fix: Multi-lines transactions statements

fix: Rounding the total amount the pending and matched transactions

.all-contributorsrc

@@ -105,6 +105,51 @@
       "contributions": [
         "bug"
       ]
+    },
+    {
+      "login": "benpsnyder",
+      "name": "Ben Snyder",
+      "avatar_url": "https://avatars.githubusercontent.com/u/707567?v=4",
+      "profile": "https://snyder.tech",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "cloudsbird",
+      "name": "Vederis Leunardus",
+      "avatar_url": "https://avatars.githubusercontent.com/u/13505006?v=4",
+      "profile": "http://vederis.id",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "ccantrell72",
+      "name": "Chris Cantrell",
+      "avatar_url": "https://avatars.githubusercontent.com/u/104120598?v=4",
+      "profile": "http://www.pivoten.com",
+      "contributions": [
+        "bug"
+      ]
+    },
+    {
+      "login": "oleynikd",
+      "name": "Denis",
+      "avatar_url": "https://avatars.githubusercontent.com/u/3976868?v=4",
+      "profile": "https://github.com/oleynikd",
+      "contributions": [
+        "bug"
+      ]
+    },
+    {
+      "login": "mittalsam98",
+      "name": "Sachin Mittal",
+      "avatar_url": "https://avatars.githubusercontent.com/u/42431274?v=4",
+      "profile": "https://myself.vercel.app/",
+      "contributions": [
+        "bug"
+      ]
     }
   ],
   "contributorsPerLine": 7,

.env.example

@@ -48,6 +48,9 @@ SIGNUP_DISABLED=false
 SIGNUP_ALLOWED_DOMAINS=
 SIGNUP_ALLOWED_EMAILS=
 
+# Sign-up Email Confirmation
+SIGNUP_EMAIL_CONFIRMATION=false
+
 # API rate limit (points,duration,block duration).
 API_RATE_LIMIT=120,60,600
 
@@ -72,31 +75,17 @@ PLAID_ENV=sandbox
 # Your Plaid keys, which can be found in the Plaid Dashboard.
 # https://dashboard.plaid.com/account/keys
 PLAID_CLIENT_ID=
-PLAID_SECRET_DEVELOPMENT=
-PLAID_SECRET_SANDBOX=
-
+PLAID_SECRET=
 PLAID_LINK_WEBHOOK=
 
-# (Optional) Redirect URI settings section
-# Only required for OAuth redirect URI testing (not common on desktop):
-# Sandbox Mode:
-# Set the PLAID_SANDBOX_REDIRECT_URI below to 'http://localhost:3001/oauth-link'.
-# The OAuth redirect flow requires an endpoint on the developer's website
-# that the bank website should redirect to. You will also need to configure
-# this redirect URI for your client ID through the Plaid developer dashboard
-# at https://dashboard.plaid.com/team/api.
-# Development mode:
-# When running in development mode, you must use an https:// url.
-# You will need to configure this https:// redirect URI in the Plaid developer dashboard.
-# Instructions to create a self-signed certificate for localhost can be found at
-# https://github.com/plaid/pattern/blob/master/README.md#testing-oauth.
-# If your system is not set up to run localhost with https://, you will be unable to test
-# the OAuth in development and should leave the PLAID_DEVELOPMENT_REDIRECT_URI blank.
-
-PLAID_SANDBOX_REDIRECT_URI=
-PLAID_DEVELOPMENT_REDIRECT_URI=
-
 # https://docs.lemonsqueezy.com/guides/developer-guide/getting-started#create-an-api-key
 LEMONSQUEEZY_API_KEY=
 LEMONSQUEEZY_STORE_ID=
 LEMONSQUEEZY_WEBHOOK_SECRET=
+
+# S3 documents and attachments 
+S3_REGION=US
+S3_ACCESS_KEY_ID=
+S3_SECRET_ACCESS_KEY=
+S3_ENDPOINT=
+S3_BUCKET=

.github/workflows/build-deploy-container.yml

@@ -6,43 +6,66 @@ on:
   workflow_dispatch:
 
 env:
-  REGISTRY: ghcr.io
-  WEBAPP_IMAGE_NAME: bigcapital/bigcapital-webapp
-  SERVER_IMAGE_NAME: bigcapital/bigcapital-server
+  WEBAPP_IMAGE_NAME: bigcapitalhq/webapp
+  SERVER_IMAGE_NAME: bigcapitalhq/server
 
 jobs:
   build-publish-webapp:
+    strategy:
+      fail-fast: false
     name: Build and deploy webapp container
     runs-on: ubuntu-latest
     environment: production
     steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
       # Login to Container registry.
       - name: Log in to the Container registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
-            registry: ${{ env.REGISTRY }}
-            username: ${{ github.actor }}
-            password: ${{ secrets.GH_TOKEN }}
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
         with:
-            images: ${{ env.REGISTRY }}/${{ env.WEBAPP_IMAGE_NAME }}
+            images: ${{ env.WEBAPP_IMAGE_NAME }}
 
       # Builds and push the Docker image.
       - name: Build and push Docker image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
+        id: build
         with:
-            context: .
-            file: ./packages/webapp/Dockerfile
-            push: true
-            tags: ghcr.io/bigcapitalhq/webapp:latest
-            labels: ${{ steps.meta.outputs.labels }}
+          context: ./
+          file: ./packages/webapp/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: bigcapitalhq/webapp:latest, bigcapitalhq/webapp:${{github.ref_name}}
 
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-webapp
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
       # Send notification to Slack channel.
       - name: Slack Notification built and published webapp container successfully.
         uses: rtCamp/action-slack-notify@v2
@@ -53,29 +76,52 @@ jobs:
     name: Build and deploy server container
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
       # Login to Container registry.
       - name: Log in to the Container registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GH_TOKEN }}
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
 
       # Builds and push the Docker image.
       - name: Build and push Docker image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
+        id: build
         with:
           context: ./
           file: ./packages/server/Dockerfile
+          platforms: linux/amd64,linux/arm64
           push: true
-          tags: ghcr.io/bigcapitalhq/server:latest
+          tags: bigcapitalhq/server:latest, bigcapitalhq/server:${{github.ref_name}}
           labels: ${{ steps.meta.outputs.labels }}
 
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+  
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-server
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
       # Send notification to Slack channel.
       - name: Slack Notification built and published server container successfully.
         uses: rtCamp/action-slack-notify@v2
         env:
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

.github/workflows/build-deploy-develop-container.yaml

@@ -0,0 +1,127 @@
+# This workflow will build a docker container, publish it to Github Registry.
+name: Build and Deploy Develop Docker Container
+on:
+  push:
+    branches:
+      - develop
+
+env:
+  WEBAPP_IMAGE_NAME: bigcapitalhq/webapp
+  SERVER_IMAGE_NAME: bigcapitalhq/server
+
+jobs:
+  build-publish-webapp:
+    strategy:
+      fail-fast: false
+    name: Build and deploy webapp container
+    runs-on: ubuntu-latest
+    environment: production
+    steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Login to Container registry.
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.WEBAPP_IMAGE_NAME }}
+
+      # Builds and push the Docker image.
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        id: build
+        with:
+          context: ./
+          file: ./packages/webapp/Dockerfile
+          platforms: linux/amd64
+          push: true
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: bigcapitalhq/webapp:develop
+
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-webapp
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
+      # Send notification to Slack channel.
+      - name: Slack Notification built and published webapp container successfully.
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+
+  build-publish-server:
+    name: Build and deploy server container
+    runs-on: ubuntu-latest
+    steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Login to Container registry.
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      # Builds and push the Docker image.
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        id: build
+        with:
+          context: ./
+          file: ./packages/server/Dockerfile
+          platforms: linux/amd64
+          push: true
+          tags: bigcapitalhq/server:develop
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-server
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+      # Send notification to Slack channel.
+      - name: Slack Notification built and published server container successfully.
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

.github/workflows/e2e.yml

@@ -8,14 +8,14 @@ on:
       - '**.ts'
       - '**.tsx'
       - '**/tsconfig.json'
-      - 'yarn.lock'
+      - 'pnpm-lock.yaml'
       - '.github/workflows/e2e.yml'
   pull_request:
     paths:
       - '**.ts'
       - '**.tsx'
       - '**/tsconfig.json'
-      - 'yarn.lock'
+      - 'pnpm-lock.yaml'
       - '.github/workflows/e2e.yml'
 
 defaults:

.husky/commit-msg

@@ -1,4 +1,4 @@
 #!/usr/bin/env sh
 . "$(dirname -- "$0")/_/husky.sh"
 
-yarn commitlint --edit 
+pnpx commitlint --edit 

CHANGELOG.md

@@ -2,6 +2,127 @@
 
 All notable changes to Bigcapital server-side will be in this file.
 
+## [v0.18.0] - 10-08-2024
+
+* feat: Bank rules for automated categorization by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/511
+* feat: Categorize & match bank transaction by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/511
+* feat: Reconcile match transactions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/522
+* fix: Issues in matching transactions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/523
+* fix: Cashflow transactions types by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/524
+
+## [v0.17.5] - 17-06-2024
+
+* fix: Balance sheet and P/L nested accounts by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/501
+* fix: add space between buttons on floating actions bar by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/508
+* feat: Migrating to Envoy proxy instead of Nginx by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/509
+* fix: Disable email confirmation does not work with invited users by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/497
+* feat: Setting up the date format in the whole system dates by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/506
+
+## [0.17.0] - 04-06-2024
+
+### New
+
+* feat: Upload and attach documents by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/461
+* feat: Export resource tables to pdf by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/460
+* feat: Build and deploy develop Docker container by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/476
+* feat: Internal docker virtual network by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/478
+
+### Fixes
+
+* fix: Skip send confirmation email if disabled by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/459
+* fix: Lemon Squeezy redirect to base url by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/479
+* fix: Organize Plaid env variables for development and sandbox envs by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/480
+* fix: Plaid syncs deposit imports as withdrawals by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/481
+* fix: Validate the s3 configures exist by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/482
+* fix: Run migrations only for initialized tenants by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/484
+
+## [0.16.16] - 
+
+* feat: handle http exceptions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/456
+* feat: add the missing Newrelic env vars to docker-compose.prod file by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/457
+* fix: add the signup email confirmation env var by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/458
+
+## [0.16.14] - 
+
+* fix: Typo in setup wizard by @ccantrell72 in https://github.com/bigcapitalhq/bigcapital/pull/440
+* fix: Showing the real mail address on email confirmation view by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/445
+* fix: Auto-increment setting parsing by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/453
+
+## [0.16.12] - 
+
+* feat: Create a manifest list for `webapp` Docker image and push it to DockerHub. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/436
+* feat: Combine arm64 and amd64 in one Github action runner by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/437
+
+## [0.16.11] - 06-05-2024
+
+### improvements
+
+* feat: Export resource data to csv, xlsx by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/430
+* feat: User email verification after signing-up. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/426
+
+### Fixes
+* feat(repo): upgrade to latest lerna v8 and pnpm v9 by @benpsnyder in https://github.com/bigcapitalhq/bigcapital/pull/414
+* feat: Update Docker Build-Push Action and Add ARM64 Support by @cloudsbird in https://github.com/bigcapitalhq/bigcapital/pull/412
+* feat: Pushing docker containers by version tag by @cloudsbird in https://github.com/bigcapitalhq/bigcapital/pull/421
+
+## [0.16.10]
+
+* fix: Running migration Docker container on Windows by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/432
+
+## [0.16.9]
+
+* feat: New Relic for tracking by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/429
+
+## [0.16.8]
+
+* feat: Ability to enable/disable the bank connect feature by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/423
+
+## [0.16.6]
+
+* hotfix: fix the subscription plan when subscribe on cloud by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/422
+
+## [0.16.5]
+
+IMPORTANT: If you upgraded to the v0.16 recently you should upgrade to v0.16.4 as soon as possible, because there're some breaking changes affected the sign-in and some users reported couldn't sign-in.
+
+* feat: Seed free subscription to tenants that have no subscription. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/410
+
+## [0.16.3]
+
+* feat: Integrate Lemon Squeezy payment by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/402
+* feat: optimize the onboarding subscription experience. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/404
+* feat: subscription page content by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/405
+* feat: auto subscribe to free plan once signup on community version. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/406
+* chore: add default value to env variable by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/407
+* fix: absolute storage imports path. by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/408
+
+## [0.16.0]
+
+* feat: add convert to invoice button on estimate drawer toolbar by @ANasouf in https://github.com/bigcapitalhq/bigcapital/pull/361
+* feat(webapp): add mark as delivered to action bar of invoice details … by @ANasouf in https://github.com/bigcapitalhq/bigcapital/pull/360
+* feat(webapp): Dialog to choose the bank service provider by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/378
+* feat: Categorize the bank synced transactions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/377
+* feat: uncategorize the cashflow transaction by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/381
+* Import resources from csv/xlsx by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/382
+* feat(webapp): import resource UI by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/386
+* fix: import resources improvements by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/388
+* feat: add sample sheet to accounts and bank transactions by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/389
+* fix: show the unique row value in the import preview by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/392
+* feat: advanced parser for numeric and boolean import values by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/394
+* feat: validate the given imported sheet whether is empty by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/395
+* feat: linking relation with id in importing by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/393
+* feat: Aggregate rows import by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/396
+* feat: clean up the imported temp files by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/400
+* feat: add hints to import fields by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/401
+
+## [0.15.0]
+
+* feat: Printing financial reports by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/363
+* feat: Convert invoice status after sending mail notification by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/332
+* feat: Bigcapital <> Plaid Integration by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/346
+* fix: Broken transactions by vendor report by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/369
+* fix: Optimize the print style some financial reports by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/370
+
 ## [0.14.0] - 30-01-2024
 
 * feat: purchases by items exporting by @abouolia in https://github.com/bigcapitalhq/bigcapital/pull/327

README.md

@@ -1,6 +1,6 @@
 <p align="center">
   <p align="center">
-    <a href="https://bigcapital.ly" target="_blank">
+    <a href="https://bigcapital.app" target="_blank">
       <img src="https://raw.githubusercontent.com/abouolia/blog/main/public/bigcapital.svg" alt="Bigcapital" width="280" height="75">
     </a>
   </p>
@@ -27,7 +27,7 @@
   </p>
 
   <p align="center">
-    <a href="https://app.bigcapital.ly">Bigcapital Cloud</a>
+    <a href="https://my.bigcapital.app">Bigcapital Cloud</a>
   </p>
 </p>
 
@@ -51,7 +51,7 @@ Bigcapital is available open-source under AGPL license. You can host it on your
 
 ### Docker
 
-To get started with self-hosted with Docker and Docker Compose, take a look at the [Docker guide](https://docs.bigcapital.ly/deployment/docker).
+To get started with self-hosted with Docker and Docker Compose, take a look at the [Docker guide](https://docs.bigcapital.app/deployment/docker).
 
 ## Development
 
@@ -74,7 +74,7 @@ You can integrate Bigcapital API with your system to organize your transactions
 
 # Resources
 
-- [Documentation](https://docs.bigcapital.ly/) - Learn how to use.
+- [Documentation](https://docs.bigcapital.app/) - Learn how to use.
 - [Contribution](https://github.com/bigcapitalhq/bigcapital/blob/develop/CONTRIBUTING.md) - Welcome to any contributions.
 - [Discord](https://discord.com/invite/c8nPBJafeb) - Ask for help.
 - [Bug Tracker](https://github.com/bigcapitalhq/bigcapital/issues) - Notify us new bugs.
@@ -122,6 +122,13 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/ANasouf"><img src="https://avatars.githubusercontent.com/u/19536487?v=4?s=100" width="100px;" alt="ANasouf"/><br /><sub><b>ANasouf</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/commits?author=ANasouf" title="Code">💻</a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://ragnarlaud.dev"><img src="https://avatars.githubusercontent.com/u/3042904?v=4?s=100" width="100px;" alt="Ragnar Laud"/><br /><sub><b>Ragnar Laud</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/issues?q=author%3Axprnio" title="Bug reports">🐛</a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/asenawritescode"><img src="https://avatars.githubusercontent.com/u/67445192?v=4?s=100" width="100px;" alt="Asena"/><br /><sub><b>Asena</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/issues?q=author%3Aasenawritescode" title="Bug reports">🐛</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://snyder.tech"><img src="https://avatars.githubusercontent.com/u/707567?v=4?s=100" width="100px;" alt="Ben Snyder"/><br /><sub><b>Ben Snyder</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/commits?author=benpsnyder" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="http://vederis.id"><img src="https://avatars.githubusercontent.com/u/13505006?v=4?s=100" width="100px;" alt="Vederis Leunardus"/><br /><sub><b>Vederis Leunardus</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/commits?author=cloudsbird" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="http://www.pivoten.com"><img src="https://avatars.githubusercontent.com/u/104120598?v=4?s=100" width="100px;" alt="Chris Cantrell"/><br /><sub><b>Chris Cantrell</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/issues?q=author%3Accantrell72" title="Bug reports">🐛</a></td>
+    </tr>
+    <tr>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/oleynikd"><img src="https://avatars.githubusercontent.com/u/3976868?v=4?s=100" width="100px;" alt="Denis"/><br /><sub><b>Denis</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/issues?q=author%3Aoleynikd" title="Bug reports">🐛</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://myself.vercel.app/"><img src="https://avatars.githubusercontent.com/u/42431274?v=4?s=100" width="100px;" alt="Sachin Mittal"/><br /><sub><b>Sachin Mittal</b></sub></a><br /><a href="https://github.com/bigcapitalhq/bigcapital/issues?q=author%3Amittalsam98" title="Bug reports">🐛</a></td>
     </tr>
   </tbody>
 </table>

docker-compose.prod.yml

@@ -3,34 +3,31 @@
 version: '3.3'
 
 services:
-  nginx:
-    container_name: bigcapital-nginx-gateway
-    build:
-      context: ./docker/nginx
-      args:
-        - SERVER_PROXY_PORT=3000
-        - WEB_SSL=false
-        - SELF_SIGNED=false
-    volumes:
-      - ./data/logs/nginx/:/var/log/nginx
-      - ./docker/certbot/certs/:/var/certs
+  proxy:
+    image: envoyproxy/envoy:v1.30-latest
+    depends_on:
+      - server
+      - webapp
     ports:
       - '${PUBLIC_PROXY_PORT:-80}:80'
       - '${PUBLIC_PROXY_SSL_PORT:-443}:443'
     tty: true
-    depends_on:
-      - server
-      - webapp
+    volumes:
+      - ./docker/envoy/envoy.yaml:/etc/envoy/envoy.yaml
     restart: on-failure
+    networks:
+      - bigcapital_network
 
   webapp:
     container_name: bigcapital-webapp
-    image: ghcr.io/bigcapitalhq/webapp:latest
+    image: bigcapitalhq/webapp:latest
     restart: on-failure
+    networks:
+      - bigcapital_network
 
   server:
     container_name: bigcapital-server
-    image: ghcr.io/bigcapitalhq/server:latest
+    image: bigcapitalhq/server:latest
     expose:
       - '3000'
     links:
@@ -42,6 +39,8 @@ services:
       - mongo
       - redis
     restart: on-failure
+    networks:
+      - bigcapital_network
     environment:
       # Mail
       - MAIL_HOST=${MAIL_HOST}
@@ -82,18 +81,24 @@ services:
       - SIGNUP_ALLOWED_DOMAINS=${SIGNUP_ALLOWED_DOMAINS}
       - SIGNUP_ALLOWED_EMAILS=${SIGNUP_ALLOWED_EMAILS}
 
