Skip to main content

Documents and Storage

Cashlytics stores documents in PostgreSQL rather than an external object store.

Data Model

The documents table stores:

  • id
  • userId
  • optional expenseId
  • optional dailyExpenseId
  • fileName
  • mimeType
  • size
  • base64 data
  • createdAt

Document rows cascade when their linked expense or daily expense is deleted.

APIs and Actions

Document behavior is implemented in:

  • src/actions/document-actions.ts
  • src/app/api/documents/route.ts
  • src/app/api/documents/[id]/route.ts
  • src/components/molecules/document-list.tsx
  • src/app/(dashboard)/documents/client.tsx

The API upload route rate-limits document uploads to 10 per minute per IP. User-facing document lists, preview, download, and delete behavior are user-scoped.

AI Boundary

The assistant must not read uploaded document contents. Expense retrieval tools also avoid exposing document payloads to AI context.