Implemented Payment History Table

.env.example

@@ -0,0 +1,11 @@
+# Supabase Configuration
+VITE_SUPABASE_URL=your_supabase_url_here
+VITE_SUPABASE_ANON_KEY=your_supabase_anon_key_here
+
+# Gemini AI API Key
+VITE_GEMINI_API_KEY=your_gemini_api_key_here
+
+# Mock API Passwords (for development/testing only)
+# These are only used when mockApi.ts is active
+VITE_ADMIN_PASSWORD=your_admin_password_here
+VITE_USER_PASSWORD=your_user_password_here

.gitignore

@@ -12,6 +12,11 @@ dist
 dist-ssr
 *.local
 
+# Environment variables
+.env
+.env.local
+.env.*.local
+
 # Editor directories and files
 .vscode/*
 !.vscode/extensions.json

DATABASE_SCHEMA.md

@@ -242,13 +242,79 @@ CREATE POLICY "Users can delete own moments" ON moments
   FOR DELETE USING (auth.uid() = user_id);
 ```
 
+<<<<<<< HEAD
+### 7. `transactions` table
+
+Stores transaction history for payment tracking.
+
+```sql
+CREATE TABLE transactions (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  user_id UUID NOT NULL REFERENCES profiles(id) ON DELETE CASCADE,
+  spot_id UUID NOT NULL REFERENCES spots(id) ON DELETE CASCADE,
+  amount NUMERIC NOT NULL,
+  payment_method TEXT NOT NULL DEFAULT 'UPI',
+  status TEXT NOT NULL DEFAULT 'not_paid' CHECK (status IN ('paid', 'not_paid')),
+  created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+  updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- Create indexes for faster queries
+CREATE INDEX transactions_user_id_idx ON transactions(user_id);
+CREATE INDEX transactions_spot_id_idx ON transactions(spot_id);
+CREATE INDEX transactions_created_at_idx ON transactions(created_at DESC);
+
+-- Enable RLS
+ALTER TABLE transactions ENABLE ROW LEVEL SECURITY;
+
+-- Policy: Users can read their own transactions
+CREATE POLICY "Users can read own transactions" ON transactions
+  FOR SELECT USING (auth.uid() = user_id);
+
+-- Policy: Admins can read all transactions
+CREATE POLICY "Admins can read all transactions" ON transactions
+  FOR SELECT USING (
+    EXISTS (
+      SELECT 1 FROM profiles
+      WHERE profiles.id = auth.uid()
+      AND profiles.role = 'admin'
+    )
+  );
+
+-- Policy: Admins can create transactions
+CREATE POLICY "Admins can create transactions" ON transactions
+  FOR INSERT WITH CHECK (
+    EXISTS (
+      SELECT 1 FROM profiles
+      WHERE profiles.id = auth.uid()
+      AND profiles.role = 'admin'
+    )
+  );
+
+-- Policy: Admins can update transactions
+CREATE POLICY "Admins can update transactions" ON transactions
+  FOR UPDATE USING (
+    EXISTS (
+      SELECT 1 FROM profiles
+      WHERE profiles.id = auth.uid()
+      AND profiles.role = 'admin'
+    )
+  );
+```
+
+=======
+>>>>>>> bedb01a0af53821680ce26a67bce5af226a10c8b
 ## Real-time Subscriptions
 
 Enable real-time for the following tables in Supabase Dashboard:
 - `spots` - for spot updates
 - `invitations` - for RSVP updates
 - `payments` - for payment status updates
 - `chat_messages` - for chat updates
+<<<<<<< HEAD
+- `transactions` - for transaction history updates
+=======
+>>>>>>> bedb01a0af53821680ce26a67bce5af226a10c8b
 
 ## Initial Data
 

SECURITY_SETUP.md

@@ -0,0 +1,109 @@
+# Security Setup Guide
+
+## ✅ Security Fixes Applied
+
+### 1. Environment Variables
+All sensitive data (passwords, API keys) moved to `.env` file.
+
+### 2. Files Created
+- `.env` - Contains actual secrets (NOT in git)
+- `.env.example` - Template for other developers (in git)
+- `.gitignore` - Updated to exclude `.env` files
+
+### 3. Mock API Updated
+`services/mockApi.ts` now uses environment variables instead of hardcoded passwords.
+
+---
+
+## 🔐 How It Works
+
+**Before (Insecure):**
+```typescript
+password: "admin@brocode"  // ❌ Hardcoded in code
+```
+
+**After (Secure):**
+```typescript
+password: import.meta.env.VITE_ADMIN_PASSWORD || "changeme"  // ✅ From .env
+```
+
+---
+
+## 📝 Setup Instructions
+
+### For New Developers:
+
+1. **Copy the example file:**
+   ```bash
+   copy .env.example .env