+      # Sign-up email confirmation
+      - SIGNUP_EMAIL_CONFIRMATION=${SIGNUP_EMAIL_CONFIRMATION}
+
       # Gotenberg (Pdf generator)
       - GOTENBERG_URL=${GOTENBERG_URL}
       - GOTENBERG_DOCS_URL=${GOTENBERG_DOCS_URL}
 
+      # Exchange Rate
+      - EXCHANGE_RATE_SERVICE=${EXCHANGE_RATE_SERVICE}
+      - OPEN_EXCHANGE_RATE_APP_ID-${OPEN_EXCHANGE_RATE_APP_ID}
+
       # Bank Sync
       - BANKING_CONNECT=${BANKING_CONNECT}
 
       # Plaid
       - PLAID_ENV=${PLAID_ENV}
       - PLAID_CLIENT_ID=${PLAID_CLIENT_ID}
-      - PLAID_SECRET_DEVELOPMENT=${PLAID_SECRET_DEVELOPMENT}
-      - PLAID_SECRET_SANDBOX=${b8cf42b441e110451e2f69ad7e1e9f}
+      - PLAID_SECRET=${PLAID_SECRET}
       - PLAID_LINK_WEBHOOK=${PLAID_LINK_WEBHOOK}
 
       # Lemon Squeez
@@ -108,7 +113,15 @@ services:
       - NEW_RELIC_AI_MONITORING_ENABLED=${NEW_RELIC_AI_MONITORING_ENABLED}
       - NEW_RELIC_CUSTOM_INSIGHTS_EVENTS_MAX_SAMPLES_STORED=${NEW_RELIC_CUSTOM_INSIGHTS_EVENTS_MAX_SAMPLES_STORED}
       - NEW_RELIC_SPAN_EVENTS_MAX_SAMPLES_STORED=${NEW_RELIC_SPAN_EVENTS_MAX_SAMPLES_STORED}
+      - NEW_RELIC_LICENSE_KEY=${NEW_RELIC_LICENSE_KEY}
+      - NEW_RELIC_APP_NAME=${NEW_RELIC_APP_NAME}
 
+      # S3
+      - S3_REGION=${S3_REGION}
+      - S3_ACCESS_KEY_ID=${S3_ACCESS_KEY_ID}
+      - S3_SECRET_ACCESS_KEY=${S3_SECRET_ACCESS_KEY}
+      - S3_ENDPOINT=${S3_ENDPOINT}
+      - S3_BUCKET=${S3_BUCKET}
 
   database_migration:
     container_name: bigcapital-database-migration
@@ -126,6 +139,8 @@ services:
       - TENANT_DB_NAME_PERFIX=${TENANT_DB_NAME_PERFIX}
     depends_on:
       - mysql
+    networks:
+      - bigcapital_network
 
   mysql:
     container_name: bigcapital-mysql
@@ -141,6 +156,8 @@ services:
       - mysql:/var/lib/mysql
     expose:
       - '3306'
+    networks:
+      - bigcapital_network
 
   mongo:
     container_name: bigcapital-mongo
@@ -150,6 +167,8 @@ services:
       - '27017'
     volumes:
       - mongo:/var/lib/mongodb
+    networks:
+      - bigcapital_network
 
   redis:
     container_name: bigcapital-redis
@@ -160,11 +179,15 @@ services:
       - '6379'
     volumes:
       - redis:/data
+    networks:
+      - bigcapital_network
 
   gotenberg:
     image: gotenberg/gotenberg:7
     expose:
       - '9000'
+    networks:
+      - bigcapital_network
 
 # Volumes
 volumes:
@@ -179,3 +202,8 @@ volumes:
   redis:
     name: bigcapital_prod_redis
     driver: local
+
+# Networks
+networks:
+  bigcapital_network:
+    driver: bridge

docker/envoy/envoy.yaml

@@ -0,0 +1,62 @@
+static_resources:
+  listeners:
+    - name: listener_0
+      address:
+        socket_address:
+          address: 0.0.0.0
+          port_value: 80
+      filter_chains:
+        - filters:
+            - name: envoy.filters.network.http_connection_manager
+              typed_config:
+                '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                stat_prefix: ingress_http
+                route_config:
+                  name: local_route
+                  virtual_hosts:
+                    - name: backend
+                      domains: ['*']
+                      routes:
+                        - match:
+                            prefix: '/api'
+                          route:
+                            cluster: dynamic_server
+                        - match:
+                            prefix: '/'
+                          route:
+                            cluster: webapp
+                http_filters:
+                  - name: envoy.filters.http.router
+                    typed_config:
+                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+
+  clusters:
+    - name: dynamic_server
+      connect_timeout: 0.25s
+      type: STRICT_DNS
+      dns_lookup_family: V4_ONLY
+      lb_policy: ROUND_ROBIN
+      load_assignment:
+        cluster_name: dynamic_server
+        endpoints:
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: server
+                      port_value: 3000
+
+    - name: webapp
+      connect_timeout: 0.25s
+      type: STRICT_DNS
+      dns_lookup_family: V4_ONLY
+      lb_policy: ROUND_ROBIN
+      load_assignment:
+        cluster_name: webapp
+        endpoints:
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: webapp
+                      port_value: 80

docker/migration/Dockerfile

@@ -1,4 +1,4 @@
-FROM ghcr.io/bigcapitalhq/server:latest as build
+FROM bigcapitalhq/server:latest as build
 
 ARG DB_HOST= \
   DB_USER= \
@@ -34,7 +34,5 @@ WORKDIR /app/packages/server
 
 RUN git clone https://github.com/vishnubob/wait-for-it.git
 
-ADD docker/migration/start.sh /
-RUN chmod +x /start.sh
-
-CMD ["/start.sh"]
+# Once we listen the mysql port run the migration task.
+CMD ./wait-for-it/wait-for-it.sh mysql:3306 -- sh -c "node ./build/commands.js system:migrate:latest && node ./build/commands.js tenants:migrate:latest"

docker/migration/start.sh

@@ -1,5 +0,0 @@
-# Migrate the master system database.
-./wait-for-it/wait-for-it.sh mysql:3306 -- node ./build/commands.js system:migrate:latest
-
-# Migrate all tenants.
-./wait-for-it/wait-for-it.sh mysql:3306 -- node ./build/commands.js tenants:migrate:latest

docker/nginx/Dockerfile

@@ -1,21 +0,0 @@
-FROM nginx:1.11
-
-RUN mkdir /etc/nginx/sites-available && rm /etc/nginx/conf.d/default.conf
-ADD nginx.conf /etc/nginx/
-
-COPY scripts /root/scripts/
-COPY certs /etc/ssl/
-
-COPY sites /etc/nginx/templates
-
-ARG SERVER_PROXY_PORT=3000
-ARG WEB_SSL=false
-ARG SELF_SIGNED=false
-
-ENV SERVER_PROXY_PORT=$SERVER_PROXY_PORT
-ENV WEB_SSL=$WEB_SSL
-ENV SELF_SIGNED=$SELF_SIGNED
-
-RUN /bin/bash /root/scripts/build-nginx.sh
-
-CMD nginx

docker/nginx/nginx.conf

@@ -1,33 +0,0 @@
-user www-data;
-worker_processes auto;
-pid /run/nginx.pid;
-daemon off;
-
-events {
-  worker_connections  2048;
-  use epoll;
-}
-
-http {
-  server_tokens off;
-  sendfile on;
-  tcp_nopush on;
-  tcp_nodelay on;
-  keepalive_timeout 15;
-  types_hash_max_size 2048;
-  client_max_body_size 20M;
-  open_file_cache max=100;
-  gzip on;
-  gzip_disable "msie6";
-
-  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-  ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
-
-  include /etc/nginx/mime.types;
-  default_type application/octet-stream;
-
-  include /etc/nginx/conf.d/*.conf;
-  include /etc/nginx/sites-available/*;
-  access_log /var/log/nginx/access.log;
-  error_log /var/log/nginx/error.log;
-}

docker/nginx/scripts/build-nginx.sh

@@ -1,9 +0,0 @@
-#!/bin/bash
-
-for conf in /etc/nginx/templates/*.conf; do
-  mv $conf "/etc/nginx/sites-available/"$(basename $conf) > /dev/null
-done
-
-for template in /etc/nginx/templates/*.template; do
-  envsubst < $template > "/etc/nginx/sites-available/"$(basename $template)".conf"
-done

docker/nginx/sites/server.template

@@ -1,16 +0,0 @@
-server {
-  listen 80 default_server;
-
-  location /api {
-    proxy_pass http://server:${SERVER_PROXY_PORT};
-  }
-
-  location / {
-    proxy_pass http://webapp;
-  }
-
-  location /.well-known/acme-challenge/ {
-    root /var/www/letsencrypt/;
-    log_not_found off;
-  }
-}

lerna.json

@@ -2,6 +2,7 @@
   "$schema": "node_modules/lerna/schemas/lerna-schema.json",
   "version": "independent",
   "npmClient": "pnpm",
-  "useWorkspaces": true,
-  "packages": ["packages/*"]
-}
+  "packages": [
+    "packages/*"
+  ]
+}

package.json

@@ -19,7 +19,8 @@
     "@faker-js/faker": "^8.0.2",
     "@playwright/test": "^1.32.3",
     "husky": "^8.0.3",
-    "lerna": "^6.4.1"
+    "lerna": "^8.1.2",
+    "pnpm": "^9.0.5"
   },
   "engines": {
     "node": "16.x || 17.x || 18.x"

packages/server/.gitignore

@@ -3,4 +3,6 @@
 stdout.log
 /dist
 /build
-/public/imports
+/public/imports
+
+dist

packages/server/Dockerfile

@@ -92,8 +92,8 @@ RUN npm install -g pnpm
 # Copy application dependency manifests to the container image.
 COPY ./package*.json ./
 COPY ./pnpm-lock.yaml ./pnpm-lock.yaml
-COPY ./pnpm-workspace.yaml ./pnpm-workspace.yaml
 COPY ./lerna.json ./lerna.json
+COPY ./pnpm-workspace.yaml ./pnpm-workspace.yaml
 COPY ./packages/server/package*.json ./packages/server/
 
 # Install application dependencies

packages/server/package.json

@@ -20,9 +20,13 @@
     "bigcapital": "./bin/bigcapital.js"
   },
   "dependencies": {
+    "@aws-sdk/client-s3": "^3.576.0",
+    "@aws-sdk/s3-request-presigner": "^3.583.0",
     "@casl/ability": "^5.4.3",
     "@hapi/boom": "^7.4.3",
     "@lemonsqueezy/lemonsqueezy.js": "^2.2.0",
+    "@supercharge/promise-pool": "^3.2.0",
+    "@types/express": "^4.17.21",
     "@types/i18n": "^0.8.7",
     "@types/knex": "^0.16.1",
     "@types/mathjs": "^6.0.12",
@@ -73,12 +77,14 @@
     "lru-cache": "^6.0.0",
     "mathjs": "^9.4.0",
     "memory-cache": "^0.2.0",
+    "mime-types": "^2.1.35",
     "moment": "^2.24.0",
     "moment-range": "^4.0.2",
     "moment-timezone": "^0.5.43",
     "mongodb": "^6.1.0",
     "mongoose": "^5.10.0",
     "multer": "1.4.5-lts.1",
+    "multer-s3": "^3.0.1",
     "mustache": "^3.0.3",
     "mysql": "^2.17.1",
     "mysql2": "^1.6.5",
@@ -113,6 +119,7 @@
   },
   "devDependencies": {
     "@types/lodash": "^4.14.158",
+    "@types/multer": "^1.4.11",
     "@types/ramda": "^0.27.64",
     "@typescript-eslint/eslint-plugin": "^5.50.0",
     "@typescript-eslint/parser": "^5.50.0",

packages/server/resources/locales/en.json

@@ -244,6 +244,7 @@
   "account.field.active": "Active",
   "account.field.currency": "Currency",
   "account.field.balance": "Balance",
+  "account.field.bank_balance": "Bank Balance",
   "account.field.parent_account": "Parent Account",
   "account.field.created_at": "Created at",
   "item.field.type": "Item Type",
@@ -331,7 +332,7 @@
   "bill_payment.field.reference_no": "Reference No.",
   "bill_payment.field.description": "Description",
   "bill_payment.field.exchange_rate": "Exchange Rate",
-  "bill_payment.field.statement": "Statement",
+  "bill_payment.field.note": "Note",
   "bill_payment.field.entries.bill": "Bill No.",
   "bill_payment.field.entries.payment_amount": "Payment Amount",
   "bill_payment.field.reference": "Reference No.",
@@ -431,6 +432,7 @@
   "vendor.field.created_at": "Created at",
   "vendor.field.balance": "Balance",
   "vendor.field.status": "Status",
+  "vendor.field.note": "Note",
   "vendor.field.currency": "Currency",
   "vendor.field.status.active": "Active",
   "vendor.field.status.inactive": "Inactive",

packages/server/resources/scss/modules/export-resource-table.scss

@@ -0,0 +1,38 @@
+@import "../base.scss";
+
+body {
+  font-family: system-ui,-apple-system,"Segoe UI",Roboto,"Helvetica Neue","Noto Sans","Liberation Sans",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";
+  font-size: 12px;
+  line-height: 1.4;
+  margin: 0;
+}
+.sheet__title{
+  margin-bottom: 18px;
+}
+.sheet__title h2{
+  line-height: 1;
+  margin-top: 0;
+  margin-bottom: 10px;
+  font-size: 16px;
+}
+.sheet__table {
+  font-size: inherit;
+  line-height: inherit;
+  width: 100%;
+}
+.sheet__table {
+  table-layout: auto;
+  border-collapse: collapse;  
+  width: 100%;
+}
+.sheet__table thead tr th {
+  border-top: 1px solid #000;
+  border-bottom: 1px solid #000;
+  background: #fff;
+  padding: 8px;
+  line-height: 1.2;
+}
+.sheet__table tbody tr td {
+  padding: 4px 8px;
+  border-bottom: 1px solid #CCC;    
+}

packages/server/resources/views/modules/export-resource-table.pug

@@ -0,0 +1,24 @@
+block head
+  style 
+    include ../../css/modules/export-resource-table.css
+
+style.
+  !{customCSS}
+
+block content 
+  .sheet
+    .sheet__title 
+      h2.sheetTitle= sheetTitle
+      p.sheetDesc= sheetDescription
+
+    table.sheet__table
+      thead
+        tr
+          each column in table.columns
+            th(style=column.style class='column--' + column.key)= column.name
+      tbody
+        each row in table.rows
+          tr(class=row.classNames)
+            each cell in row.cells 
+              td(class='cell--' + cell.key)
+                span!= cell.value

packages/server/scripts/gulpConfig.js

@@ -70,6 +70,10 @@ module.exports = {
         src: `${RESOURCES_PATH}/scss/modules/financial-sheet.scss`,
         dest: `${RESOURCES_PATH}/css/modules`,
       },
+      {
+        src: `${RESOURCES_PATH}/scss/modules/export-resource-table.scss`,
+        dest: `${RESOURCES_PATH}/css/modules`,
+      },
     ],
     // RTL builds.
     rtl: [

