isSubscriptionInactive = subscription.inactive();
+
+    if (isMethodSupported && isSubscriptionInactive) {
+      return res.boom.badRequest(null, {
+        errors: [{ type: 'ORGANIZATION.SUBSCRIPTION.INACTIVE' }],
+      });
+    }
+    next();
+  };

packages/server/src/api/middleware/TenantDependencyInjection.ts

@@ -4,6 +4,7 @@ import { Request } from 'express';
 import TenancyService from '@/services/Tenancy/TenancyService';
 import TenantsManagerService from '@/services/Tenancy/TenantsManager';
 import rtlDetect from 'rtl-detect';
+import { Tenant } from '@/system/models';
 
 export default (req: Request, tenant: ITenant) => {
   const { id: tenantId, organizationId } = tenant;
@@ -16,7 +17,7 @@ export default (req: Request, tenant: ITenant) => {
 
   const tenantContainer = tenantServices.tenantContainer(tenantId);
 
-  tenantContainer.set('i18n', injectI18nUtils(req));
+  tenantContainer.set('i18n', injectI18nUtils());
 
   const knexInstance = tenantServices.knex(tenantId);
   const models = tenantServices.models(tenantId);
@@ -33,14 +34,35 @@ export default (req: Request, tenant: ITenant) => {
 };
 
 export const injectI18nUtils = (req) => {
-  const locale = req.getLocale();
+  const globalI18n = Container.get('i18n');
+  const locale = globalI18n.getLocale();
   const direction = rtlDetect.getLangDir(locale);
 
   return {
     locale,
-    __: req.__,
+    __: globalI18n.__,
     direction,
     isRtl: direction === 'rtl',
     isLtr: direction === 'ltr',
   };
 };
+
+export const initalizeTenantServices = async (tenantId: number) => {
+  const tenant = await Tenant.query()
+    .findById(tenantId)
+    .withGraphFetched('metadata');
+
+  const tenantServices = Container.get(TenancyService);
+  const tenantsManager = Container.get(TenantsManagerService);
+
+  // Initialize the knex instance.
+  tenantsManager.setupKnexInstance(tenant);
+
+  const tenantContainer = tenantServices.tenantContainer(tenantId);
+  tenantContainer.set('i18n', injectI18nUtils());
+
+  tenantServices.knex(tenantId);
+  tenantServices.models(tenantId);
+  tenantServices.repositories(tenantId);
+  tenantServices.cache(tenantId);
+};

packages/server/src/commands/bigcapital.ts

@@ -4,6 +4,7 @@ import color from 'colorette';
 import argv from 'getopts';
 import Knex from 'knex';
 import { knexSnakeCaseMappers } from 'objection';
+import { PromisePool } from '@supercharge/promise-pool';
 import '../before';
 import config from '../config';
 
@@ -28,7 +29,7 @@ function initSystemKnex() {
   });
 }
 
-function initTenantKnex(organizationId) {
+function initTenantKnex(organizationId: string = '') {
   return Knex({
     client: config.tenant.db_client,
     connection: {
@@ -71,6 +72,12 @@ function getAllSystemTenants(knex) {
   return knex('tenants');
 }
 
+function getAllInitializedTenants(knex) {
+  return knex('tenants').whereNotNull('initializedAt');
+}
+
+const MIGRATION_CONCURRENCY = 10;
+
 // module.exports = {
 //   log,
 //   success,
@@ -87,6 +94,7 @@ function getAllSystemTenants(knex) {
 // - bigcapital tenants:migrate:make
 // - bigcapital system:migrate:make
 // - bigcapital tenants:list
+// - bigcapital tenants:list --all
 
 commander
   .command('system:migrate:rollback')
@@ -145,10 +153,13 @@ commander
 commander
   .command('tenants:list')
   .description('Retrieve a list of all system tenants databases.')
+  .option('-a, --all', 'All tenants even are not initialized.')
   .action(async (cmd) => {
     try {
       const sysKnex = await initSystemKnex();
-      const tenants = await getAllSystemTenants(sysKnex);
+      const tenants = cmd?.all
+        ? await getAllSystemTenants(sysKnex)
+        : await getAllInitializedTenants(sysKnex);
 