+   ```
+
+2. **Edit `.env` and add your credentials:**
+   ```env
+   VITE_ADMIN_PASSWORD=your_password_here
+   VITE_USER_PASSWORD=your_password_here
+   ```
+
+3. **Never commit `.env` to git!**
+   - It's already in `.gitignore`
+   - Only commit `.env.example`
+
+---
+
+## 🚨 Important Notes
+
+### Mock API (Development Only)
+- `services/mockApi.ts` is only for local testing
+- Production uses Supabase (real database)
+- Mock passwords are safe because they're not in production
+
+### Production Security
+- Real passwords are in Supabase database
+- Supabase handles authentication securely
+- No passwords stored in frontend code
+
+### GitGuardian Warnings
+- After this fix, GitGuardian warnings will stop
+- Old commits may still show warnings (that's okay)
+- New commits will be clean
+
+---
+
+## 🔄 Migration from Old Code
+
+If you have old code with hardcoded passwords:
+
+1. Pull latest changes
+2. Create `.env` file from `.env.example`
+3. Add your passwords to `.env`
+4. Restart dev server: `npm run dev`
+
+---
+
+## ✨ Best Practices
+
+✅ **DO:**
+- Use environment variables for secrets
+- Keep `.env` in `.gitignore`
+- Share `.env.example` with team
+- Use different passwords for dev/prod
+
+❌ **DON'T:**
+- Commit `.env` to git
+- Share passwords in code
+- Use same password everywhere
+- Hardcode API keys
+
+---
+
+## 🛡️ Security Checklist
+
+- [x] Passwords moved to environment variables
+- [x] `.env` added to `.gitignore`
+- [x] `.env.example` created for team
+- [x] Mock API updated to use env vars
+- [x] Documentation created
+
+---
+
+Need help? Check `.env.example` for required variables!

TRANSACTION_SETUP_GUIDE.md

@@ -0,0 +1,93 @@
+# Transaction History Setup Guide
+
+## Quick Setup (2 minutes)
+
+### Option 1: Supabase Dashboard (Recommended - Easiest)
+
+1. **Open Supabase Dashboard**
+   - Go to: https://supabase.com
+   - Login and select your project
+
+2. **Open SQL Editor**
+   - Click "SQL Editor" in the left sidebar
+   - Click "New Query" button
+
+3. **Copy & Paste**
+   - Open the file: `supabase_migration_transactions.sql`
+   - Copy ALL the content (Ctrl+A, Ctrl+C)
+   - Paste in Supabase SQL Editor (Ctrl+V)
+
+4. **Run**
+   - Click "Run" button (or press Ctrl+Enter)
+   - Wait for success message
+
+5. **Done!**
+   - Refresh your app
+   - Transaction history will now appear on Payment page
+
+---
+
+## Option 2: Using Supabase CLI (If you want to install CLI)
+
+### Install Supabase CLI:
+```powershell
+# Using Scoop (recommended for Windows)
+scoop bucket add supabase https://github.com/supabase/scoop-bucket.git
+scoop install supabase
+
+# OR using npm
+npm install -g supabase
+```
+
+### Run Migration:
+```powershell
+# Link your project (one time only)
+supabase link --project-ref your-project-ref
+
+# Run migration
+supabase db push
+```
+
+---
+
+## Verify Installation
+
+After running the SQL:
+
+1. Go to Supabase Dashboard > Database > Tables
+2. You should see a new table called `transactions`
+3. Open your app and go to Payment page
+4. You should see "Transaction History" section at the bottom
+
+---
+
+## Troubleshooting
+
+**If you see "table does not exist" error:**
+- The migration hasn't been run yet
+- Go back to Option 1 and run the SQL in dashboard
+
+**If transaction history is empty:**
+- That's normal! Transactions will appear when:
+  - Admin marks a payment as "Paid"
+  - New payments are processed
+
+**If you see permission errors:**
+- Make sure you're logged in as admin
+- Check RLS policies in Supabase Dashboard
+
+---
+
+## What This Feature Does
+
+✅ Shows complete payment history
+✅ Displays: Date, Amount, Payment Method, Status
+✅ Users see only their own transactions
+✅ Admins see all transactions
+✅ Automatic transaction creation when payment is marked paid
+✅ Mobile responsive design
+
+---
+
+Need help? The SQL file is ready at: `supabase_migration_transactions.sql`
+Just copy-paste it in Supabase SQL Editor and click Run!