packages/server/src/api/controllers/Accounts.ts

@@ -103,24 +103,20 @@ export default class AccountsController extends BaseController {
       check('name')
         .exists()
         .isLength({ min: 3, max: DATATYPES_LENGTH.STRING })
-        .trim()
-        .escape(),
+        .trim(),
       check('code')
         .optional({ nullable: true })
         .isLength({ min: 3, max: 6 })
-        .trim()
-        .escape(),
+        .trim(),
       check('currency_code').optional(),
       check('account_type')
         .exists()
         .isLength({ min: 3, max: DATATYPES_LENGTH.STRING })
-        .trim()
-        .escape(),
+        .trim(),
       check('description')
         .optional({ nullable: true })
         .isLength({ max: DATATYPES_LENGTH.TEXT })
-        .trim()
-        .escape(),
+        .trim(),
       check('parent_account_id')
         .optional({ nullable: true })
         .isInt({ min: 0, max: DATATYPES_LENGTH.INT_10 })
@@ -136,23 +132,19 @@ export default class AccountsController extends BaseController {
       check('name')
         .exists()
         .isLength({ min: 3, max: DATATYPES_LENGTH.STRING })
-        .trim()
-        .escape(),
+        .trim(),
       check('code')
         .optional({ nullable: true })
         .isLength({ min: 3, max: 6 })
-        .trim()
-        .escape(),
+        .trim(),
       check('account_type')
         .exists()
         .isLength({ min: 3, max: DATATYPES_LENGTH.STRING })
-        .trim()
-        .escape(),
+        .trim(),
       check('description')
         .optional({ nullable: true })
         .isLength({ max: DATATYPES_LENGTH.TEXT })
-        .trim()
-        .escape(),
+        .trim(),
       check('parent_account_id')
         .optional({ nullable: true })
         .isInt({ min: 0, max: DATATYPES_LENGTH.INT_10 })
@@ -207,7 +199,6 @@ export default class AccountsController extends BaseController {
         tenantId,
         accountDTO
       );
-
       return res.status(200).send({
         id: account.id,
         message: 'The account has been created successfully.',

packages/server/src/api/controllers/Attachments/AttachmentsController.ts

@@ -0,0 +1,266 @@
+import mime from 'mime-types';
+import { Service, Inject } from 'typedi';
+import { Router, Response, NextFunction, Request } from 'express';
+import { body, param } from 'express-validator';
+import BaseController from '@/api/controllers/BaseController';
+import { AttachmentsApplication } from '@/services/Attachments/AttachmentsApplication';
+import { AttachmentUploadPipeline } from '@/services/Attachments/S3UploadPipeline';
+
+@Service()
+export class AttachmentsController extends BaseController {
+  @Inject()
+  private attachmentsApplication: AttachmentsApplication;
+
+  @Inject()
+  private uploadPipelineService: AttachmentUploadPipeline;
+
+  /**
+   * Router constructor.
+   */
+  public router() {
+    const router = Router();
+
+    router.post(
+      '/',
+      this.uploadPipelineService.validateS3Configured,
+      this.uploadPipelineService.uploadPipeline().single('file'),
+      this.validateUploadedFileExistance,
+      this.uploadAttachment.bind(this)
+    );
+    router.delete(
+      '/:id',
+      [param('id').exists()],
+      this.validationResult,
+      this.deleteAttachment.bind(this)
+    );
+    router.get(
+      '/:id',
+      [param('id').exists()],
+      this.validationResult,
+      this.getAttachment.bind(this)
+    );
+    router.post(
+      '/:id/link',
+      [body('modelRef').exists(), body('modelId').exists()],
+      this.validationResult
+    );
+    router.post(
+      '/:id/link',
+      [body('modelRef').exists(), body('modelId').exists()],
+      this.validationResult,
+      this.linkDocument.bind(this)
+    );
+    router.post(
+      '/:id/unlink',
+      [body('modelRef').exists(), body('modelId').exists()],
+      this.validationResult,
+      this.unlinkDocument.bind(this)
+    );
+    router.get(
+      '/:id/presigned-url',
+      [param('id').exists()],
+      this.validationResult,
+      this.getAttachmentPresignedUrl.bind(this)
+    );
+    return router;
+  }
+
+  /**
+   * Validates the upload file existance.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Response|void}
+   */
+  private validateUploadedFileExistance(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    if (!req.file) {
+      return res.boom.badRequest(null, {
+        errorType: 'FILE_UPLOAD_FAILED',
+        message: 'Now file uploaded.',
+      });
+    }
+    next();
+  }
+
+  /**
+   * Uploads the attachments to S3 and store the file metadata to DB.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Response|void}
+   */
+  private async uploadAttachment(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const file = req.file;
+
+    try {
+      const data = await this.attachmentsApplication.upload(tenantId, file);
+
+      return res.status(200).send({
+        status: 200,
+        message: 'The document has uploaded successfully.',
+        data,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the given attachment key.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|void>}
+   */
+  private async getAttachment(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { id } = req.params;
+
+    try {
+      const data = await this.attachmentsApplication.get(tenantId, id);
+
+      const byte = await data.Body.transformToByteArray();
+      const extension = mime.extension(data.ContentType);
+      const buffer = Buffer.from(byte);
+
+      res.set(
+        'Content-Disposition',
+        `filename="${req.params.id}.${extension}"`
+      );
+      res.set('Content-Type', data.ContentType);
+      res.send(buffer);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Deletes the given document key.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|void>}
+   */
+  private async deleteAttachment(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { id: documentId } = req.params;
+
+    try {
+      await this.attachmentsApplication.delete(tenantId, documentId);
+
+      return res.status(200).send({
+        status: 200,
+        message: 'The document has been delete successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Links the given document key.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|void>}
+   */
+  private async linkDocument(
+    req: Request,
+    res: Response,
+    next: Function
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { id: documentId } = req.params;
+    const { modelRef, modelId } = this.matchedBodyData(req);
+
+    try {
+      await this.attachmentsApplication.link(
+        tenantId,
+        documentId,
+        modelRef,
+        modelId
+      );
+      return res.status(200).send({
+        status: 200,
+        message: 'The document has been linked successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Links the given document key.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|void>}
+   */
+  private async unlinkDocument(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { id: documentId } = req.params;
+    const { modelRef, modelId } = this.matchedBodyData(req);
+
+    try {
+      await this.attachmentsApplication.link(
+        tenantId,
+        documentId,
+        modelRef,
+        modelId
+      );
+      return res.status(200).send({
+        status: 200,
+        message: 'The document has been linked successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retreives the presigned url of the given attachment key.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|void>}
+   */
+  private async getAttachmentPresignedUrl(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { id: documentKey } = req.params;
+
+    try {
+      const presignedUrl = await this.attachmentsApplication.getPresignedUrl(
+        tenantId,
+        documentKey
+      );
+      return res.status(200).send({ presignedUrl });
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Authentication.ts

@@ -9,6 +9,8 @@ import { DATATYPES_LENGTH } from '@/data/DataTypes';
 import LoginThrottlerMiddleware from '@/api/middleware/LoginThrottlerMiddleware';
 import AuthenticationApplication from '@/services/Authentication/AuthApplication';
 
+import JWTAuth from '@/api/middleware/jwtAuth';
+import AttachCurrentTenantUser from '@/api/middleware/AttachCurrentTenantUser';
 @Service()
 export default class AuthenticationController extends BaseController {
   @Inject()
@@ -28,6 +30,20 @@ export default class AuthenticationController extends BaseController {
       asyncMiddleware(this.login.bind(this)),
       this.handlerErrors
     );
+    router.use('/register/verify/resend', JWTAuth);
+    router.use('/register/verify/resend', AttachCurrentTenantUser);
+    router.post(
+      '/register/verify/resend',
+      asyncMiddleware(this.registerVerifyResendMail.bind(this)),
+      this.handlerErrors
+    );
+    router.post(
+      '/register/verify',
+      this.signupVerifySchema,
+      this.validationResult,
+      asyncMiddleware(this.registerVerify.bind(this)),
+      this.handlerErrors
+    );
     router.post(
       '/register',
       this.registerSchema,
@@ -74,31 +90,38 @@ export default class AuthenticationController extends BaseController {
         .exists()
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('last_name')
         .exists()
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('email')
         .exists()
         .isString()
         .isEmail()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('password')
         .exists()
         .isString()
         .isLength({ min: 6 })
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
     ];
   }
 
+  private get signupVerifySchema(): ValidationChain[] {
+    return [
+      check('email')
+        .exists()
+        .isString()
+        .isEmail()
+        .isLength({ max: DATATYPES_LENGTH.STRING }),
+      check('token').exists().isString(),
+    ];
+  }
+
   /**
    * Reset password schema.
    * @returns {ValidationChain[]}
@@ -123,7 +146,7 @@ export default class AuthenticationController extends BaseController {
    * @returns {ValidationChain[]}
    */
   private get sendResetPasswordSchema(): ValidationChain[] {
-    return [check('email').exists().isEmail().trim().escape()];
+    return [check('email').exists().isEmail().trim()];
   }
 
   /**
@@ -131,7 +154,11 @@ export default class AuthenticationController extends BaseController {
    * @param {Request} req
    * @param {Response} res
    */
-  private async login(req: Request, res: Response, next: Function): Response {
+  private async login(
+    req: Request,
+    res: Response,
+    next: Function
+  ): Promise<Response | null> {
     const userDTO: ILoginDTO = this.matchedBodyData(req);
 
     try {
@@ -166,6 +193,58 @@ export default class AuthenticationController extends BaseController {
     }
   }
 
+  /**
+   * Verifies the provider user's email after signin-up.
+   * @param {Request} req
+   * @param {Response}| res
+   * @param {Function} next
+   * @returns {Response|void}
+   */
+  private async registerVerify(req: Request, res: Response, next: Function) {
+    const signUpVerifyDTO: { email: string; token: string } =
+      this.matchedBodyData(req);
+
+    try {
+      const user = await this.authApplication.signUpConfirm(
+        signUpVerifyDTO.email,
+        signUpVerifyDTO.token
+      );
+      return res.status(200).send({
+        type: 'success',
+        message: 'The given user has verified successfully',
+        user,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Resends the confirmation email to the user.
+   * @param {Request} req
+   * @param {Response}| res
+   * @param {Function} next
+   */
+  private async registerVerifyResendMail(
+    req: Request,
+    res: Response,
+    next: Function
+  ) {
+    const { user } = req;
+
+    try {
+      const data = await this.authApplication.signUpConfirmResend(user.id);
+
+      return res.status(200).send({
+        type: 'success',
+        message: 'The given user has verified successfully',
+        data,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
   /**
    * Send reset password handler
    * @param {Request} req

packages/server/src/api/controllers/Banking/BankAccountsController.ts

@@ -0,0 +1,218 @@
+import { Inject, Service } from 'typedi';
+import { NextFunction, Request, Response, Router } from 'express';
+import { param, query } from 'express-validator';
+import BaseController from '@/api/controllers/BaseController';
+import { GetBankAccountSummary } from '@/services/Banking/BankAccounts/GetBankAccountSummary';
+import { BankAccountsApplication } from '@/services/Banking/BankAccounts/BankAccountsApplication';
+import { GetPendingBankAccountTransactions } from '@/services/Cashflow/GetPendingBankAccountTransaction';
+
+@Service()
+export class BankAccountsController extends BaseController {
+  @Inject()
+  private getBankAccountSummaryService: GetBankAccountSummary;
+
+  @Inject()
+  private bankAccountsApp: BankAccountsApplication;
+
+  @Inject()
+  private getPendingTransactionsService: GetPendingBankAccountTransactions;
+
+  /**
+   * Router constructor.
+   */
+  router() {
+    const router = Router();
+
+    router.get('/:bankAccountId/meta', this.getBankAccountSummary.bind(this));
+    router.get(
+      '/pending_transactions',
+      [
+        query('account_id').optional().isNumeric().toInt(),
+        query('page').optional().isNumeric().toInt(),
+        query('page_size').optional().isNumeric().toInt(),
+      ],
+      this.validationResult,
+      this.getBankAccountsPendingTransactions.bind(this)
+    );
+    router.post(
+      '/:bankAccountId/disconnect',
+      this.disconnectBankAccount.bind(this)
+    );
+    router.post('/:bankAccountId/update', this.refreshBankAccount.bind(this));
+    router.post(
+      '/:bankAccountId/pause_feeds',
+      [param('bankAccountId').exists().isNumeric().toInt()],
+      this.validationResult,
+      this.pauseBankAccountFeeds.bind(this)
+    );
+    router.post(
+      '/:bankAccountId/resume_feeds',
+      [param('bankAccountId').exists().isNumeric().toInt()],
+      this.validationResult,
+      this.resumeBankAccountFeeds.bind(this)
+    );
+
+    return router;
+  }
+
+  /**
+   * Retrieves the bank account meta summary.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  async getBankAccountSummary(
+    req: Request<{ bankAccountId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { bankAccountId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      const data =
+        await this.getBankAccountSummaryService.getBankAccountSummary(
+          tenantId,
+          bankAccountId
+        );
+      return res.status(200).send({ data });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the bank account pending transactions.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  async getBankAccountsPendingTransactions(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const query = this.matchedQueryData(req);
+
+    try {
+      const data =
+        await this.getPendingTransactionsService.getPendingTransactions(
+          tenantId,
+          query
+        );
+      return res.status(200).send(data);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Disonnect the given bank account.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  async disconnectBankAccount(
+    req: Request<{ bankAccountId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { bankAccountId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      await this.bankAccountsApp.disconnectBankAccount(tenantId, bankAccountId);
+
+      return res.status(200).send({
+        id: bankAccountId,
+        message: 'The bank account has been disconnected.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Refresh the given bank account.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  async refreshBankAccount(
+    req: Request<{ bankAccountId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { bankAccountId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      await this.bankAccountsApp.refreshBankAccount(tenantId, bankAccountId);
+
+      return res.status(200).send({
+        id: bankAccountId,
+        message: 'The bank account has been disconnected.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Resumes the bank account feeds sync.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response | void>}
+   */
+  async resumeBankAccountFeeds(
+    req: Request<{ bankAccountId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { bankAccountId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      await this.bankAccountsApp.resumeBankAccount(tenantId, bankAccountId);
+
+      return res.status(200).send({
+        message: 'The bank account feeds syncing has been resumed.',
+        id: bankAccountId,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Pauses the bank account feeds sync.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response | void>}
+   */
+  async pauseBankAccountFeeds(
+    req: Request<{ bankAccountId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { bankAccountId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      await this.bankAccountsApp.pauseBankAccount(tenantId, bankAccountId);
+
+      return res.status(200).send({
+        message: 'The bank account feeds syncing has been paused.',
+        id: bankAccountId,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Banking/BankTransactionsMatchingController.ts

@@ -0,0 +1,101 @@
+import { Inject, Service } from 'typedi';
+import { body, param } from 'express-validator';
+import { NextFunction, Request, Response, Router } from 'express';
+import BaseController from '@/api/controllers/BaseController';
+import { MatchBankTransactionsApplication } from '@/services/Banking/Matching/MatchBankTransactionsApplication';
+
+@Service()
+export class BankTransactionsMatchingController extends BaseController {
+  @Inject()
+  private bankTransactionsMatchingApp: MatchBankTransactionsApplication;
+
+  /**
+   * Router constructor.
+   */
+  public router() {
+    const router = Router();
+
+    router.post(
+      '/unmatch/:transactionId',
+      [param('transactionId').exists()],
+      this.validationResult,
+      this.unmatchMatchedBankTransaction.bind(this)
+    );
+    router.post(
+      '/match',
+      [
+        body('uncategorizedTransactions').exists().isArray({ min: 1 }),
+        body('uncategorizedTransactions.*').isNumeric().toInt(),
+
+        body('matchedTransactions').isArray({ min: 1 }),
+        body('matchedTransactions.*.reference_type').exists(),
+        body('matchedTransactions.*.reference_id').isNumeric().toInt(),
+      ],
+      this.validationResult,
+      this.matchBankTransaction.bind(this)
+    );
+    return router;
+  }
+
+  /**
+   * Matches the given bank transaction.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  private async matchBankTransaction(
+    req: Request<{ transactionId: number }>,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | null> {
+    const { tenantId } = req;
+    const bodyData = this.matchedBodyData(req);
+
+    const uncategorizedTransactions = bodyData?.uncategorizedTransactions;
+    const matchedTransactions = bodyData?.matchedTransactions;
+
+    try {
+      await this.bankTransactionsMatchingApp.matchTransaction(
+        tenantId,
+        uncategorizedTransactions,
+        matchedTransactions
+      );
+      return res.status(200).send({
+        ids: uncategorizedTransactions,
+        message: 'The bank transaction has been matched.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Unmatches the matched bank transaction.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  private async unmatchMatchedBankTransaction(
+    req: Request<{ transactionId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const { transactionId } = req.params;
+
+    try {
+      await this.bankTransactionsMatchingApp.unmatchMatchedTransaction(
+        tenantId,
+        transactionId
+      );
+      return res.status(200).send({
+        id: transactionId,
+        message: 'The bank matched transaction has been unmatched.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Banking/BankingController.ts

@@ -2,17 +2,38 @@ import Container, { Inject, Service } from 'typedi';
 import { Router } from 'express';
 import BaseController from '@/api/controllers/BaseController';
 import { PlaidBankingController } from './PlaidBankingController';
+import { BankingRulesController } from './BankingRulesController';
+import { BankTransactionsMatchingController } from './BankTransactionsMatchingController';
+import { RecognizedTransactionsController } from './RecognizedTransactionsController';
+import { BankAccountsController } from './BankAccountsController';
+import { BankingUncategorizedController } from './BankingUncategorizedController';
 
