Add budget module: FastAPI backend + React frontend

Backend: FastAPI + PostgreSQL with models for accounts, transactions,
and categories. Auto-categorization from merchant patterns, token auth,
CRUD endpoints, and seed data for 16 categories and 4 bank accounts.

Frontend: Login, Dashboard (account balances + recent charges),
Transactions (full CRUD table with search/filter), Cash & Transfers
view. Dark theme with emerald/cyan accents, responsive layout.

Infrastructure: Updated docker-compose for backend + db services,
nginx proxy config for API routing, deploy workflow with secrets.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

backend/app/api/v1/endpoints/accounts.py

@@ -0,0 +1,51 @@
+from datetime import datetime
+
+from fastapi import APIRouter, Depends, HTTPException
+from sqlmodel import Session, select
+
+from app.auth import get_current_user
+from app.db import get_session
+from app.models.models import Account, AccountCreate, AccountRead, AccountUpdate
+
+router = APIRouter(prefix="/accounts", tags=["accounts"])
+
+
+@router.get("/", response_model=list[AccountRead])
+def list_accounts(
+    session: Session = Depends(get_session),
+    _user: str = Depends(get_current_user),
+):
+    return session.exec(select(Account)).all()
+
+
+@router.post("/", response_model=AccountRead, status_code=201)
+def create_account(
+    data: AccountCreate,
+    session: Session = Depends(get_session),
+    _user: str = Depends(get_current_user),
+):
+    account = Account.model_validate(data)
+    session.add(account)
+    session.commit()
+    session.refresh(account)
+    return account
+
+
+@router.patch("/{account_id}", response_model=AccountRead)
+def update_account(
+    account_id: int,
+    data: AccountUpdate,
+    session: Session = Depends(get_session),
+    _user: str = Depends(get_current_user),
+):
+    account = session.get(Account, account_id)
+    if not account:
+        raise HTTPException(status_code=404, detail="Account not found")
+    update_data = data.model_dump(exclude_unset=True)
+    for key, value in update_data.items():
+        setattr(account, key, value)
+    account.updated_at = datetime.utcnow()
+    session.add(account)
+    session.commit()
+    session.refresh(account)
+    return account

backend/app/api/v1/endpoints/auth.py

@@ -0,0 +1,22 @@
+from fastapi import APIRouter, HTTPException, status
+from fastapi.security import OAuth2PasswordRequestForm
+from fastapi import Depends
+
+from app.auth import create_access_token
+from app.config import settings
+
+router = APIRouter(prefix="/auth", tags=["auth"])
+
+
+@router.post("/login")
+def login(form_data: OAuth2PasswordRequestForm = Depends()):
+    if (
+        form_data.username != settings.ADMIN_USERNAME
+        or form_data.password != settings.ADMIN_PASSWORD
+    ):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid credentials",
+        )
+    token = create_access_token(form_data.username)
+    return {"access_token": token, "token_type": "bearer"}

backend/app/api/v1/endpoints/categories.py

@@ -0,0 +1,61 @@
+from fastapi import APIRouter, Depends, HTTPException
+from sqlmodel import Session, select
+
+from app.auth import get_current_user
+from app.db import get_session
+from app.models.models import Category, CategoryCreate, CategoryRead, CategoryUpdate
+
+router = APIRouter(prefix="/categories", tags=["categories"])
+
+
+@router.get("/", response_model=list[CategoryRead])
+def list_categories(
+    session: Session = Depends(get_session),
+    _user: str = Depends(get_current_user),
+):
+    return session.exec(select(Category)).all()
+
+
+@router.post("/", response_model=CategoryRead, status_code=201)
+def create_category(
+    data: CategoryCreate,
+    session: Session = Depends(get_session),
+    _user: str = Depends(get_current_user),
+):
+    category = Category.model_validate(data)
+    session.add(category)
+    session.commit()
+    session.refresh(category)
+    return category
+
+
+@router.patch("/{category_id}", response_model=CategoryRead)
+def update_category(
+    category_id: int,
+    data: CategoryUpdate,
+    session: Session = Depends(get_session),
+    _user: str = Depends(get_current_user),
+):
+    category = session.get(Category, category_id)
+    if not category:
+        raise HTTPException(status_code=404, detail="Category not found")
+    update_data = data.model_dump(exclude_unset=True)
+    for key, value in update_data.items():
+        setattr(category, key, value)
+    session.add(category)
+    session.commit()
+    session.refresh(category)
+    return category
+
+
+@router.delete("/{category_id}", status_code=204)
+def delete_category(
+    category_id: int,
+    session: Session = Depends(get_session),
+    _user: str = Depends(get_current_user),
+):
+    category = session.get(Category, category_id)
+    if not category:
+        raise HTTPException(status_code=404, detail="Category not found")
+    session.delete(category)
+    session.commit()

