From ad92f6f9dda847d5dd0cdd4993a69190bfdf8f3f Mon Sep 17 00:00:00 2001
From: andrewlalis <andrewlalisofficial@gmail.com>
Date: Fri, 24 Oct 2025 10:34:20 -0400
Subject: [PATCH] Add internal transfer label, convert to filters for request
 handling.

---
 finnow-api/source/api_mapping.d       | 54 ++++++++++++---
 web-app/src/pages/TransactionPage.vue | 96 +++++++--------------------
 2 files changed, 68 insertions(+), 82 deletions(-)

diff --git a/finnow-api/source/api_mapping.d b/finnow-api/source/api_mapping.d
index 02ce249..9f6301b 100644
--- a/finnow-api/source/api_mapping.d
+++ b/finnow-api/source/api_mapping.d
@@ -3,6 +3,7 @@ module api_mapping;
 import handy_http_primitives;
 import handy_http_handlers.path_handler;
 import handy_http_handlers.filtered_handler;
+import slf4d;
 
 /// The base path to all API endpoints.
 private const API_PATH = "/api";
@@ -101,7 +102,15 @@ HttpRequestHandler mapApiHandlers(string webOrigin) {
 			a
 	));
 
-	return new CorsHandler(h, webOrigin);
+	// Build the main handler into a filter chain:
+	return new FilteredHandler(
+		[
+			cast(HttpRequestFilter) new CorsFilter(webOrigin),
+			cast(HttpRequestFilter) new ContentLengthFilter(),
+			cast(HttpRequestFilter) new ExceptionHandlingFilter()
+		],
+		h
+	);
 }
 
 private void getStatus(ref ServerHttpRequest request, ref ServerHttpResponse response) {
@@ -136,26 +145,53 @@ private void map(
 	handler.addMapping(method, API_PATH ~ subPath, HttpRequestHandler.of(fn));
 }
 
-private class CorsHandler : HttpRequestHandler {
-	private HttpRequestHandler handler;
+private class CorsFilter : HttpRequestFilter {
 	private string webOrigin;
 
-	this(HttpRequestHandler handler, string webOrigin) {
-		this.handler = handler;
+	this(string webOrigin) {
 		this.webOrigin = webOrigin;
 	}
-
-	void handle(ref ServerHttpRequest request, ref ServerHttpResponse response) {
+	
+	void doFilter(ref ServerHttpRequest request, ref ServerHttpResponse response, FilterChain filterChain) {
 		response.headers.add("Access-Control-Allow-Origin", webOrigin);
 		response.headers.add("Access-Control-Allow-Methods", "*");
 		response.headers.add("Access-Control-Allow-Headers", "Authorization, Content-Type");
+		filterChain.doFilter(request, response);
+	}
+}
+
+private class ContentLengthFilter : HttpRequestFilter {
+	const MAX_LENGTH = 1024 * 1024 * 20; // 2MB limit
+
+	void doFilter(ref ServerHttpRequest request, ref ServerHttpResponse response, FilterChain filterChain) {
+		if ("Content-Length" in request.headers) {
+			ulong contentLength = request.getHeaderAs!ulong("Content-Length");
+			if (contentLength > MAX_LENGTH) {
+				warnF!"Received request with content length of %d, larger than max allowed %d bytes."(
+					contentLength,
+					MAX_LENGTH
+				);
+				import std.conv;
+				response.status = HttpStatus.PAYLOAD_TOO_LARGE;
+				response.writeBodyString(
+					"Request body is too large. Must be at most " ~ MAX_LENGTH.to!string ~ " bytes."
+				);
+				return; // Don't propagate the filter.
+			}
+		}
+
+		filterChain.doFilter(request, response);
+	}
+}
+
+private class ExceptionHandlingFilter : HttpRequestFilter {
+	void doFilter(ref ServerHttpRequest request, ref ServerHttpResponse response, FilterChain filterChain) {
 		try {
-			this.handler.handle(request, response);
+			filterChain.doFilter(request, response);
 		} catch (HttpStatusException e) {
 			response.status = e.status;
 			response.writeBodyString(e.message.idup);
 		} catch (Exception e) {
-			import slf4d;
 			error(e);
 			response.status = HttpStatus.INTERNAL_SERVER_ERROR;
 			response.writeBodyString("An error occurred: " ~ e.msg);
diff --git a/web-app/src/pages/TransactionPage.vue b/web-app/src/pages/TransactionPage.vue
index d8a1dd8..fd9cc22 100644
--- a/web-app/src/pages/TransactionPage.vue
+++ b/web-app/src/pages/TransactionPage.vue
@@ -87,58 +87,34 @@ async function deleteTransaction() {
 }
 </script>
 <template>
-  <AppPage
-    :title="'Transaction ' + transaction.id"
-    v-if="transaction"
-  >
+  <AppPage :title="'Transaction ' + transaction.id" v-if="transaction">
     <!-- Top-row with some badges for amount, vendor, and category. -->
     <div>
-      <AppBadge
-        size="lg"
-        class="font-mono"
-      >
+      <AppBadge size="lg" class="font-mono">
         {{ transaction.currency.code }} {{ formatMoney(transaction.amount, transaction.currency) }}
       </AppBadge>
-      <AppBadge
-        size="md"
-        v-if="transaction.vendor"
-      >
+      <AppBadge size="md" v-if="transaction.vendor">
         {{ transaction.vendor.name }}
       </AppBadge>
-      <CategoryLabel
-        v-if="transaction.category"
-        :category="transaction.category"
-        :clickable="true"
-      />
+      <CategoryLabel v-if="transaction.category" :category="transaction.category" :clickable="true" />
+      <AppBadge size="sm" v-if="transaction.internalTransfer">
+        <font-awesome-icon icon="fa-rotate"></font-awesome-icon>
+        Internal Transfer
+      </AppBadge>
     </div>
     <!-- Second row that lists all tags. -->
-    <div
-      v-if="transaction.tags.length > 0"
-      class="mt-1"
-    >
-      <TagLabel
-        v-for="t in transaction.tags"
-        :key="t"
-        :tag="t"
-      />
+    <div v-if="transaction.tags.length > 0" class="mt-1">
+      <TagLabel v-for="t in transaction.tags" :key="t" :tag="t" />
     </div>
 