 @Service()
 export class BankingController extends BaseController {
   /**
    * Router constructor.
    */
-  router() {
+  public router() {
     const router = Router();
 
     router.use('/plaid', Container.get(PlaidBankingController).router());
-
+    router.use('/rules', Container.get(BankingRulesController).router());
+    router.use(
+      '/matches',
+      Container.get(BankTransactionsMatchingController).router()
+    );
+    router.use(
+      '/recognized',
+      Container.get(RecognizedTransactionsController).router()
+    );
+    router.use(
+      '/bank_accounts',
+      Container.get(BankAccountsController).router()
+    );
+    router.use(
+      '/categorize',
+      Container.get(BankingUncategorizedController).router()
+    );
     return router;
   }
 }

packages/server/src/api/controllers/Banking/BankingRulesController.ts

@@ -0,0 +1,205 @@
+import { Inject, Service } from 'typedi';
+import { NextFunction, Request, Response, Router } from 'express';
+import BaseController from '@/api/controllers/BaseController';
+import { BankRulesApplication } from '@/services/Banking/Rules/BankRulesApplication';
+import { body, param } from 'express-validator';
+import {
+  ICreateBankRuleDTO,
+  IEditBankRuleDTO,
+} from '@/services/Banking/Rules/types';
+
+@Service()
+export class BankingRulesController extends BaseController {
+  @Inject()
+  private bankRulesApplication: BankRulesApplication;
+
+  /**
+   * Bank rule DTO validation schema.
+   */
+  private get bankRuleValidationSchema() {
+    return [
+      body('name').isString().exists(),
+      body('order').isInt({ min: 0 }),
+
+      // Apply to if transaction is.
+      body('apply_if_account_id')
+        .isInt({ min: 0 })
+        .optional({ nullable: true }),
+      body('apply_if_transaction_type').isIn(['deposit', 'withdrawal']),
+
+      // Conditions
+      body('conditions_type').isString().isIn(['and', 'or']).default('and'),
+      body('conditions').isArray({ min: 1 }),
+      body('conditions.*.field').exists().isIn(['description', 'amount']),
+      body('conditions.*.comparator')
+        .exists()
+        .isIn(['equals', 'contains', 'not_contain'])
+        .default('contain')
+        .trim(),
+      body('conditions.*.value').exists().trim(),
+
+      // Assign
+      body('assign_category').isString(),
+      body('assign_account_id').isInt({ min: 0 }),
+      body('assign_payee').isString().optional({ nullable: true }),
+      body('assign_memo').isString().optional({ nullable: true }),
+    ];
+  }
+
+  /**
+   * Router constructor.
+   */
+  public router() {
+    const router = Router();
+
+    router.post(
+      '/',
+      [...this.bankRuleValidationSchema],
+      this.validationResult,
+      this.createBankRule.bind(this)
+    );
+    router.post(
+      '/:id',
+      [param('id').toInt().exists(), ...this.bankRuleValidationSchema],
+      this.validationResult,
+      this.editBankRule.bind(this)
+    );
+    router.delete(
+      '/:id',
+      [param('id').toInt().exists()],
+      this.validationResult,
+      this.deleteBankRule.bind(this)
+    );
+    router.get(
+      '/:id',
+      [param('id').toInt().exists()],
+      this.validationResult,
+      this.getBankRule.bind(this)
+    );
+    router.get(
+      '/',
+      [param('id').toInt().exists()],
+      this.validationResult,
+      this.getBankRules.bind(this)
+    );
+    return router;
+  }
+
+  /**
+   * Creates a new bank rule.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async createBankRule(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const createBankRuleDTO = this.matchedBodyData(req) as ICreateBankRuleDTO;
+
+    try {
+      const bankRule = await this.bankRulesApplication.createBankRule(
+        tenantId,
+        createBankRuleDTO
+      );
+      return res.status(200).send({
+        id: bankRule.id,
+        message: 'The bank rule has been created successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Edits the given bank rule.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async editBankRule(req: Request, res: Response, next: NextFunction) {
+    const { tenantId } = req;
+    const { id: ruleId } = req.params;
+    const editBankRuleDTO = this.matchedBodyData(req) as IEditBankRuleDTO;
+
+    try {
+      await this.bankRulesApplication.editBankRule(
+        tenantId,
+        ruleId,
+        editBankRuleDTO
+      );
+      return res.status(200).send({
+        id: ruleId,
+        message: 'The bank rule has been updated successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Deletes the given bank rule.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async deleteBankRule(
+    req: Request<{ id: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { id: ruleId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      await this.bankRulesApplication.deleteBankRule(tenantId, ruleId);
+
+      return res
+        .status(200)
+        .send({ message: 'The bank rule has been deleted.', id: ruleId });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieve the given bank rule.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async getBankRule(req: Request, res: Response, next: NextFunction) {
+    const { id: ruleId } = req.params;
+    const { tenantId } = req;
+
+    try {
+      const bankRule = await this.bankRulesApplication.getBankRule(
+        tenantId,
+        ruleId
+      );
+
+      return res.status(200).send({ bankRule });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the bank rules.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async getBankRules(req: Request, res: Response, next: NextFunction) {
+    const { tenantId } = req;
+
+    try {
+      const bankRules = await this.bankRulesApplication.getBankRules(tenantId);
+      return res.status(200).send({ bankRules });
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Banking/BankingUncategorizedController.ts

@@ -0,0 +1,57 @@
+import { Inject, Service } from 'typedi';
+import { NextFunction, Request, Response, Router } from 'express';
+import { query } from 'express-validator';
+import BaseController from '../BaseController';
+import { GetAutofillCategorizeTransaction } from '@/services/Banking/RegonizeTranasctions/GetAutofillCategorizeTransaction';
+
+@Service()
+export class BankingUncategorizedController extends BaseController {
+  @Inject()
+  private getAutofillCategorizeTransactionService: GetAutofillCategorizeTransaction;
+
+  /**
+   * Router constructor.
+   */
+  router() {
+    const router = Router();
+
+    router.get(
+      '/autofill',
+      [
+        query('uncategorizedTransactionIds').isArray({ min: 1 }),
+        query('uncategorizedTransactionIds.*').isNumeric().toInt(),
+      ],
+      this.validationResult,
+      this.getAutofillCategorizeTransaction.bind(this)
+    );
+    return router;
+  }
+
+  /**
+   * Retrieves the autofill values of the categorize form of the given
+   * uncategorized transactions.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response | null>}
+   */
+  public async getAutofillCategorizeTransaction(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const uncategorizedTransactionIds = req.query.uncategorizedTransactionIds;
+
+    try {
+      const data =
+        await this.getAutofillCategorizeTransactionService.getAutofillCategorizeTransaction(
+          tenantId,
+          uncategorizedTransactionIds
+        );
+      return res.status(200).send({ data });
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Banking/ExcludeBankTransactionsController.ts

@@ -0,0 +1,197 @@
+import { Inject, Service } from 'typedi';
+import { body, param, query } from 'express-validator';
+import { NextFunction, Request, Response, Router } from 'express';
+import BaseController from '../BaseController';
+import { ExcludeBankTransactionsApplication } from '@/services/Banking/Exclude/ExcludeBankTransactionsApplication';
+import { map, parseInt, trim } from 'lodash';
+
+@Service()
+export class ExcludeBankTransactionsController extends BaseController {
+  @Inject()
+  private excludeBankTransactionApp: ExcludeBankTransactionsApplication;
+
+  /**
+   * Router constructor.
+   */
+  public router() {
+    const router = Router();
+
+    router.put(
+      '/transactions/exclude',
+      [body('ids').exists()],
+      this.validationResult,
+      this.excludeBulkBankTransactions.bind(this)
+    );
+    router.put(
+      '/transactions/unexclude',
+      [body('ids').exists()],
+      this.validationResult,
+      this.unexcludeBulkBankTransactins.bind(this)
+    );
+    router.put(
+      '/transactions/:transactionId/exclude',
+      [param('transactionId').exists().toInt()],
+      this.validationResult,
+      this.excludeBankTransaction.bind(this)
+    );
+    router.put(
+      '/transactions/:transactionId/unexclude',
+      [param('transactionId').exists()],
+      this.validationResult,
+      this.unexcludeBankTransaction.bind(this)
+    );
+    router.get(
+      '/excluded',
+      [
+        query('account_id').optional().isNumeric().toInt(),
+        query('page').optional().isNumeric().toInt(),
+        query('page_size').optional().isNumeric().toInt(),
+      ],
+      this.validationResult,
+      this.getExcludedBankTransactions.bind(this)
+    );
+    return router;
+  }
+
+  /**
+   * Marks a bank transaction as excluded.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns
+   */
+  private async excludeBankTransaction(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { transactionId } = req.params;
+
+    try {
+      await this.excludeBankTransactionApp.excludeBankTransaction(
+        tenantId,
+        transactionId
+      );
+      return res.status(200).send({
+        message: 'The bank transaction has been excluded.',
+        id: transactionId,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Marks a bank transaction as not excluded.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|void>}
+   */
+  private async unexcludeBankTransaction(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const { transactionId } = req.params;
+
+    try {
+      await this.excludeBankTransactionApp.unexcludeBankTransaction(
+        tenantId,
+        transactionId
+      );
+      return res.status(200).send({
+        message: 'The bank transaction has been unexcluded.',
+        id: transactionId,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Exclude bank transactions in bulk.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async excludeBulkBankTransactions(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const { ids } = this.matchedBodyData(req);
+
+    try {
+      await this.excludeBankTransactionApp.excludeBankTransactions(
+        tenantId,
+        ids
+      );
+      return res.status(200).send({
+        message: 'The given bank transactions have been excluded',
+        ids,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Unexclude the given bank transactions in bulk.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response | null>}
+   */
+  private async unexcludeBulkBankTransactins(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | null> {
+    const { tenantId } = req;
+    const { ids } = this.matchedBodyData(req);
+
+    try {
+      await this.excludeBankTransactionApp.unexcludeBankTransactions(
+        tenantId,
+        ids
+      );
+      return res.status(200).send({
+        message: 'The given bank transactions have been excluded',
+        ids,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the excluded uncategorized bank transactions.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  private async getExcludedBankTransactions(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<Response | void> {
+    const { tenantId } = req;
+    const filter = this.matchedQueryData(req);
+
+    try {
+      const data =
+        await this.excludeBankTransactionApp.getExcludedBankTransactions(
+          tenantId,
+          filter
+        );
+      return res.status(200).send(data);
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Banking/RecognizedTransactionsController.ts

@@ -0,0 +1,87 @@
+import { Inject, Service } from 'typedi';
+import { NextFunction, Request, Response, Router } from 'express';
+import { query } from 'express-validator';
+import BaseController from '@/api/controllers/BaseController';
+import { CashflowApplication } from '@/services/Cashflow/CashflowApplication';
+
+@Service()
+export class RecognizedTransactionsController extends BaseController {
+  @Inject()
+  private cashflowApplication: CashflowApplication;
+
+  /**
+   * Router constructor.
+   */
+  router() {
+    const router = Router();
+
+    router.get(
+      '/',
+      [
+        query('page').optional().isNumeric().toInt(),
+        query('page_size').optional().isNumeric().toInt(),
+        query('account_id').optional().isNumeric().toInt(),
+      ],
+      this.validationResult,
+      this.getRecognizedTransactions.bind(this)
+    );
+    router.get(
+      '/transactions/:uncategorizedTransactionId',
+      this.getRecognizedTransaction.bind(this)
+    );
+
+    return router;
+  }
+
+  /**
+   * Retrieves the recognized bank transactions.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  async getRecognizedTransactions(
+    req: Request<{ accountId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const filter = this.matchedQueryData(req);
+    const { tenantId } = req;
+
+    try {
+      const data = await this.cashflowApplication.getRecognizedTransactions(
+        tenantId,
+        filter
+      );
+      return res.status(200).send(data);
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Retrieves the recognized transaction of the ginen uncategorized transaction.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  async getRecognizedTransaction(
+    req: Request<{ uncategorizedTransactionId: number }>,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const { uncategorizedTransactionId } = req.params;
+
+    try {
+      const data = await this.cashflowApplication.getRecognizedTransaction(
+        tenantId,
+        uncategorizedTransactionId
+      );
+      return res.status(200).send({ data });
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Cashflow/CashflowController.ts

@@ -4,6 +4,7 @@ import CommandCashflowTransaction from './NewCashflowTransaction';
 import DeleteCashflowTransaction from './DeleteCashflowTransaction';
 import GetCashflowTransaction from './GetCashflowTransaction';
 import GetCashflowAccounts from './GetCashflowAccounts';
+import { ExcludeBankTransactionsController } from '../Banking/ExcludeBankTransactionsController';
 
 @Service()
 export default class CashflowController {
@@ -14,6 +15,7 @@ export default class CashflowController {
     const router = Router();
 
     router.use(Container.get(CommandCashflowTransaction).router());
+    router.use(Container.get(ExcludeBankTransactionsController).router());
     router.use(Container.get(GetCashflowTransaction).router());
     router.use(Container.get(GetCashflowAccounts).router());
     router.use(Container.get(DeleteCashflowTransaction).router());

packages/server/src/api/controllers/Cashflow/GetCashflowAccounts.ts

@@ -31,7 +31,6 @@ export default class GetCashflowAccounts extends BaseController {
         query('search_keyword').optional({ nullable: true }).isString().trim(),
       ],
       this.asyncMiddleware(this.getCashflowAccounts),
-      this.catchServiceErrors
     );
     return router;
   }
@@ -67,22 +66,4 @@ export default class GetCashflowAccounts extends BaseController {
       next(error);
     }
   };
-
-  /**
-   * Catches the service errors.
-   * @param {Error} error - Error.
-   * @param {Request} req - Request.
-   * @param {Response} res - Response.
-   * @param {NextFunction} next -
-   */
-  private catchServiceErrors(
-    error,
-    req: Request,
-    res: Response,
-    next: NextFunction
-  ) {
-    if (error instanceof ServiceError) {
-    }
-    next(error);
-  }
 }

packages/server/src/api/controllers/Cashflow/GetCashflowTransaction.ts

@@ -1,23 +1,37 @@
 import { Service, Inject } from 'typedi';
 import { Router, Request, Response, NextFunction } from 'express';
-import { param } from 'express-validator';
+import { param, query } from 'express-validator';
 import BaseController from '../BaseController';
 import { ServiceError } from '@/exceptions';
 import CheckPolicies from '@/api/middleware/CheckPolicies';
 import { AbilitySubject, CashflowAction } from '@/interfaces';
 import { CashflowApplication } from '@/services/Cashflow/CashflowApplication';
+import { GetMatchedTransactionsFilter } from '@/services/Banking/Matching/types';
+import { MatchBankTransactionsApplication } from '@/services/Banking/Matching/MatchBankTransactionsApplication';
 
 @Service()
 export default class GetCashflowAccounts extends BaseController {
   @Inject()
   private cashflowApplication: CashflowApplication;
 
+  @Inject()
+  private bankTransactionsMatchingApp: MatchBankTransactionsApplication;
+
   /**
    * Controller router.
    */
   public router() {
     const router = Router();
 
+    router.get(
+      '/transactions/matches',
+      [
+        query('uncategorizeTransactionsIds').exists().isArray({ min: 1 }),
+        query('uncategorizeTransactionsIds.*').exists().isNumeric().toInt(),
+      ],
+      this.validationResult,
+      this.getMatchedTransactions.bind(this)
+    );
     router.get(
       '/transactions/:transactionId',
       CheckPolicies(CashflowAction.View, AbilitySubject.Cashflow),
@@ -35,7 +49,7 @@ export default class GetCashflowAccounts extends BaseController {
    * @param {NextFunction} next
    */
   private getCashflowTransaction = async (
-    req: Request,
+    req: Request<{ transactionId: number }>,
     res: Response,
     next: NextFunction
   ) => {
@@ -47,7 +61,6 @@ export default class GetCashflowAccounts extends BaseController {
         tenantId,
         transactionId
       );
-
       return res.status(200).send({
         cashflow_transaction: this.transfromToResponse(cashflowTransaction),
       });
@@ -56,6 +69,39 @@ export default class GetCashflowAccounts extends BaseController {
     }
   };
 
+  /**
+   * Retrieves the matched transactions.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   */
+  private async getMatchedTransactions(
+    req: Request<
+      { transactionId: number },
+      null,
+      null,
+      { uncategorizeTransactionsIds: Array<number> }
+    >,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const uncategorizeTransactionsIds = req.query.uncategorizeTransactionsIds;
+    const filter = this.matchedQueryData(req) as GetMatchedTransactionsFilter;
+
+    try {
+      const data =
+        await this.bankTransactionsMatchingApp.getMatchedTransactions(
+          tenantId,
+          uncategorizeTransactionsIds,
+          filter
+        );
+      return res.status(200).send(data);
+    } catch (error) {
+      next(error);
+    }
+  }
+
   /**
    * Catches the service errors.
    * @param {Error} error - Error.

packages/server/src/api/controllers/Cashflow/NewCashflowTransaction.ts

@@ -1,10 +1,15 @@
 import { Service, Inject } from 'typedi';
-import { ValidationChain, check, param, query } from 'express-validator';
+import { ValidationChain, body, check, param, query } from 'express-validator';
 import { Router, Request, Response, NextFunction } from 'express';
+import { omit } from 'lodash';
 import BaseController from '../BaseController';
 import { ServiceError } from '@/exceptions';
 import CheckPolicies from '@/api/middleware/CheckPolicies';
-import { AbilitySubject, CashflowAction } from '@/interfaces';
+import {
+  AbilitySubject,
+  CashflowAction,
+  ICategorizeCashflowTransactioDTO,
+} from '@/interfaces';
 import { CashflowApplication } from '@/services/Cashflow/CashflowApplication';
 