backend/app/api/v1/endpoints/transactions.py

@@ -0,0 +1,111 @@
+from typing import Optional
+
+from fastapi import APIRouter, Depends, HTTPException, Query
+from sqlmodel import Session, col, select
+
+from app.auth import get_current_user
+from app.db import get_session
+from app.models.models import (
+    Category,
+    Transaction,
+    TransactionCreate,
+    TransactionRead,
+    TransactionSource,
+    TransactionUpdate,
+)
+
+router = APIRouter(prefix="/transactions", tags=["transactions"])
+
+
+def auto_categorize(merchant: str, session: Session) -> Optional[int]:
+    categories = session.exec(select(Category)).all()
+    merchant_lower = merchant.lower()
+    for cat in categories:
+        if cat.auto_match_patterns:
+            patterns = [p.strip().lower() for p in cat.auto_match_patterns.split(",")]
+            if any(p in merchant_lower for p in patterns if p):
+                return cat.id
+    return None
+
+
+@router.get("/", response_model=list[TransactionRead])
+def list_transactions(
+    source: Optional[TransactionSource] = None,
+    search: Optional[str] = None,
+    category_id: Optional[int] = None,
+    limit: int = Query(default=50, le=500),
+    offset: int = 0,
+    session: Session = Depends(get_session),
+    _user: str = Depends(get_current_user),
+):
+    query = select(Transaction)
+    if source:
+        query = query.where(Transaction.source == source)
+    if category_id:
+        query = query.where(Transaction.category_id == category_id)
+    if search:
+        query = query.where(col(Transaction.merchant).ilike(f"%{search}%"))
+    query = query.order_by(col(Transaction.date).desc()).offset(offset).limit(limit)
+    return session.exec(query).all()
+
+
+@router.get("/recent", response_model=list[TransactionRead])
+def recent_transactions(
+    limit: int = Query(default=5, le=20),
+    session: Session = Depends(get_session),
+    _user: str = Depends(get_current_user),
+):
+    query = (
+        select(Transaction)
+        .where(Transaction.source == TransactionSource.CREDIT_CARD)
+        .order_by(col(Transaction.date).desc())
+        .limit(limit)
+    )
+    return session.exec(query).all()
+
+
+@router.post("/", response_model=TransactionRead, status_code=201)
+def create_transaction(
+    data: TransactionCreate,
+    session: Session = Depends(get_session),
+    _user: str = Depends(get_current_user),
+):
+    tx = Transaction.model_validate(data)
+    if tx.category_id is None:
+        tx.category_id = auto_categorize(tx.merchant, session)
+    session.add(tx)
+    session.commit()
+    session.refresh(tx)
+    return tx
+
+
+@router.patch("/{transaction_id}", response_model=TransactionRead)
+def update_transaction(
+    transaction_id: int,
+    data: TransactionUpdate,
+    session: Session = Depends(get_session),
+    _user: str = Depends(get_current_user),
+):
+    tx = session.get(Transaction, transaction_id)
+    if not tx:
+        raise HTTPException(status_code=404, detail="Transaction not found")
+    update_data = data.model_dump(exclude_unset=True)
+    for key, value in update_data.items():
+        setattr(tx, key, value)
+    session.add(tx)
+    session.commit()
+    session.refresh(tx)
+    return tx
+
+
+@router.delete("/{transaction_id}", status_code=204)
+def delete_transaction(
+    transaction_id: int,
+    session: Session = Depends(get_session),
+    _user: str = Depends(get_current_user),
+):
+    tx = session.get(Transaction, transaction_id)
+    if not tx:
+        raise HTTPException(status_code=404, detail="Transaction not found")
+    session.delete(tx)
+    session.commit()