       tenants.forEach((tenant) => {
         const dbName = `${config.tenant.db_name_prefix}${tenant.organizationId}`;
@@ -179,18 +190,20 @@ commander
 commander
   .command('tenants:migrate:latest')
   .description('Migrate all tenants or the given tenant id.')
-  .option('-t, --tenant_id [tenant_id]', 'Which tenant id do you migrate.')
+  .option(
+    '-t, --tenant_id [tenant_id]',
+    'Which organization id do you migrate.'
+  )
   .action(async (cmd) => {
     try {
       const sysKnex = await initSystemKnex();
-      const tenants = await getAllSystemTenants(sysKnex);
+      const tenants = await getAllInitializedTenants(sysKnex);
       const tenantsOrgsIds = tenants.map((tenant) => tenant.organizationId);
 
       if (cmd.tenant_id && tenantsOrgsIds.indexOf(cmd.tenant_id) === -1) {
         exit(`The given tenant id ${cmd.tenant_id} is not exists.`);
       }
       // Validate the tenant id exist first of all.
-      const migrateOpers = [];
       const migrateTenant = async (organizationId) => {
         try {
           const tenantKnex = await initTenantKnex(organizationId);
@@ -212,18 +225,17 @@ commander
         }
       };
       if (!cmd.tenant_id) {
-        tenants.forEach((tenant) => {
-          const oper = migrateTenant(tenant.organizationId);
-          migrateOpers.push(oper);
-        });
+        await PromisePool.withConcurrency(MIGRATION_CONCURRENCY)
+          .for(tenants)
+          .process((tenant, index, pool) => {
+            return migrateTenant(tenant.organizationId);
+          })
+          .then(() => {
+            success('All tenants are migrated.');
+          });
       } else {
-        const oper = migrateTenant(cmd.tenant_id);
-        migrateOpers.push(oper);
+        await migrateTenant(cmd.tenant_id);
       }
-
-      Promise.all(migrateOpers).then(() => {
-        success('All tenants are migrated.');
-      });
     } catch (error) {
       exit(error);
     }
@@ -232,19 +244,21 @@ commander
 commander
   .command('tenants:migrate:rollback')
   .description('Rollback the last batch of tenants migrations.')
-  .option('-t, --tenant_id [tenant_id]', 'Which tenant id do you migrate.')
+  .option(
+    '-t, --tenant_id [tenant_id]',
+    'Which organization id do you migrate.'
+  )
   .action(async (cmd) => {
     try {
       const sysKnex = await initSystemKnex();
-      const tenants = await getAllSystemTenants(sysKnex);
+      const tenants = await getAllInitializedTenants(sysKnex);
       const tenantsOrgsIds = tenants.map((tenant) => tenant.organizationId);
 
       if (cmd.tenant_id && tenantsOrgsIds.indexOf(cmd.tenant_id) === -1) {
         exit(`The given tenant id ${cmd.tenant_id} is not exists.`);
       }
 
-      const migrateOpers = [];
-      const migrateTenant = async (organizationId) => {
+      const migrateTenant = async (organizationId: string) => {
         try {
           const tenantKnex = await initTenantKnex(organizationId);
           const [batchNo, _log] = await tenantKnex.migrate.rollback();
@@ -265,19 +279,18 @@ commander
       };
 
       if (!cmd.tenant_id) {
-        tenants.forEach((tenant) => {
-          const oper = migrateTenant(tenant.organizationId);
-          migrateOpers.push(oper);
-        });
+        await PromisePool.withConcurrency(MIGRATION_CONCURRENCY)
+          .for(tenants)
+          .process((tenant, index, pool) => {
+            return migrateTenant(tenant.organizationId);
+          })
+          .then(() => {
+            success('All tenants are rollbacked.');
+          });
       } else {
-        const oper = migrateTenant(cmd.tenant_id);
-        migrateOpers.push(oper);
+        await migrateTenant(cmd.tenant_id);
       }
-      Promise.all(migrateOpers).then(() => {
-        success('All tenants are rollbacked.');
-      });
     } catch (error) {
       exit(error);
     }
   });
-