 @Service()
@@ -38,13 +43,23 @@ export default class NewCashflowTransactionController extends BaseController {
       this.asyncMiddleware(this.newCashflowTransaction),
       this.catchServiceErrors
     );
+    router.post(
+      '/transactions/uncategorize/bulk',
+      [
+        body('ids').isArray({ min: 1 }),
+        body('ids.*').exists().isNumeric().toInt(),
+      ],
+      this.validationResult,
+      this.uncategorizeBulkTransactions.bind(this),
+      this.catchServiceErrors
+    );
     router.post(
       '/transactions/:id/uncategorize',
       this.revertCategorizedCashflowTransaction,
       this.catchServiceErrors
     );
     router.post(
-      '/transactions/:id/categorize',
+      '/transactions/categorize',
       this.categorizeCashflowTransactionValidationSchema,
       this.validationResult,
       this.categorizeCashflowTransaction,
@@ -89,6 +104,7 @@ export default class NewCashflowTransactionController extends BaseController {
    */
   public get categorizeCashflowTransactionValidationSchema() {
     return [
+      check('uncategorized_transaction_ids').exists().isArray({ min: 1 }),
       check('date').exists().isISO8601().toDate(),
       check('credit_account_id').exists().isInt().toInt(),
       check('transaction_number').optional(),
@@ -106,12 +122,11 @@ export default class NewCashflowTransactionController extends BaseController {
   public get newTransactionValidationSchema() {
     return [
       check('date').exists().isISO8601().toDate(),
-      check('reference_no').optional({ nullable: true }).trim().escape(),
+      check('reference_no').optional({ nullable: true }).trim(),
       check('description')
         .optional({ nullable: true })
         .isLength({ min: 3 })
-        .trim()
-        .escape(),
+        .trim(),
       check('transaction_type').exists(),
 
       check('amount').exists().isFloat().toFloat(),
@@ -161,7 +176,7 @@ export default class NewCashflowTransactionController extends BaseController {
    * @param {NextFunction} next
    */
   private revertCategorizedCashflowTransaction = async (
-    req: Request,
+    req: Request<{ id: number }>,
     res: Response,
     next: NextFunction
   ) => {
@@ -179,6 +194,34 @@ export default class NewCashflowTransactionController extends BaseController {
     }
   };
 
+  /**
+   * Uncategorize the given transactions in bulk.
+   * @param {Request<{}>} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response | null>}
+   */
+  private uncategorizeBulkTransactions = async (
+    req: Request<{}>,
+    res: Response,
+    next: NextFunction
+  ) => {
+    const { tenantId } = req;
+    const { ids: uncategorizedTransactionIds } = this.matchedBodyData(req);
+
+    try {
+      await this.cashflowApplication.uncategorizeTransactions(
+        tenantId,
+        uncategorizedTransactionIds
+      );
+      return res.status(200).send({
+        message: 'The given transactions have been uncategorized successfully.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  };
+
   /**
    * Categorize the cashflow transaction.
    * @param {Request} req
@@ -191,14 +234,19 @@ export default class NewCashflowTransactionController extends BaseController {
     next: NextFunction
   ) => {
     const { tenantId } = req;
-    const { id: cashflowTransactionId } = req.params;
-    const cashflowTransaction = this.matchedBodyData(req);
+    const matchedObject = this.matchedBodyData(req);
+    const categorizeDTO = omit(matchedObject, [
+      'uncategorizedTransactionIds',
+    ]) as ICategorizeCashflowTransactioDTO;
+
+    const uncategorizedTransactionIds =
+      matchedObject.uncategorizedTransactionIds;
 
     try {
       await this.cashflowApplication.categorizeTransaction(
         tenantId,
-        cashflowTransactionId,
-        cashflowTransaction
+        uncategorizedTransactionIds,
+        categorizeDTO
       );
       return res.status(200).send({
         message: 'The cashflow transaction has been created successfully.',
@@ -269,7 +317,7 @@ export default class NewCashflowTransactionController extends BaseController {
    * @param {NextFunction} next
    */
   public getUncategorizedCashflowTransactions = async (
-    req: Request,
+    req: Request<{ id: number }>,
     res: Response,
     next: NextFunction
   ) => {

packages/server/src/api/controllers/Contacts/Contacts.ts

@@ -56,7 +56,7 @@ export default class ContactsController extends BaseController {
    */
   get autocompleteQuerySchema() {
     return [
-      query('column_sort_by').optional().trim().escape(),
+      query('column_sort_by').optional().trim(),
       query('sort_order').optional().isIn(['desc', 'asc']),
 
       query('stringified_filter_roles').optional().isJSON(),
@@ -122,32 +122,27 @@ export default class ContactsController extends BaseController {
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('first_name')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('last_name')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('company_name')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
 
       check('display_name')
         .exists()
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
 
       check('email')
@@ -165,120 +160,101 @@ export default class ContactsController extends BaseController {
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('personal_phone')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
 
       check('billing_address_1')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_2')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_city')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_country')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_email')
         .optional({ nullable: true })
         .isString()
         .isEmail()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_postcode')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_phone')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('billing_address_state')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
 
       check('shipping_address_1')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_2')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_city')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_country')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_email')
         .optional({ nullable: true })
         .isString()
         .isEmail()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_postcode')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_phone')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('shipping_address_state')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
 
       check('note')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.TEXT }),
       check('active').optional().isBoolean().toBoolean(),
     ];

packages/server/src/api/controllers/Contacts/Customers.ts

@@ -106,11 +106,7 @@ export default class CustomersController extends ContactsController {
    */
   get customerDTOSchema() {
     return [
-      check('customer_type')
-        .exists()
-        .isIn(['business', 'individual'])
-        .trim()
-        .escape(),
+      check('customer_type').exists().isIn(['business', 'individual']).trim(),
     ];
   }
 
@@ -123,7 +119,6 @@ export default class CustomersController extends ContactsController {
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: 3 }),
     ];
   }
@@ -133,7 +128,7 @@ export default class CustomersController extends ContactsController {
    */
   get validateListQuerySchema() {
     return [
-      query('column_sort_by').optional().trim().escape(),
+      query('column_sort_by').optional().trim(),
       query('sort_order').optional().isIn(['desc', 'asc']),
 
       query('page').optional().isNumeric().toInt(),

packages/server/src/api/controllers/Contacts/Vendors.ts

@@ -106,7 +106,6 @@ export default class VendorsController extends ContactsController {
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ min: 3, max: 3 }),
     ];
   }

packages/server/src/api/controllers/Currencies.ts

@@ -67,7 +67,7 @@ export default class CurrenciesController extends BaseController {
   }
 
   get currencyParamSchema(): ValidationChain[] {
-    return [param('currency_code').exists().trim().escape()];
+    return [param('currency_code').exists().trim()];
   }
 
   get listSchema(): ValidationChain[] {
@@ -187,11 +187,13 @@ export default class CurrenciesController extends BaseController {
       }
       if (error.errorType === 'currency_code_exists') {
         return res.boom.badRequest(null, {
-          errors: [{
-            type: 'CURRENCY_CODE_EXISTS',
-            message: 'The given currency code is already exists.',
-            code: 200,
-           }],
+          errors: [
+            {
+              type: 'CURRENCY_CODE_EXISTS',
+              message: 'The given currency code is already exists.',
+              code: 200,
+            },
+          ],
         });
       }
       if (error.errorType === 'CANNOT_DELETE_BASE_CURRENCY') {

packages/server/src/api/controllers/Dashboard/index.ts

@@ -5,7 +5,7 @@ import DashboardService from '@/services/Dashboard/DashboardService';
 @Service()
 export default class DashboardMetaController {
   @Inject()
-  dashboardService: DashboardService;
+  private dashboardService: DashboardService;
 
   /**
    * Constructor router.

packages/server/src/api/controllers/Expenses/Expenses.ts

@@ -84,12 +84,11 @@ export class ExpensesController extends BaseController {
   /**
    * Expense DTO schema.
    */
-  get expenseDTOSchema() {
+  private get expenseDTOSchema() {
     return [
       check('reference_no')
         .optional({ nullable: true })
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('payment_date').exists().isISO8601().toDate(),
       check('payment_account_id')
@@ -123,13 +122,15 @@ export class ExpensesController extends BaseController {
       check('categories.*.description')
         .optional()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('categories.*.landed_cost').optional().isBoolean().toBoolean(),
       check('categories.*.project_id')
         .optional({ nullable: true })
         .isInt({ max: DATATYPES_LENGTH.INT_10 })
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -141,7 +142,6 @@ export class ExpensesController extends BaseController {
       check('reference_no')
         .optional({ nullable: true })
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('payment_date').exists().isISO8601().toDate(),
       check('payment_account_id')
@@ -176,13 +176,15 @@ export class ExpensesController extends BaseController {
       check('categories.*.description')
         .optional()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('categories.*.landed_cost').optional().isBoolean().toBoolean(),
       check('categories.*.project_id')
         .optional({ nullable: true })
         .isInt({ max: DATATYPES_LENGTH.INT_10 })
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -269,7 +271,7 @@ export class ExpensesController extends BaseController {
    * @param {Response} res
    * @param {NextFunction} next
    */
-  async deleteExpense(req: Request, res: Response, next: NextFunction) {
+  private async deleteExpense(req: Request, res: Response, next: NextFunction) {
     const { tenantId, user } = req;
     const { id: expenseId } = req.params;
 
@@ -291,7 +293,11 @@ export class ExpensesController extends BaseController {
    * @param {Response} res
    * @param {NextFunction} next
    */
-  async publishExpense(req: Request, res: Response, next: NextFunction) {
+  private async publishExpense(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
     const { tenantId, user } = req;
     const { id: expenseId } = req.params;
 
@@ -313,7 +319,11 @@ export class ExpensesController extends BaseController {
    * @param {Response} res
    * @param {NextFunction} next
    */
-  async getExpensesList(req: Request, res: Response, next: NextFunction) {
+  private async getExpensesList(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
     const { tenantId } = req;
     const filter = {
       sortOrder: 'desc',
@@ -343,7 +353,7 @@ export class ExpensesController extends BaseController {
    * @param {Response} res
    * @param {NextFunction} next
    */
-  async getExpense(req: Request, res: Response, next: NextFunction) {
+  private async getExpense(req: Request, res: Response, next: NextFunction) {
     const { tenantId } = req;
     const { id: expenseId } = req.params;
 

packages/server/src/api/controllers/Export/ExportController.ts

@@ -0,0 +1,87 @@
+import { Inject, Service } from 'typedi';
+import { Router, Request, Response, NextFunction } from 'express';
+import { query } from 'express-validator';
+import BaseController from '@/api/controllers/BaseController';
+import { ServiceError } from '@/exceptions';
+import { ExportApplication } from '@/services/Export/ExportApplication';
+import { ACCEPT_TYPE } from '@/interfaces/Http';
+import { convertAcceptFormatToFormat } from './_utils';
+
+@Service()
+export class ExportController extends BaseController {
+  @Inject()
+  private exportResourceApp: ExportApplication;
+
+  /**
+   * Router constructor method.
+   */
+  public router() {
+    const router = Router();
+
+    router.get(
+      '/',
+      [
+        query('resource').exists(),
+        query('format').isIn(['csv', 'xlsx']).optional(),
+      ],
+      this.validationResult,
+      this.export.bind(this),
+    );
+    return router;
+  }
+
+  /**
+   * Imports xlsx/csv to the given resource type.
+   * @param {Request} req -
+   * @param {Response} res -
+   * @param {NextFunction} next -
+   */
+  private async export(req: Request, res: Response, next: NextFunction) {
+    const { tenantId } = req;
+    const query = this.matchedQueryData(req);
+
+    try {
+      const accept = this.accepts(req);
+
+      const acceptType = accept.types([
+        ACCEPT_TYPE.APPLICATION_XLSX,
+        ACCEPT_TYPE.APPLICATION_CSV,
+        ACCEPT_TYPE.APPLICATION_PDF,
+      ]);
+      const applicationFormat = convertAcceptFormatToFormat(acceptType);
+
+      const data = await this.exportResourceApp.export(
+        tenantId,
+        query.resource,
+        applicationFormat
+      );
+      // Retrieves the csv format.
+      if (ACCEPT_TYPE.APPLICATION_CSV === acceptType) {
+        res.setHeader('Content-Disposition', 'attachment; filename=output.csv');
+        res.setHeader('Content-Type', 'text/csv');
+
+        return res.send(data);
+        // Retrieves the xlsx format.
+      } else if (ACCEPT_TYPE.APPLICATION_XLSX === acceptType) {
+        res.setHeader(
+          'Content-Disposition',
+          'attachment; filename=output.xlsx'
+        );
+        res.setHeader(
+          'Content-Type',
+          'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'
+        );
+        return res.send(data);
+        //
+      } else if (ACCEPT_TYPE.APPLICATION_PDF === acceptType) {
+        res.set({
+          'Content-Type': 'application/pdf',
+          'Content-Length': data.length,
+        });
+        res.send(data);
+      }
+    } catch (error) {
+      next(error);
+    }
+  }
+}

packages/server/src/api/controllers/Export/_utils.ts

@@ -0,0 +1,13 @@
+import { ACCEPT_TYPE } from '@/interfaces/Http';
+import { ExportFormat } from '@/services/Export/common';
+
+export const convertAcceptFormatToFormat = (accept: string): ExportFormat => {
+  switch (accept) {
+    case ACCEPT_TYPE.APPLICATION_CSV:
+      return ExportFormat.Csv;
+    case ACCEPT_TYPE.APPLICATION_PDF:
+      return ExportFormat.Pdf;
+    case ACCEPT_TYPE.APPLICATION_XLSX:
+      return ExportFormat.Xlsx;
+  }
+};

packages/server/src/api/controllers/FinancialStatements/BaseFinancialReportController.ts

@@ -1,9 +1,7 @@
 import { query } from 'express-validator';
-import BaseController from "../BaseController";
+import BaseController from '../BaseController';
 
 export default class BaseFinancialReportController extends BaseController {
-
-
   get sheetNumberFormatValidationSchema() {
     return [
       query('number_format.precision')
@@ -19,8 +17,7 @@ export default class BaseFinancialReportController extends BaseController {
       query('number_format.negative_format')
         .optional()
         .isIn(['parentheses', 'mines'])
-        .trim()
-        .escape(),
+        .trim(),
     ];
   }
-}
+}

packages/server/src/api/controllers/FinancialStatements/InventoryDetails/index.ts

@@ -51,8 +51,7 @@ export default class InventoryDetailsController extends BaseController {
       query('number_format.negative_format')
         .optional()
         .isIn(['parentheses', 'mines'])
-        .trim()
-        .escape(),
+        .trim(),
       query('from_date').optional(),
       query('to_date').optional(),
 

packages/server/src/api/controllers/FinancialStatements/JournalSheet.ts

@@ -36,7 +36,7 @@ export default class JournalSheetController extends BaseFinancialReportControlle
     return [
       query('from_date').optional().isISO8601(),
       query('to_date').optional().isISO8601(),
-      query('transaction_type').optional().trim().escape(),
+      query('transaction_type').optional().trim(),
       query('transaction_id').optional().isInt().toInt(),
       oneOf(
         [

packages/server/src/api/controllers/FinancialStatements/TransactionsByReference/index.ts

@@ -40,8 +40,7 @@ export default class TransactionsByReferenceController extends BaseController {
       query('number_format.negative_format')
         .optional()
         .isIn(['parentheses', 'mines'])
-        .trim()
-        .escape(),
+        .trim(),
     ];
   }
 

packages/server/src/api/controllers/Import/ImportController.ts

@@ -16,7 +16,7 @@ export class ImportController extends BaseController {
   /**
    * Router constructor method.
    */
-  router() {
+  public router() {
     const router = Router();
 
     router.post(
@@ -240,11 +240,7 @@ export class ImportController extends BaseController {
           errors: [{ type: 'IMPORTED_FILE_EXTENSION_INVALID' }],
         });
       }
-      return res.status(400).send({
-        errors: [{ type: error.errorType }],
-      });
     }
-
     next(error);
   }
 }

packages/server/src/api/controllers/Inventory/InventoryAdjustments.ts

@@ -86,7 +86,7 @@ export default class InventoryAdjustmentsController extends BaseController {
    */
   get validateListQuerySchema() {
     return [
-      query('column_sort_by').optional().trim().escape(),
+      query('column_sort_by').optional().trim(),
       query('sort_order').optional().isIn(['desc', 'asc']),
 
       query('page').optional().isNumeric().toInt(),

packages/server/src/api/controllers/InviteUsers.ts

@@ -25,7 +25,7 @@ export default class InviteUsersController extends BaseController {
     router.post(
       '/send',
       [
-        body('email').exists().trim().escape(),
+        body('email').exists().trim(),
         body('role_id').exists().isNumeric().toInt(),
       ],
       this.validationResult,
@@ -57,7 +57,7 @@ export default class InviteUsersController extends BaseController {
     );
     router.get(
       '/invited/:token',
-      [param('token').exists().trim().escape()],
+      [param('token').exists().trim()],
       this.validationResult,
       asyncMiddleware(this.invited.bind(this)),
       this.handleServicesError
@@ -72,10 +72,10 @@ export default class InviteUsersController extends BaseController {
    */
   private get inviteUserDTO() {
     return [
-      check('first_name').exists().trim().escape(),
-      check('last_name').exists().trim().escape(),
-      check('password').exists().trim().escape().isLength({ min: 5 }),
-      param('token').exists().trim().escape(),
+      check('first_name').exists().trim(),
+      check('last_name').exists().trim(),
+      check('password').exists().trim().isLength({ min: 5 }),
+      param('token').exists().trim(),
     ];
   }
 

packages/server/src/api/controllers/ItemCategories.ts

@@ -73,13 +73,11 @@ export default class ItemsCategoriesController extends BaseController {
       check('name')
         .exists()
         .trim()
-        .escape()
         .isLength({ min: 0, max: DATATYPES_LENGTH.STRING }),
       check('description')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.TEXT }),
       check('sell_account_id')
         .optional({ nullable: true })
@@ -101,9 +99,8 @@ export default class ItemsCategoriesController extends BaseController {
    */
   get categoriesListValidationSchema() {
     return [
-      query('column_sort_by').optional().trim().escape(),
-      query('sort_order').optional().trim().escape().isIn(['desc', 'asc']),
-
+      query('column_sort_by').optional().trim(),
+      query('sort_order').optional().trim().isIn(['desc', 'asc']),
       query('stringified_filter_roles').optional().isJSON(),
     ];
   }
@@ -207,14 +204,12 @@ export default class ItemsCategoriesController extends BaseController {
     };
 
     try {
-      const {
-        itemCategories,
-        filterMeta,
-      } = await this.itemCategoriesService.getItemCategoriesList(
-        tenantId,
-        itemCategoriesFilter,
-        user
-      );
+      const { itemCategories, filterMeta } =
+        await this.itemCategoriesService.getItemCategoriesList(
+          tenantId,
+          itemCategoriesFilter,
+          user
+        );
       return res.status(200).send({
         item_categories: itemCategories,
         filter_meta: this.transfromToResponse(filterMeta),

packages/server/src/api/controllers/Items/Items.ts

@@ -96,13 +96,11 @@ export default class ItemsController extends BaseController {
         .exists()
         .isString()
         .trim()
-        .escape()
         .isIn(['service', 'non-inventory', 'inventory']),
       check('code')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       // Purchase attributes.
       check('purchasable').optional().isBoolean().toBoolean(),
@@ -141,13 +139,11 @@ export default class ItemsController extends BaseController {
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.TEXT }),
       check('purchase_description')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.TEXT }),
       check('sell_tax_rate_id').optional({ nullable: true }).isInt().toInt(),
       check('purchase_tax_rate_id')
@@ -162,7 +158,6 @@ export default class ItemsController extends BaseController {
         .optional()
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.TEXT }),
       check('active').optional().isBoolean().toBoolean(),
 
