CS160 Online Banking

1. Env (.env)

• DATABASE_URL
• DIRECT_URL
• NEXT_PUBLIC_SUPABASE_URL
• NEXT_PUBLIC_SUPABASE_ANON_KEY
• SUPABASE_SERVICE_ROLE_KEY
• GROQ_API_KEY

2. Install

pnpm install

3. DB migrate + seed

pnpm prisma migrate reset --skip-seed
pnpm seed

4. Run

pnpm dev

5. Tests

pnpm test
# watch mode
pnpm test:watch

Tests can also be run in a Docker container:

docker compose build

pnpm run test:docker

6. Lint & Format

pnpm lint
pnpm format:fix

7. API Documentation

View docs: http://localhost:3000/api-doc (dev only)

Add docs to new routes:

/**
 * @swagger
 * /api/your-route:
 *   get:
 *     summary: Brief description
 *     tags: [YourTag]
 *     security:
 *       - BearerAuth: []
 *     responses:
 *       200:
 *         description: Success response
 */
export async function GET(request: Request) {
  // your code
}

Seeded logins (for local testing):

• manager@example.com / Password123!
• ava@example.com / Password123!
• liam@example.com / Password123!

8. Google Maps API Key Setup

To use the ATM locator feature, you need to set up a Google Maps API key:

1. Go to the Google Cloud Console
2. Create a new project or select an existing one
3. Enable the following APIs:
   • Maps JavaScript API
   • Places API
   • Geocoding API
4. Go to "Credentials" and create an API key
5. Restrict the API key:
   • Under "Application restrictions", select "HTTP referrers" and add your domain(s)
   • Under "API restrictions", select "Restrict key" and choose the APIs you enabled
6. Add the API key to your .env.local file:

   NEXT_PUBLIC_GOOGLE_MAPS_API_KEY=your_api_key_here
   

Important: The API key is used for both server-side API calls and client-side map rendering. Make sure to restrict the API key by domain and specific APIs for security.

9. Groq API Key Setup

To use the check deposit feature, you need to set up a Groq API key:

1. Go to Groq Console
2. Sign up or log in to your account
3. Navigate to "API Keys" section
4. Create a new API key
5. Add the API key to your .env or .env.local file:

   GROQ_API_KEY=your_groq_api_key_here
   

The Groq API key is used server-side only for processing check images using the Vision API.

10. Supabase Storage Setup

To use the check deposit feature, you need to create a storage bucket in Supabase:

Option 1: Using the setup script (Recommended)

pnpm tsx scripts/setup-storage.ts

Option 2: Manual setup via Supabase Dashboard

1. Go to your Supabase Dashboard
2. Navigate to Storage
3. Click "Create bucket"
4. Name it checks
5. Make it public (for now, or configure RLS policies if you want private access)
6. Set allowed MIME types: image/jpeg, image/jpg, image/png, image/webp
7. Set file size limit: 4194304 (4MB)

Optional: Set up RLS Policies If you want to restrict access so users can only access their own check images:

1. Go to Storage > Policies for the checks bucket

2. Add policies for authenticated users to upload/read files in their own folder ({auth.uid()}/*)

3. API Key Transactions

The API supports making credit (deposit) and debit (withdrawal) transactions using API keys. These endpoints use the access_token query parameter for authentication (no JWT required).

Deposit (Credit) Transaction:

curl -X POST "http://localhost:3000/api/api-keys/transactions?access_token=YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "transaction_type": "credit",
    "amount": 100.50
  }'

Withdrawal (Debit) Transaction:

curl -X POST "http://localhost:3000/api/api-keys/transactions?access_token=YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "transaction_type": "debit",
    "amount": 50.00
  }'

Notes:

• Replace YOUR_API_KEY_HERE with your actual API key (format: cs_160...)
• Amounts are in dollars with up to 2 decimal places (e.g., 100.50 for $100.50, or 100 for $100.00)
• The API key must be generated via /api/api-keys/generate endpoint (requires JWT)
• Transactions are idempotent - duplicate requests with the same idempotency key will return the original transaction