packages/server/src/config/index.ts

@@ -1,6 +1,6 @@
 import dotenv from 'dotenv';
 import path from 'path';
-import { toInteger } from 'lodash';
+import { defaultTo, toInteger } from 'lodash';
 import { castCommaListEnvVarToArray, parseBoolean } from '@/utils';
 
 dotenv.config();
@@ -32,7 +32,7 @@ module.exports = {
    */
   tenant: {
     db_client: process.env.TENANT_DB_CLIENT || process.env.DB_CLIENT || 'mysql',
-    db_name_prefix: process.env.TENANT_DB_NAME_PERFIX,
+    db_name_prefix: process.env.TENANT_DB_NAME_PERFIX || 'bigcapital_tenant_',
     db_host: process.env.TENANT_DB_HOST || process.env.DB_HOST,
     db_user: process.env.TENANT_DB_USER || process.env.DB_USER,
     db_password: process.env.TENANT_DB_PASSWORD || process.env.DB_PASSWORD,
@@ -55,7 +55,7 @@ module.exports = {
   mail: {
     host: process.env.MAIL_HOST,
     port: process.env.MAIL_PORT,
-    secure: !!parseInt(process.env.MAIL_SECURE, 10),
+    secure: parseBoolean(defaultTo(process.env.MAIL_SECURE, false), false),
     username: process.env.MAIL_USERNAME,
     password: process.env.MAIL_PASSWORD,
     from: process.env.MAIL_FROM_ADDRESS,
@@ -153,6 +153,16 @@ module.exports = {
     ),
   },
 
+  /**
+   * Sign-up email confirmation
+   */
+  signupConfirmation: {
+    enabled: parseBoolean<boolean>(
+      process.env.SIGNUP_EMAIL_CONFIRMATION,
+      false
+    ),
+  },
+
   /**
    * Puppeteer remote browserless connection.
    */
@@ -180,16 +190,67 @@ module.exports = {
     },
   },
 
+  /**
+   * Bank Synchronization.
+   */
+  bankSync: {
+    enabled: parseBoolean(defaultTo(process.env.BANKING_CONNECT, false), false),
+    provider: 'plaid',
+  },
+
   /**
    * Plaid.
    */
   plaid: {
     env: process.env.PLAID_ENV || 'sandbox',
     clientId: process.env.PLAID_CLIENT_ID,
-    secretDevelopment: process.env.PLAID_SECRET_DEVELOPMENT,
-    secretSandbox: process.env.PLAID_SECRET_SANDBOX,
-    redirectSandBox: process.env.PLAID_SANDBOX_REDIRECT_URI,
-    redirectDevelopment: process.env.PLAID_DEVELOPMENT_REDIRECT_URI,
-    linkWebhook: process.env.PLAID_LINK_WEBHOOK
+    secret: process.env.PLAID_SECRET,
+    linkWebhook: process.env.PLAID_LINK_WEBHOOK,
+  },
+
+  /**
+   * Lemon Squeezy.
+   */
+  lemonSqueezy: {
+    key: process.env.LEMONSQUEEZY_API_KEY,
+    storeId: process.env.LEMONSQUEEZY_STORE_ID,
+    webhookSecret: process.env.LEMONSQUEEZY_WEBHOOK_SECRET,
+    redirectTo: `${process.env.BASE_URL}/setup`,
+  },
+
+  /**
+   * Bigcapital (Cloud).
+   * NOTE: DO NOT CHANGE THIS OPTION OR ADD THIS ENV VAR.
+   */
+  hostedOnBigcapitalCloud: parseBoolean(
+    defaultTo(process.env.HOSTED_ON_BIGCAPITAL_CLOUD, false),
+    false
+  ),
+
+  /**
+   * S3 for documents.
+   */
+  s3: {
+    region: process.env.S3_REGION,
+    accessKeyId: process.env.S3_ACCESS_KEY_ID,
+    secretAccessKey: process.env.S3_SECRET_ACCESS_KEY,
+    endpoint: process.env.S3_ENDPOINT,
+    bucket: process.env.S3_BUCKET || 'bigcapital-documents',
+    forcePathStyle: parseBoolean(
+      defaultTo(process.env.S3_FORCE_PATH_STYLE, false),
+      false
+    ),
+  },
+
+  loops: {
+    apiKey: process.env.LOOPS_API_KEY,
+  },
+
+  /**
+   * One-click demo accounts.
+   */
+  oneClickDemoAccounts: {
+    enable: parseBoolean(process.env.ONE_CLICK_DEMO_ACCOUNTS, false),
+    demoUrl: process.env.ONE_CLICK_DEMO_ACCOUNTS_URL || '',
   },
 };