@@ -184,7 +179,7 @@ export default class ItemsController extends BaseController {
    */
   private get validateListQuerySchema() {
     return [
-      query('column_sort_by').optional().trim().escape(),
+      query('column_sort_by').optional().trim(),
       query('sort_order').optional().isIn(['desc', 'asc']),
 
       query('page').optional().isNumeric().toInt(),

packages/server/src/api/controllers/ManualJournals.ts

@@ -77,14 +77,14 @@ export default class ManualJournalsController extends BaseController {
   /**
    * Specific manual journal id param validation schema.
    */
-  get manualJournalParamSchema() {
+  private get manualJournalParamSchema() {
     return [param('id').exists().isNumeric().toInt()];
   }
 
   /**
    * Manual journal DTO schema.
    */
-  get manualJournalValidationSchema() {
+  private get manualJournalValidationSchema() {
     return [
       check('date').exists().isISO8601(),
       check('currency_code').optional(),
@@ -94,25 +94,21 @@ export default class ManualJournalsController extends BaseController {
         .optional()
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('journal_type')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('reference')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.STRING }),
       check('description')
         .optional({ nullable: true })
         .isString()
         .trim()
-        .escape()
         .isLength({ max: DATATYPES_LENGTH.TEXT }),
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
       check('publish').optional().isBoolean().toBoolean(),
@@ -148,19 +144,22 @@ export default class ManualJournalsController extends BaseController {
         .optional({ nullable: true })
         .isNumeric()
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
   /**
    * Manual journals list validation schema.
    */
-  get manualJournalsListSchema() {
+  private get manualJournalsListSchema() {
     return [
       query('page').optional().isNumeric().toInt(),
       query('page_size').optional().isNumeric().toInt(),
       query('custom_view_id').optional().isNumeric().toInt(),
 
-      query('column_sort_by').optional().trim().escape(),
+      query('column_sort_by').optional().trim(),
       query('sort_order').optional().isIn(['desc', 'asc']),
 
       query('stringified_filter_roles').optional().isJSON(),
@@ -320,7 +319,7 @@ export default class ManualJournalsController extends BaseController {
    * @param {Response} res
    * @param {NextFunction} next
    */
-  getManualJournalsList = async (
+  private getManualJournalsList = async (
     req: Request,
     res: Response,
     next: NextFunction

packages/server/src/api/controllers/Media.ts

@@ -61,15 +61,14 @@ export default class MediaController extends BaseController {
 
   get uploadValidationSchema() {
     return [
-      // check('attachment'),
-      check('model_name').optional().trim().escape(),
-      check('model_id').optional().isNumeric().toInt(),
+      check('model_name').optional().trim(),
+      check('model_id').optional().isNumeric(),
     ];
   }
 
   get linkValidationSchema() {
     return [
-      check('model_name').exists().trim().escape(),
+      check('model_name').exists().trim(),
       check('model_id').exists().isNumeric().toInt(),
     ]
   }

packages/server/src/api/controllers/Organization.ts

@@ -62,7 +62,7 @@ export default class OrganizationController extends BaseController {
   private get commonOrganizationValidationSchema(): ValidationChain[] {
     return [
       check('name').exists().trim(),
-      check('industry').optional({ nullable: true }).isString().trim().escape(),
+      check('industry').optional({ nullable: true }).isString().trim(),
       check('location').exists().isString().isISO31661Alpha2(),
       check('base_currency').exists().isISO4217(),
       check('timezone').exists().isIn(moment.tz.names()),
@@ -87,11 +87,7 @@ export default class OrganizationController extends BaseController {
   private get updateOrganizationValidationSchema(): ValidationChain[] {
     return [
       ...this.commonOrganizationValidationSchema,
-      check('tax_number')
-        .optional({ nullable: true })
-        .isString()
-        .trim()
-        .escape(),
+      check('tax_number').optional({ nullable: true }).isString().trim(),
     ];
   }
 

packages/server/src/api/controllers/OrganizationDashboard.ts

@@ -33,17 +33,17 @@ export default class OrganizationDashboardController extends BaseController {
   }
 
   /**
-   *
-   * @param req
-   * @param res
-   * @param next
-   * @returns
+   * Detarmines whether the current authed organization to able to change its currency/.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Response|void}
    */
   private async baseCurrencyMutateAbility(
     req: Request,
     res: Response,
     next: Function
-  ) {
+  ): Promise<Response|void> {
     const { tenantId } = req;
 
     try {

packages/server/src/api/controllers/Projects/Projects.ts

@@ -29,8 +29,7 @@ export class ProjectsController extends BaseController {
         check('cost_estimate').exists().isDecimal(),
       ],
       this.validationResult,
-      asyncMiddleware(this.createProject.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.createProject.bind(this))
     );
     router.post(
       '/:id',
@@ -43,8 +42,7 @@ export class ProjectsController extends BaseController {
         check('cost_estimate').exists().isDecimal(),
       ],
       this.validationResult,
-      asyncMiddleware(this.editProject.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.editProject.bind(this))
     );
     router.patch(
       '/:projectId/status',
@@ -56,16 +54,14 @@ export class ProjectsController extends BaseController {
           .isIn([IProjectStatus.InProgress, IProjectStatus.Closed]),
       ],
       this.validationResult,
-      asyncMiddleware(this.editProject.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.editProject.bind(this))
     );
     router.get(
       '/:id',
       CheckPolicies(ProjectAction.VIEW, AbilitySubject.Project),
       [param('id').exists().isInt().toInt()],
       this.validationResult,
-      asyncMiddleware(this.getProject.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.getProject.bind(this))
     );
     router.get(
       '/:projectId/billable/entries',
@@ -76,24 +72,21 @@ export class ProjectsController extends BaseController {
         query('to_date').optional().isISO8601(),
       ],
       this.validationResult,
-      asyncMiddleware(this.projectBillableEntries.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.projectBillableEntries.bind(this))
     );
     router.get(
       '/',
       CheckPolicies(ProjectAction.VIEW, AbilitySubject.Project),
       [],
       this.validationResult,
-      asyncMiddleware(this.getProjects.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.getProjects.bind(this))
     );
     router.delete(
       '/:id',
       CheckPolicies(ProjectAction.DELETE, AbilitySubject.Project),
       [param('id').exists().isInt().toInt()],
       this.validationResult,
-      asyncMiddleware(this.deleteProject.bind(this)),
-      this.catchServiceErrors
+      asyncMiddleware(this.deleteProject.bind(this))
     );
     return router;
   }
@@ -252,22 +245,4 @@ export class ProjectsController extends BaseController {
       next(error);
     }
   };
-
-  /**
-   * Transforms service errors to response.
-   * @param {Error}
-   * @param {Request} req
-   * @param {Response} res
-   * @param {ServiceError} error
-   */
-  private catchServiceErrors(
-    error,
-    req: Request,
-    res: Response,
-    next: NextFunction
-  ) {
-    if (error instanceof ServiceError) {
-    }
-    next(error);
-  }
 }

packages/server/src/api/controllers/Purchases/Bills.ts

@@ -100,8 +100,8 @@ export default class BillsController extends BaseController {
    */
   private get billValidationSchema() {
     return [
-      check('bill_number').exists().trim().escape(),
-      check('reference_no').optional().trim().escape(),
+      check('bill_number').exists().trim(),
+      check('reference_no').optional().trim(),
       check('bill_date').exists().isISO8601(),
       check('due_date').optional().isISO8601(),
 
@@ -112,13 +112,12 @@ export default class BillsController extends BaseController {
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
       check('project_id').optional({ nullable: true }).isNumeric().toInt(),
 
-      check('note').optional().trim().escape(),
+      check('note').optional().trim(),
       check('open').default(false).isBoolean().toBoolean(),
 
       check('is_inclusive_tax').default(false).isBoolean().toBoolean(),
 
       check('entries').isArray({ min: 1 }),
-
       check('entries.*.index').exists().isNumeric().toInt(),
       check('entries.*.item_id').exists().isNumeric().toInt(),
       check('entries.*.rate').exists().isNumeric().toFloat(),
@@ -127,10 +126,7 @@ export default class BillsController extends BaseController {
         .optional({ nullable: true })
         .isNumeric()
         .toFloat(),
-      check('entries.*.description')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
+      check('entries.*.description').optional({ nullable: true }).trim(),
       check('entries.*.landed_cost')
         .optional({ nullable: true })
         .isBoolean()
@@ -142,12 +138,14 @@ export default class BillsController extends BaseController {
       check('entries.*.tax_code')
         .optional({ nullable: true })
         .trim()
-        .escape()
         .isString(),
       check('entries.*.tax_rate_id')
         .optional({ nullable: true })
         .isNumeric()
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -156,8 +154,8 @@ export default class BillsController extends BaseController {
    */
   private get billEditValidationSchema() {
     return [
-      check('bill_number').optional().trim().escape(),
-      check('reference_no').optional().trim().escape(),
+      check('bill_number').optional().trim(),
+      check('reference_no').optional().trim(),
       check('bill_date').exists().isISO8601(),
       check('due_date').optional().isISO8601(),
 
@@ -168,7 +166,7 @@ export default class BillsController extends BaseController {
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
       check('project_id').optional({ nullable: true }).isNumeric().toInt(),
 
-      check('note').optional().trim().escape(),
+      check('note').optional().trim(),
       check('open').default(false).isBoolean().toBoolean(),
 
       check('entries').isArray({ min: 1 }),
@@ -182,14 +180,14 @@ export default class BillsController extends BaseController {
         .optional({ nullable: true })
         .isNumeric()
         .toFloat(),
-      check('entries.*.description')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
+      check('entries.*.description').optional({ nullable: true }).trim(),
       check('entries.*.landed_cost')
         .optional({ nullable: true })
         .isBoolean()
         .toBoolean(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -217,8 +215,8 @@ export default class BillsController extends BaseController {
 
   private get dueBillsListingValidationSchema() {
     return [
-      query('vendor_id').optional().trim().escape(),
-      query('payment_made_id').optional().trim().escape(),
+      query('vendor_id').optional().trim(),
+      query('payment_made_id').optional().trim(),
     ];
   }
 

packages/server/src/api/controllers/Purchases/BillsPayments.ts

@@ -111,17 +111,21 @@ export default class BillsPayments extends BaseController {
       check('vendor_id').exists().isNumeric().toInt(),
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
 
+      check('amount').exists().isNumeric().toFloat(),
       check('payment_account_id').exists().isNumeric().toInt(),
-      check('payment_number').optional({ nullable: true }).trim().escape(),
+      check('payment_number').optional({ nullable: true }).trim(),
       check('payment_date').exists(),
-      check('statement').optional().trim().escape(),
-      check('reference').optional().trim().escape(),
+      check('statement').optional().trim(),
+      check('reference').optional().trim(),
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
 
-      check('entries').exists().isArray({ min: 1 }),
+      check('entries').exists().isArray(),
       check('entries.*.index').optional().isNumeric().toInt(),
       check('entries.*.bill_id').exists().isNumeric().toInt(),
       check('entries.*.payment_amount').exists().isNumeric().toFloat(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 

packages/server/src/api/controllers/Purchases/VendorCredit.ts

@@ -156,13 +156,10 @@ export default class VendorCreditController extends BaseController {
       check('vendor_id').exists().isNumeric().toInt(),
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
 
-      check('vendor_credit_number')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
-      check('reference_no').optional().trim().escape(),
+      check('vendor_credit_number').optional({ nullable: true }).trim(),
+      check('reference_no').optional().trim(),
       check('vendor_credit_date').exists().isISO8601().toDate(),
-      check('note').optional().trim().escape(),
+      check('note').optional().trim(),
       check('open').default(false).isBoolean().toBoolean(),
 
       check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(),
@@ -178,14 +175,14 @@ export default class VendorCreditController extends BaseController {
         .optional({ nullable: true })
         .isNumeric()
         .toFloat(),
-      check('entries.*.description')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
+      check('entries.*.description').optional({ nullable: true }).trim(),
       check('entries.*.warehouse_id')
         .optional({ nullable: true })
         .isNumeric()
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -199,13 +196,10 @@ export default class VendorCreditController extends BaseController {
       check('vendor_id').exists().isNumeric().toInt(),
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
 
-      check('vendor_credit_number')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
-      check('reference_no').optional().trim().escape(),
+      check('vendor_credit_number').optional({ nullable: true }).trim(),
+      check('reference_no').optional().trim(),
       check('vendor_credit_date').exists().isISO8601().toDate(),
-      check('note').optional().trim().escape(),
+      check('note').optional().trim(),
 
       check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(),
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
@@ -220,14 +214,14 @@ export default class VendorCreditController extends BaseController {
         .optional({ nullable: true })
         .isNumeric()
         .toFloat(),
-      check('entries.*.description')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
+      check('entries.*.description').optional({ nullable: true }).trim(),
       check('entries.*.warehouse_id')
         .optional({ nullable: true })
         .isNumeric()
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 

packages/server/src/api/controllers/Resources.ts

@@ -18,9 +18,7 @@ export default class ResourceController extends BaseController {
 
     router.get(
       '/:resource_model/meta',
-      [
-        param('resource_model').exists().trim().escape()
-      ],
+      [param('resource_model').exists().trim()],
       this.asyncMiddleware(this.resourceMeta.bind(this)),
       this.handleServiceErrors
     );
@@ -48,9 +46,7 @@ export default class ResourceController extends BaseController {
         resourceModel
       );
       return res.status(200).send({
-        resource_meta: this.transfromToResponse(
-          resourceMeta,
-        ),
+        resource_meta: this.transfromToResponse(resourceMeta),
       });
     } catch (error) {
       next(error);

packages/server/src/api/controllers/Sales/CreditNotes.ts

@@ -210,9 +210,9 @@ export default class PaymentReceivesController extends BaseController {
 
       check('credit_note_date').exists().isISO8601().toDate(),
       check('reference_no').optional(),
-      check('credit_note_number').optional({ nullable: true }).trim().escape(),
-      check('note').optional().trim().escape(),
-      check('terms_conditions').optional().trim().escape(),
+      check('credit_note_number').optional({ nullable: true }).trim(),
+      check('note').optional().trim(),
+      check('terms_conditions').optional().trim(),
       check('open').default(false).isBoolean().toBoolean(),
 
       check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(),
@@ -228,14 +228,14 @@ export default class PaymentReceivesController extends BaseController {
         .optional({ nullable: true })
         .isNumeric()
         .toFloat(),
-      check('entries.*.description')
-        .optional({ nullable: true })
-        .trim()
-        .escape(),
+      check('entries.*.description').optional({ nullable: true }).trim(),
       check('entries.*.warehouse_id')
         .optional({ nullable: true })
         .isNumeric()
         .toInt(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 

packages/server/src/api/controllers/Sales/PaymentReceives.ts

@@ -150,20 +150,23 @@ export default class PaymentReceivesController extends BaseController {
       check('customer_id').exists().isNumeric().toInt(),
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
 
+      check('amount').exists().isNumeric().toFloat(),
       check('payment_date').exists(),
       check('reference_no').optional(),
       check('deposit_account_id').exists().isNumeric().toInt(),
-      check('payment_receive_no').optional({ nullable: true }).trim().escape(),
-      check('statement').optional().trim().escape(),
+      check('payment_receive_no').optional({ nullable: true }).trim(),
+      check('statement').optional().trim(),
 
       check('branch_id').optional({ nullable: true }).isNumeric().toInt(),
 
-      check('entries').isArray({ min: 1 }),
-
+      check('entries').isArray({}),
       check('entries.*.id').optional({ nullable: true }).isNumeric().toInt(),
       check('entries.*.index').optional().isNumeric().toInt(),
       check('entries.*.invoice_id').exists().isNumeric().toInt(),
       check('entries.*.payment_amount').exists().isNumeric().toFloat(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 
@@ -173,7 +176,6 @@ export default class PaymentReceivesController extends BaseController {
   private get validatePaymentReceiveList(): ValidationChain[] {
     return [
       query('stringified_filter_roles').optional().isJSON(),
-
       query('view_slug').optional({ nullable: true }).isString().trim(),
 
       query('column_sort_by').optional(),

packages/server/src/api/controllers/Sales/SalesEstimates.ts

@@ -155,7 +155,7 @@ export default class SalesEstimatesController extends BaseController {
       check('estimate_date').exists().isISO8601().toDate(),
       check('expiration_date').exists().isISO8601().toDate(),
       check('reference').optional(),
-      check('estimate_number').optional().trim().escape(),
+      check('estimate_number').optional().trim(),
       check('delivered').default(false).isBoolean().toBoolean(),
 