     <p>{{ transaction.description }}</p>
 
-    <div
-      v-if="transaction.creditedAccount"
-      class="my-1"
-    >
+    <div v-if="transaction.creditedAccount" class="my-1">
       <strong class="text-negative">Credited</strong> from
-      <RouterLink
-        :to="`/profiles/${getSelectedProfile(route)}/accounts/${transaction.creditedAccount.id}`"
-      >
+      <RouterLink :to="`/profiles/${getSelectedProfile(route)}/accounts/${transaction.creditedAccount.id}`">
         {{ transaction.creditedAccount.name }} (#{{ transaction.creditedAccount.numberSuffix }})
       </RouterLink>
-      <div
-        v-if="creditedAccountBalanceDiff"
-        class="font-size-xsmall"
-      >
+      <div v-if="creditedAccountBalanceDiff" class="font-size-xsmall">
         Balance Before:
         <span class="font-mono">
           {{ formatMoney(creditedAccountBalanceDiff.before, transaction.currency) }}
@@ -150,20 +126,12 @@ async function deleteTransaction() {
       </div>
     </div>
 
-    <div
-      v-if="transaction.debitedAccount"
-      class="my-1"
-    >
+    <div v-if="transaction.debitedAccount" class="my-1">
       <strong class="text-positive">Debited</strong> to
-      <RouterLink
-        :to="`/profiles/${getSelectedProfile(route)}/accounts/${transaction.debitedAccount.id}`"
-      >
+      <RouterLink :to="`/profiles/${getSelectedProfile(route)}/accounts/${transaction.debitedAccount.id}`">
         {{ transaction.debitedAccount.name }} (#{{ transaction.debitedAccount.numberSuffix }})
       </RouterLink>
-      <div
-        v-if="debitedAccountBalanceDiff"
-        class="font-size-xsmall"
-      >
+      <div v-if="debitedAccountBalanceDiff" class="font-size-xsmall">
         Balance Before:
         <span class="font-mono">
           {{ formatMoney(debitedAccountBalanceDiff.before, transaction.currency) }}
@@ -189,39 +157,21 @@ async function deleteTransaction() {
 
     <div v-if="transaction.lineItems.length > 0">
       <h3>Line Items</h3>
-      <LineItemCard
-        v-for="item of transaction.lineItems"
-        :key="item.idx"
-        :line-item="item"
-        :currency="transaction.currency"
-        :total-count="transaction.lineItems.length"
-        :editable="false"
-      />
+      <LineItemCard v-for="item of transaction.lineItems" :key="item.idx" :line-item="item"
+        :currency="transaction.currency" :total-count="transaction.lineItems.length" :editable="false" />
     </div>
 
     <div v-if="transaction.attachments.length > 0">
       <h3>Attachments</h3>
-      <AttachmentRow
-        v-for="a in transaction.attachments"
-        :attachment="a"
-        :key="a.id"
-        disabled
-      />
+      <AttachmentRow v-for="a in transaction.attachments" :attachment="a" :key="a.id" disabled />
     </div>
     <ButtonBar>
-      <AppButton
-        icon="wrench"
-        @click="
-          router.push(`/profiles/${getSelectedProfile(route)}/transactions/${transaction.id}/edit`)
-        "
-      >
+      <AppButton icon="wrench" @click="
+        router.push(`/profiles/${getSelectedProfile(route)}/transactions/${transaction.id}/edit`)
+        ">
         Edit
       </AppButton>
-      <AppButton
-        icon="trash"
-        @click="deleteTransaction()"
-        >Delete</AppButton
-      >
+      <AppButton icon="trash" @click="deleteTransaction()">Delete</AppButton>
     </ButtonBar>
   </AppPage>
 </template>