packages/server/src/data/TransactionTypes.ts

@@ -1,7 +1,16 @@
+export const CashflowTransactionTypes = {
+  OtherIncome: 'Other income',
+  OtherExpense: 'Other expense',
+  OwnerDrawing: 'Owner drawing',
+  OwnerContribution: 'Owner contribution',
+  TransferToAccount: 'Transfer to account',
+  TransferFromAccount: 'Transfer from account',
+};
+
 export const TransactionTypes = {
   SaleInvoice: 'Sale invoice',
   SaleReceipt: 'Sale receipt',
-  PaymentReceive: 'Payment receive',
+  PaymentReceive: 'Payment received',
   Bill: 'Bill',
   BillPayment: 'Payment made',
   VendorOpeningBalance: 'Vendor opening balance',
@@ -17,12 +26,10 @@ export const TransactionTypes = {
   OtherExpense: 'Other expense',
   OwnerDrawing: 'Owner drawing',
   InvoiceWriteOff: 'Invoice write-off',
-
   CreditNote: 'transaction_type.credit_note',
   VendorCredit: 'transaction_type.vendor_credit',
-
   RefundCreditNote: 'transaction_type.refund_credit_note',
   RefundVendorCredit: 'transaction_type.refund_vendor_credit',
-
   LandedCost: 'transaction_type.landed_cost',
+  CashflowTransaction: CashflowTransactionTypes,
 };

packages/server/src/database/migrations/20231108170207_create_storage_table.js

@@ -11,4 +11,4 @@ exports.up = function (knex) {
 
 exports.down = function (knex) {
   return knex.schema.dropTableIfExists('storage');
-};
+};

packages/server/src/database/migrations/20240228183404_create_uncateogrized_cashflow_transactions_table.js

@@ -0,0 +1,28 @@
+exports.up = function (knex) {
+  return knex.schema.createTable(
+    'uncategorized_cashflow_transactions',
+    (table) => {
+      table.increments('id');
+      table.date('date').index();
+      table.decimal('amount');
+      table.string('currency_code');
+      table.string('reference_no').index();
+      table.string('payee');
+      table
+        .integer('account_id')
+        .unsigned()
+        .references('id')
+        .inTable('accounts');
+      table.string('description');
+      table.string('categorize_ref_type');
+      table.integer('categorize_ref_id').unsigned();
+      table.boolean('categorized').defaultTo(false);
+      table.string('plaid_transaction_id');
+      table.timestamps();
+    }
+  );
+};
+
+exports.down = function (knex) {
+  return knex.schema.dropTableIfExists('uncategorized_cashflow_transactions');
+};

packages/server/src/database/migrations/20240304153926_add_uncategorized_transactions_column_to_accounts_table.js

@@ -0,0 +1,10 @@
+exports.up = function (knex) {
+  return knex.schema.table('accounts', (table) => {
+    table.integer('uncategorized_transactions').defaultTo(0);
+    table.boolean('is_system_account').defaultTo(true);
+    table.boolean('is_feeds_active').defaultTo(false);
+    table.datetime('last_feeds_updated_at').nullable();
+  });
+};
+
+exports.down = function (knex) {};

packages/server/src/database/migrations/20240308122047_add_uncategorized_transaction_id_to_cashflow_transactions.js

@@ -0,0 +1,15 @@
+exports.up = function (knex) {
+  return knex.schema.table('cashflow_transactions', (table) => {
+    table
+      .integer('uncategorized_transaction_id')
+      .unsigned()
+      .references('id')
+      .inTable('uncategorized_cashflow_transactions');
+  });
+};
+
+exports.down = function (knex) {
+  return knex.schema.table('cashflow_transactions', (table) => {
+    table.dropColumn('uncategorized_transaction_id');
+  });
+};