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
@@ -170,8 +170,7 @@ export default class SalesEstimatesController extends BaseController {
       check('entries.*.rate').exists().isNumeric().toFloat(),
       check('entries.*.description')
         .optional({ nullable: true })
-        .trim()
-        .escape(),
+        .trim(),
       check('entries.*.discount')
         .optional({ nullable: true })
         .isNumeric()
@@ -181,9 +180,12 @@ export default class SalesEstimatesController extends BaseController {
         .isNumeric()
         .toInt(),
 
-      check('note').optional().trim().escape(),
-      check('terms_conditions').optional().trim().escape(),
-      check('send_to_email').optional().trim().escape(),
+      check('note').optional().trim(),
+      check('terms_conditions').optional().trim(),
+      check('send_to_email').optional().trim(),
+
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 

packages/server/src/api/controllers/Sales/SalesInvoices.ts

@@ -36,6 +36,8 @@ export default class SaleInvoicesController extends BaseController {
       [
         ...this.saleInvoiceValidationSchema,
         check('from_estimate_id').optional().isNumeric().toInt(),
+        check('attachments').isArray().optional(),
+        check('attachments.*.key').exists().isString(),
       ],
       this.validationResult,
       asyncMiddleware(this.newSaleInvoice.bind(this)),
@@ -98,6 +100,8 @@ export default class SaleInvoicesController extends BaseController {
       [
         ...this.saleInvoiceValidationSchema,
         ...this.specificSaleInvoiceValidation,
+        check('attachments').isArray().optional(),
+        check('attachments.*.key').exists().isString(),
       ],
       this.validationResult,
       asyncMiddleware(this.editSaleInvoice.bind(this)),
@@ -196,12 +200,12 @@ export default class SaleInvoicesController extends BaseController {
       check('customer_id').exists().isNumeric().toInt(),
       check('invoice_date').exists().isISO8601().toDate(),
       check('due_date').exists().isISO8601().toDate(),
-      check('invoice_no').optional().trim().escape(),
-      check('reference_no').optional().trim().escape(),
+      check('invoice_no').optional().trim(),
+      check('reference_no').optional().trim(),
       check('delivered').default(false).isBoolean().toBoolean(),
 
-      check('invoice_message').optional().trim().escape(),
-      check('terms_conditions').optional().trim().escape(),
+      check('invoice_message').optional().trim(),
+      check('terms_conditions').optional().trim(),
 
       check('exchange_rate').optional().isFloat({ gt: 0 }).toFloat(),
 
@@ -222,12 +226,10 @@ export default class SaleInvoicesController extends BaseController {
         .toFloat(),
       check('entries.*.description')
         .optional({ nullable: true })
-        .trim()
-        .escape(),
+        .trim(),
       check('entries.*.tax_code')
         .optional({ nullable: true })
         .trim()
-        .escape()
         .isString(),
       check('entries.*.tax_rate_id')
         .optional({ nullable: true })

packages/server/src/api/controllers/Sales/SalesReceipts.ts

@@ -130,8 +130,8 @@ export default class SalesReceiptsController extends BaseController {
 
       check('deposit_account_id').exists().isNumeric().toInt(),
       check('receipt_date').exists().isISO8601(),
-      check('receipt_number').optional().trim().escape(),
-      check('reference_no').optional().trim().escape(),
+      check('receipt_number').optional().trim(),
+      check('reference_no').optional().trim(),
       check('closed').default(false).isBoolean().toBoolean(),
 
       check('warehouse_id').optional({ nullable: true }).isNumeric().toInt(),
@@ -150,14 +150,15 @@ export default class SalesReceiptsController extends BaseController {
         .toInt(),
       check('entries.*.description')
         .optional({ nullable: true })
-        .trim()
-        .escape(),
+        .trim(),
       check('entries.*.warehouse_id')
         .optional({ nullable: true })
         .isNumeric()
         .toInt(),
-      check('receipt_message').optional().trim().escape(),
-      check('statement').optional().trim().escape(),
+      check('receipt_message').optional().trim(),
+      check('statement').optional().trim(),
+      check('attachments').isArray().optional(),
+      check('attachments.*.key').exists().isString(),
     ];
   }
 

packages/server/src/api/controllers/Settings/Settings.ts

@@ -52,10 +52,7 @@ export default class SettingsController extends BaseController {
    * Retrieve the application options from the storage.
    */
   private get getSettingsSchema() {
-    return [
-      query('key').optional().trim().escape(),
-      query('group').optional().trim().escape(),
-    ];
+    return [query('key').optional().trim(), query('group').optional().trim()];
   }
 
   /**

packages/server/src/api/controllers/Subscription/SubscriptionController.ts

@@ -8,6 +8,7 @@ import SubscriptionService from '@/services/Subscription/SubscriptionService';
 import asyncMiddleware from '@/api/middleware/asyncMiddleware';
 import BaseController from '../BaseController';
 import { LemonSqueezyService } from '@/services/Subscription/LemonSqueezyService';
+import { SubscriptionApplication } from '@/services/Subscription/SubscriptionApplication';
 
 @Service()
 export class SubscriptionController extends BaseController {
@@ -17,6 +18,9 @@ export class SubscriptionController extends BaseController {
   @Inject()
   private lemonSqueezyService: LemonSqueezyService;
 
+  @Inject()
+  private subscriptionApp: SubscriptionApplication;
+
   /**
    * Router constructor.
    */
@@ -33,6 +37,14 @@ export class SubscriptionController extends BaseController {
       this.validationResult,
       this.getCheckoutUrl.bind(this)
     );
+    router.post('/cancel', asyncMiddleware(this.cancelSubscription.bind(this)));
+    router.post('/resume', asyncMiddleware(this.resumeSubscription.bind(this)));
+    router.post(
+      '/change',
+      [body('variant_id').exists().trim()],
+      this.validationResult,
+      asyncMiddleware(this.changeSubscriptionPlan.bind(this))
+    );
     router.get('/', asyncMiddleware(this.getSubscriptions.bind(this)));
 
     return router;
@@ -85,4 +97,84 @@ export class SubscriptionController extends BaseController {
       next(error);
     }
   }
+
+  /**
+   * Cancels the subscription of the current organization.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response|null>}
+   */
+  private async cancelSubscription(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+
+    try {
+      await this.subscriptionApp.cancelSubscription(tenantId, '455610');
+
+      return res.status(200).send({
+        status: 200,
+        message: 'The organization subscription has been canceled.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Resumes the subscription of the current organization.
+   * @param {Request} req 
+   * @param {Response} res 
+   * @param {NextFunction} next 
+   * @returns {Promise<Response | null>}
+   */
+  private async resumeSubscription(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+
+    try {
+      await this.subscriptionApp.resumeSubscription(tenantId);
+
+      return res.status(200).send({
+        status: 200,
+        message: 'The organization subscription has been resumed.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+
+  /**
+   * Changes the main subscription plan of the current organization.
+   * @param {Request} req
+   * @param {Response} res
+   * @param {NextFunction} next
+   * @returns {Promise<Response | null>}
+   */
+  public async changeSubscriptionPlan(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) {
+    const { tenantId } = req;
+    const body = this.matchedBodyData(req);
+
+    try {
+      await this.subscriptionApp.changeSubscriptionPlan(
+        tenantId,
+        body.variantId
+      );
+      return res.status(200).send({
+        message: 'The subscription plan has been changed.',
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
 }

packages/server/src/api/controllers/Users.ts

@@ -155,6 +155,7 @@ export default class UsersController extends BaseController {
 
     try {
       const user = await this.usersService.getUser(tenantId, userId);
+
       return res.status(200).send({ user });
     } catch (error) {
       next(error);
@@ -229,7 +230,7 @@ export default class UsersController extends BaseController {
    * @param {Response} res
    * @param {NextFunction} next
    */
-  catchServiceErrors(
+  private catchServiceErrors(
     error: Error,
     req: Request,
     res: Response,

packages/server/src/api/controllers/Views.ts

@@ -32,7 +32,7 @@ export default class ViewsController extends BaseController {
    * Custom views list validation schema.
    */
   get viewsListSchemaValidation() {
-    return [param('resource_model').exists().trim().escape()];
+    return [param('resource_model').exists().trim()];
   }
 
   /**

packages/server/src/api/controllers/Warehouses/index.ts

@@ -17,7 +17,7 @@ export class WarehousesController extends BaseController {
    *
    * @returns
    */
-  router() {
+  public router() {
     const router = Router();
 
     router.post(

packages/server/src/api/controllers/Webhooks/Webhooks.ts

@@ -1,7 +1,6 @@
-import { Router } from 'express';
-import { PlaidApplication } from '@/services/Banking/Plaid/PlaidApplication';
-import { Request, Response } from 'express';
+import { NextFunction, Router, Request, Response } from 'express';
 import { Inject, Service } from 'typedi';
+import { PlaidApplication } from '@/services/Banking/Plaid/PlaidApplication';
 import BaseController from '../BaseController';
 import { LemonSqueezyWebhooks } from '@/services/Subscription/LemonSqueezyWebhooks';
 import { PlaidWebhookTenantBootMiddleware } from '@/services/Banking/Plaid/PlaidWebhookTenantBootMiddleware';
@@ -34,14 +33,21 @@ export class Webhooks extends BaseController {
    * @param {Response} res
    * @returns {Response}
    */
-  public async lemonWebhooks(req: Request, res: Response) {
+  public async lemonWebhooks(req: Request, res: Response, next: NextFunction) {
     const data = req.body;
     const signature = req.headers['x-signature'] ?? '';
     const rawBody = req.rawBody;
 
-    await this.lemonWebhooksService.handlePostWebhook(rawBody, data, signature);
-
-    return res.status(200).send();
+    try {
+      await this.lemonWebhooksService.handlePostWebhook(
+        rawBody,
+        data,
+        signature
+      );
+      return res.status(200).send();
+    } catch (error) {
+      next(error);
+    }
   }
 
   /**
@@ -50,20 +56,25 @@ export class Webhooks extends BaseController {
    * @param {Response} res
    * @returns {Response}
    */
-  public async plaidWebhooks(req: Request, res: Response) {
+  public async plaidWebhooks(req: Request, res: Response, next: NextFunction) {
     const { tenantId } = req;
-    const {
-      webhook_type: webhookType,
-      webhook_code: webhookCode,
-      item_id: plaidItemId,
-    } = req.body;
 
-    await this.plaidApp.webhooks(
-      tenantId,
-      plaidItemId,
-      webhookType,
-      webhookCode
-    );
-    return res.status(200).send({ code: 200, message: 'ok' });
+    try {
+      const {
+        webhook_type: webhookType,
+        webhook_code: webhookCode,
+        item_id: plaidItemId,
+      } = req.body;
+
+      await this.plaidApp.webhooks(
+        tenantId,
+        plaidItemId,
+        webhookType,
+        webhookCode
+      );
+      return res.status(200).send({ code: 200, message: 'ok' });
+    } catch (error) {
+      next(error);
+    }
   }
 }

packages/server/src/api/exceptions/GlobalErrorException.ts

@@ -0,0 +1,20 @@
+import { Request, Response, NextFunction } from 'express';
+
+/**
+ * Global error handler.
+ * @param {Error} err
+ * @param {Request} req
+ * @param {Response} res
+ * @param {NextFunction} next
+ */
+export function GlobalErrorException(
+  err: Error,
+  req: Request,
+  res: Response,
+  next: NextFunction
+) {
+  console.error(err.stack);
+
+  res.status(500);
+  res.boom.badImplementation('', { stack: err.stack });
+}

packages/server/src/api/exceptions/ObjectionErrorException.ts

@@ -10,8 +10,14 @@ import {
   DataError,
 } from 'objection';
 
-// In this example `res` is an express response object.
-export default function ObjectionErrorHandlerMiddleware(
+/**
+ * Handles the Objection error exception.
+ * @param {Error} err
+ * @param {Request} req
+ * @param {Response} res
+ * @param {NextFunction} next
+ */
+export function ObjectionErrorException(
   err: Error,
   req: Request,
   res: Response,
@@ -108,6 +114,7 @@ export default function ObjectionErrorHandlerMiddleware(
       type: 'UnknownDatabaseError',
       data: {},
     });
+  } else {
+    next(err);
   }
-  next(err);
 }

packages/server/src/api/exceptions/ServiceErrorException.ts

@@ -0,0 +1,25 @@
+import { NextFunction, Request, Response } from 'express';
+import { ServiceError } from '@/exceptions';
+
+/**
+ * Handles service error exception.
+ * @param {Error | ServiceError} err
+ * @param {Request} req
+ * @param {Response} res
+ * @param {NextFunction} next
+ */
+export function ServiceErrorException(
+  err: Error | ServiceError,
+  req: Request,
+  res: Response,
+  next: NextFunction
+) {
+  if (err instanceof ServiceError) {
+    res.boom.badRequest('', {
+      errors: [{ type: err.errorType, message: err.message }],
+      type: 'ServiceError',
+    });
+  } else {
+    next(err);
+  }
+}

packages/server/src/api/index.ts

@@ -61,6 +61,8 @@ import { TaxRatesController } from './controllers/TaxRates/TaxRates';
 import { ImportController } from './controllers/Import/ImportController';
 import { BankingController } from './controllers/Banking/BankingController';
 import { Webhooks } from './controllers/Webhooks/Webhooks';
+import { ExportController } from './controllers/Export/ExportController';
+import { AttachmentsController } from './controllers/Attachments/AttachmentsController';
 
 export default () => {
   const app = Router();
@@ -141,6 +143,8 @@ export default () => {
   dashboard.use('/projects', Container.get(ProjectsController).router());
   dashboard.use('/tax-rates', Container.get(TaxRatesController).router());
   dashboard.use('/import', Container.get(ImportController).router());
+  dashboard.use('/export', Container.get(ExportController).router());
+  dashboard.use('/attachments', Container.get(AttachmentsController).router());
 
   dashboard.use('/', Container.get(ProjectTasksController).router());
   dashboard.use('/', Container.get(ProjectTimesController).router());

packages/server/src/commands/bigcapital.ts

@@ -4,6 +4,7 @@ import color from 'colorette';
 import argv from 'getopts';
 import Knex from 'knex';
 import { knexSnakeCaseMappers } from 'objection';
+import { PromisePool } from '@supercharge/promise-pool';
 import '../before';
 import config from '../config';
 
@@ -28,7 +29,7 @@ function initSystemKnex() {
   });
 }
 
-function initTenantKnex(organizationId) {
+function initTenantKnex(organizationId: string = '') {
   return Knex({
     client: config.tenant.db_client,
     connection: {
@@ -71,6 +72,12 @@ function getAllSystemTenants(knex) {
   return knex('tenants');
 }
 
+function getAllInitializedTenants(knex) {
+  return knex('tenants').whereNotNull('initializedAt');
+}
+
+const MIGRATION_CONCURRENCY = 10;
+
 // module.exports = {
 //   log,
 //   success,
@@ -87,6 +94,7 @@ function getAllSystemTenants(knex) {
 // - bigcapital tenants:migrate:make
 // - bigcapital system:migrate:make
 // - bigcapital tenants:list
+// - bigcapital tenants:list --all
 
 commander
   .command('system:migrate:rollback')
@@ -145,10 +153,13 @@ commander
 commander
   .command('tenants:list')
   .description('Retrieve a list of all system tenants databases.')
+  .option('-a, --all', 'All tenants even are not initialized.')
   .action(async (cmd) => {
     try {
       const sysKnex = await initSystemKnex();
-      const tenants = await getAllSystemTenants(sysKnex);
+      const tenants = cmd?.all
+        ? await getAllSystemTenants(sysKnex)
+        : await getAllInitializedTenants(sysKnex);
 
       tenants.forEach((tenant) => {
         const dbName = `${config.tenant.db_name_prefix}${tenant.organizationId}`;
@@ -179,18 +190,20 @@ commander
 commander
   .command('tenants:migrate:latest')
   .description('Migrate all tenants or the given tenant id.')
-  .option('-t, --tenant_id [tenant_id]', 'Which tenant id do you migrate.')
+  .option(
+    '-t, --tenant_id [tenant_id]',
+    'Which organization id do you migrate.'
+  )
   .action(async (cmd) => {
     try {
       const sysKnex = await initSystemKnex();
-      const tenants = await getAllSystemTenants(sysKnex);
+      const tenants = await getAllInitializedTenants(sysKnex);
       const tenantsOrgsIds = tenants.map((tenant) => tenant.organizationId);
 
       if (cmd.tenant_id && tenantsOrgsIds.indexOf(cmd.tenant_id) === -1) {
         exit(`The given tenant id ${cmd.tenant_id} is not exists.`);
       }
       // Validate the tenant id exist first of all.
-      const migrateOpers = [];
       const migrateTenant = async (organizationId) => {
         try {
           const tenantKnex = await initTenantKnex(organizationId);
@@ -212,18 +225,17 @@ commander
         }
       };
       if (!cmd.tenant_id) {
-        tenants.forEach((tenant) => {
-          const oper = migrateTenant(tenant.organizationId);
-          migrateOpers.push(oper);
-        });
+        await PromisePool.withConcurrency(MIGRATION_CONCURRENCY)
+          .for(tenants)
+          .process((tenant, index, pool) => {
+            return migrateTenant(tenant.organizationId);
+          })
+          .then(() => {
+            success('All tenants are migrated.');
+          });
       } else {
-        const oper = migrateTenant(cmd.tenant_id);
-        migrateOpers.push(oper);
+        await migrateTenant(cmd.tenant_id);
       }
-
-      Promise.all(migrateOpers).then(() => {
-        success('All tenants are migrated.');
-      });
     } catch (error) {
       exit(error);
     }
@@ -232,19 +244,21 @@ commander
 commander
   .command('tenants:migrate:rollback')
   .description('Rollback the last batch of tenants migrations.')
-  .option('-t, --tenant_id [tenant_id]', 'Which tenant id do you migrate.')
+  .option(
+    '-t, --tenant_id [tenant_id]',
+    'Which organization id do you migrate.'
+  )
   .action(async (cmd) => {
     try {
       const sysKnex = await initSystemKnex();
-      const tenants = await getAllSystemTenants(sysKnex);
+      const tenants = await getAllInitializedTenants(sysKnex);
       const tenantsOrgsIds = tenants.map((tenant) => tenant.organizationId);
 
       if (cmd.tenant_id && tenantsOrgsIds.indexOf(cmd.tenant_id) === -1) {
         exit(`The given tenant id ${cmd.tenant_id} is not exists.`);
       }
 
-      const migrateOpers = [];
-      const migrateTenant = async (organizationId) => {
+      const migrateTenant = async (organizationId: string) => {
         try {
           const tenantKnex = await initTenantKnex(organizationId);
           const [batchNo, _log] = await tenantKnex.migrate.rollback();
@@ -265,19 +279,18 @@ commander
       };
 
       if (!cmd.tenant_id) {
-        tenants.forEach((tenant) => {
-          const oper = migrateTenant(tenant.organizationId);
-          migrateOpers.push(oper);
-        });
+        await PromisePool.withConcurrency(MIGRATION_CONCURRENCY)
+          .for(tenants)
+          .process((tenant, index, pool) => {
+            return migrateTenant(tenant.organizationId);
+          })
+          .then(() => {
+            success('All tenants are rollbacked.');
+          });
       } else {
-        const oper = migrateTenant(cmd.tenant_id);
-        migrateOpers.push(oper);
+        await migrateTenant(cmd.tenant_id);
       }
-      Promise.all(migrateOpers).then(() => {
-        success('All tenants are rollbacked.');
-      });
     } catch (error) {
       exit(error);
     }
   });
-

packages/server/src/config/index.ts

@@ -153,6 +153,16 @@ module.exports = {
     ),
   },
 
+  /**
+   * Sign-up email confirmation
+   */
+  signupConfirmation: {
+    enabled: parseBoolean<boolean>(
+      process.env.SIGNUP_EMAIL_CONFIRMATION,
+      false
+    ),
+  },
+
   /**
    * Puppeteer remote browserless connection.
    */
@@ -194,10 +204,7 @@ module.exports = {
   plaid: {
     env: process.env.PLAID_ENV || 'sandbox',
     clientId: process.env.PLAID_CLIENT_ID,
-    secretDevelopment: process.env.PLAID_SECRET_DEVELOPMENT,
-    secretSandbox: process.env.PLAID_SECRET_SANDBOX,
-    redirectSandBox: process.env.PLAID_SANDBOX_REDIRECT_URI,
-    redirectDevelopment: process.env.PLAID_DEVELOPMENT_REDIRECT_URI,
+    secret: process.env.PLAID_SECRET,
     linkWebhook: process.env.PLAID_LINK_WEBHOOK,
   },
 
@@ -208,6 +215,7 @@ module.exports = {
     key: process.env.LEMONSQUEEZY_API_KEY,
     storeId: process.env.LEMONSQUEEZY_STORE_ID,
     webhookSecret: process.env.LEMONSQUEEZY_WEBHOOK_SECRET,
+    redirectTo: `${process.env.BASE_URL}/setup`,
   },
 
   /**
@@ -218,4 +226,23 @@ module.exports = {
     defaultTo(process.env.HOSTED_ON_BIGCAPITAL_CLOUD, false),
     false
   ),
+
+  /**
+   * S3 for documents.
+   */
+  s3: {
+    region: process.env.S3_REGION,
+    accessKeyId: process.env.S3_ACCESS_KEY_ID,
+    secretAccessKey: process.env.S3_SECRET_ACCESS_KEY,
+    endpoint: process.env.S3_ENDPOINT,
+    bucket: process.env.S3_BUCKET || 'bigcapital-documents',
+    forcePathStyle: parseBoolean(
+      defaultTo(process.env.S3_FORCE_PATH_STYLE, false),
+      false
+    ),
+  },
+
+  loops: {
+    apiKey: process.env.LOOPS_API_KEY,
+  },
 };

packages/server/src/data/TransactionTypes.ts

@@ -1,7 +1,16 @@
+export const CashflowTransactionTypes = {
+  OtherIncome: 'Other income',
+  OtherExpense: 'Other expense',
+  OwnerDrawing: 'Owner drawing',
+  OwnerContribution: 'Owner contribution',
+  TransferToAccount: 'Transfer to account',
+  TransferFromAccount: 'Transfer from account',
+};
+
 export const TransactionTypes = {
   SaleInvoice: 'Sale invoice',
   SaleReceipt: 'Sale receipt',
-  PaymentReceive: 'Payment receive',
+  PaymentReceive: 'Payment received',
   Bill: 'Bill',
   BillPayment: 'Payment made',
   VendorOpeningBalance: 'Vendor opening balance',
@@ -17,12 +26,10 @@ export const TransactionTypes = {
   OtherExpense: 'Other expense',
   OwnerDrawing: 'Owner drawing',
   InvoiceWriteOff: 'Invoice write-off',
-
   CreditNote: 'transaction_type.credit_note',
   VendorCredit: 'transaction_type.vendor_credit',
-
   RefundCreditNote: 'transaction_type.refund_credit_note',
   RefundVendorCredit: 'transaction_type.refund_vendor_credit',
-
   LandedCost: 'transaction_type.landed_cost',
+  CashflowTransaction: CashflowTransactionTypes,
 };

packages/server/src/database/migrations/20231108170207_create_storage_table.js

@@ -11,4 +11,4 @@ exports.up = function (knex) {
 
 exports.down = function (knex) {
   return knex.schema.dropTableIfExists('storage');
-};
+};

packages/server/src/database/migrations/20240604153938_drop_storage_table.js

@@ -0,0 +1,5 @@
+exports.up = function (knex) {
+  return knex.schema.dropTableIfExists('storage');
+};
+
+exports.down = function (knex) {};

packages/server/src/database/migrations/20240604153951_create_documents_table.js

@@ -0,0 +1,14 @@
+exports.up = function (knex) {
+  return knex.schema.createTable('documents', (table) => {
+    table.increments('id').primary();
+    table.string('key').notNullable();
+    table.string('mime_type').notNullable();
+    table.integer('size').unsigned();
+    table.string('origin_name');
+    table.timestamps();
+  });
+};
+
+exports.down = function (knex) {
+  return knex.schema.dropTableIfExists('documents');
+};

packages/server/src/database/migrations/20240604154005_create_documents_links_table.js

@@ -0,0 +1,14 @@
+exports.up = function (knex) {
+  return knex.schema.createTable('document_links', (table) => {
+    table.increments('id').primary();
+    table.string('model_ref').notNullable();
+    table.string('model_id').notNullable();
+    table.integer('document_id').unsigned();
+    table.datetime('expires_at').nullable();
+    table.timestamps();
+  });
+};
+
+exports.down = function (knex) {
+  return knex.schema.dropTableIfExists('document_links');
+};

packages/server/src/database/migrations/20240618100137_create_bank_rules_table.js

@@ -0,0 +1,45 @@
+exports.up = function (knex) {
+  return knex.schema
+    .createTable('bank_rules', (table) => {
+      table.increments('id').primary();
+      table.string('name');
+      table.integer('order').unsigned();
+
+      table
+        .integer('apply_if_account_id')
+        .unsigned()
+        .references('id')
+        .inTable('accounts');
+      table.string('apply_if_transaction_type');
+
+      table.string('assign_category');
+      table
+        .integer('assign_account_id')
+        .unsigned()
+        .references('id')
+        .inTable('accounts');
+      table.string('assign_payee');
+      table.string('assign_memo');
+
+      table.string('conditions_type');
+
+      table.timestamps();
+    })
+    .createTable('bank_rule_conditions', (table) => {
+      table.increments('id').primary();
+      table
+        .integer('rule_id')
+        .unsigned()
+        .references('id')
+        .inTable('bank_rules');
+      table.string('field');
+      table.string('comparator');
+      table.string('value');
+    });
+};
+
+exports.down = function (knex) {
+  return knex.schema
+    .dropTableIfExists('bank_rules')
+    .dropTableIfExists('bank_rule_conditions');
+};

packages/server/src/database/migrations/20240618171553_create_recognized_bank_transactions_table.js

@@ -0,0 +1,31 @@
+exports.up = function (knex) {
+  return knex.schema.createTable('recognized_bank_transactions', (table) => {
+    table.increments('id');
+    table
+      .integer('uncategorized_transaction_id')
+      .unsigned()
+      .references('id')
+      .inTable('uncategorized_cashflow_transactions')
+      .withKeyName('recognizedBankTransactionsUncategorizedTransIdForeign');
+    table
+      .integer('bank_rule_id')
+      .unsigned()
+      .references('id')
+      .inTable('bank_rules');
+
+    table.string('assigned_category');
+    table
+      .integer('assigned_account_id')
+      .unsigned()
+      .references('id')
+      .inTable('accounts');
+    table.string('assigned_payee');
+    table.string('assigned_memo');
+
+    table.timestamps();
+  });
+};
+
+exports.down = function (knex) {
+  return knex.schema.dropTableIfExists('recognized_bank_transactions');
+};

packages/server/src/database/migrations/20240618175241_add_recognized_transaction_id_to_uncategorized_transactins_table.js

@@ -0,0 +1,16 @@
+exports.up = function (knex) {
+  return knex.schema.table('uncategorized_cashflow_transactions', (table) => {
+    table
+      .integer('recognized_transaction_id')
+      .unsigned()
+      .references('id')
+      .inTable('recognized_bank_transactions')
+      .withKeyName('uncategorizedCashflowTransRecognizedTranIdForeign');
+  });
+};
+
+exports.down = function (knex) {
+  return knex.schema.table('uncategorized_cashflow_transactions', (table) => {
+    table.dropColumn('recognized_transaction_id');
+  });
+};

packages/server/src/database/migrations/20240619133733_create_matched_bank_transactions_table.js

@@ -0,0 +1,18 @@
+exports.up = function (knex) {
+  return knex.schema.createTable('matched_bank_transactions', (table) => {
+    table.increments('id');
+    table
+      .integer('uncategorized_transaction_id')
+      .unsigned()
+      .references('id')
+      .inTable('uncategorized_cashflow_transactions');
+    table.string('reference_type');
+    table.integer('reference_id').unsigned();
+    table.decimal('amount');
+    table.timestamps();
+  });
+};
+
+exports.down = function (knex) {
+  return knex.schema.dropTableIfExists('matched_bank_transactions');
+};

packages/server/src/database/migrations/20240620111308_add_excluded_column_to_uncategorized_cashflow_transactions_table.js

@@ -0,0 +1,11 @@
+exports.up = function (knex) {
+  return knex.schema.table('uncategorized_cashflow_transactions', (table) => {
+    table.datetime('excluded_at');
+  });
+};
+
+exports.down = function (knex) {
+  return knex.schema.table('uncategorized_cashflow_transactions', (table) => {
+    table.dropColumn('excluded_at');
+  });
+};

packages/server/src/database/migrations/20240623154149_add_batch_column_to_uncategorized_cashflow_transactions_table.js

@@ -0,0 +1,11 @@
+exports.up = function (knex) {
+  return knex.schema.table('uncategorized_cashflow_transactions', (table) => {
+    table.string('batch');
+  });
+};
+
+exports.down = function (knex) {
+  return knex.schema.table('uncategorized_cashflow_transactions', (table) => {
+    table.dropColumn('batch');
+  });
+};

packages/server/src/database/migrations/20240704064858_change_settings_value_to_text.js

@@ -0,0 +1,11 @@
+exports.up = function (knex) {
+  return knex.schema.table('settings', (table) => {
+    table.text('value').alter();
+  });
+};
+
+exports.down = (knex) => {
+  return knex.schema.table('settings', (table) => {
+    table.string('value').alter();
+  });
+};

packages/server/src/database/migrations/20240709122347_move_cashflow_transaction_type_to_transaction_type_column.js

@@ -0,0 +1,60 @@
+exports.up = function (knex) {
+  return knex('accounts_transactions')
+    .whereIn('referenceType', [
+      'OtherIncome',
+      'OtherExpense',
+      'OwnerDrawing',
+      'OwnerContribution',
+      'TransferToAccount',
+      'TransferFromAccount',
+    ])
+    .update({
+      transactionType: knex.raw(`
+        CASE 
+          WHEN REFERENCE_TYPE = 'OtherIncome' THEN 'OtherIncome'
+          WHEN REFERENCE_TYPE = 'OtherExpense' THEN 'OtherExpense'
+          WHEN REFERENCE_TYPE = 'OwnerDrawing' THEN 'OwnerDrawing'
+          WHEN REFERENCE_TYPE = 'OwnerContribution' THEN 'OwnerContribution'
+          WHEN REFERENCE_TYPE = 'TransferToAccount' THEN 'TransferToAccount'
+          WHEN REFERENCE_TYPE = 'TransferFromAccount' THEN 'TransferFromAccount'
+        END
+      `),
+      referenceType: knex.raw(`
+        CASE 
+          WHEN REFERENCE_TYPE IN ('OtherIncome', 'OtherExpense', 'OwnerDrawing', 'OwnerContribution', 'TransferToAccount', 'TransferFromAccount') THEN 'CashflowTransaction'
+          ELSE REFERENCE_TYPE
+        END
+      `),
+    });
+};
+
+exports.down = function (knex) {
+  return knex('accounts_transactions')
+    .whereIn('transactionType', [
+      'OtherIncome',
+      'OtherExpense',
+      'OwnerDrawing',
+      'OwnerContribution',
+      'TransferToAccount',
+      'TransferFromAccount',
+    ])
+    .update({
+      referenceType: knex.raw(`
+      CASE 
+        WHEN TRANSACTION_TYPE = 'OtherIncome' THEN 'OtherIncome'
+        WHEN TRANSACTION_TYPE = 'OtherExpense' THEN 'OtherExpense'
+        WHEN TRANSACTION_TYPE = 'OwnerDrawing' THEN 'OwnerDrawing'
+        WHEN TRANSACTION_TYPE = 'OwnerContribution' THEN 'OwnerContribution'
+        WHEN TRANSACTION_TYPE = 'TransferToAccount' THEN 'TransferToAccount'
+        WHEN TRANSACTION_TYPE = 'TransferFromAccount' THEN 'TransferFromAccount'
+        ELSE REFERENCE_TYPE
+      END
+    `),
+      transactionType: knex.raw(`
+      CASE 
+        WHEN TRANSACTION_TYPE IN ('OtherIncome', 'OtherExpense', 'OwnerDrawing', 'OwnerContribution', 'TransferToAccount', 'TransferFromAccount') THEN NULL
+        ELSE TRANSACTION_TYPE
+      END
+    `),
+    });
+};

packages/server/src/database/migrations/20240716114732_add_plaid_item_id_to_accounts_table.js

@@ -0,0 +1,11 @@
+exports.up = function (knex) {
+  return knex.schema.table('accounts', (table) => {
+    table.string('plaid_item_id').nullable();
+  });
+};
+
+exports.down = function (knex) {
+  return knex.schema.table('accounts', (table) => {
+    table.dropColumn('plaid_item_id');
+  });
+};

packages/server/src/database/migrations/20240729172403_add_is_syncing_owner_to_accounts_table.js

@@ -0,0 +1,19 @@
+exports.up = function (knex) {
+  return knex.schema
+    .table('accounts', (table) => {
+      table
+        .boolean('is_syncing_owner')
+        .defaultTo(false)
+        .after('is_feeds_active');
+    })
+    .then(() => {
+      return knex('accounts')
+        .whereNotNull('plaid_item_id')
+        .orWhereNotNull('plaid_account_id')
+        .update('is_syncing_owner', true);
+    });
+};
+
+exports.down = function (knex) {
+  table.dropColumn('is_syncing_owner');
+};

packages/server/src/database/migrations/20240801130829_change_tax_amount_withheld_column_precision_in_bills_and_sales_invoices_tables.js

@@ -0,0 +1,18 @@
+// This migration changes the precision of the tax_amount_withheld column in the bills and sales_invoices tables from 8, 2 to 13, 2.
+// This migration is necessary to allow tax_amount_withheld filed to store values bigger than 999,999.99.
+
+exports.up = function(knex) {
+  return knex.schema.alterTable('bills', function (table) {
+    table.decimal('tax_amount_withheld', 13, 2).alter();
+  }).alterTable('sales_invoices', function (table) {
+    table.decimal('tax_amount_withheld', 13, 2).alter();
+  });
+};
+
+exports.down = function(knex) {
+  return knex.schema.alterTable('bills', function (table) {
+    table.decimal('tax_amount_withheld', 8, 2).alter();
+  }).alterTable('sales_invoices', function (table) {
+    table.decimal('tax_amount_withheld', 8, 2).alter();
+  });
+};