admin/changemaker.lite
1
0
Fork 0
Code Issues Packages Projects Releases 31 Wiki Activity
changemaker.lite/api/dist/modules/influence/responses/responses.routes.js

199 lines
8.0 KiB
JavaScript
Raw Permalink Blame History

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.responsesAdminRouter = exports.responsesPublicRouter = exports.responseCampaignPublicRouter = void 0;
const express_1 = require("express");
const client_1 = require("@prisma/client");
const responses_service_1 = require("./responses.service");
const responses_schemas_1 = require("./responses.schemas");
const validate_1 = require("../../../middleware/validate");
const auth_middleware_1 = require("../../../middleware/auth.middleware");
const auth_middleware_2 = require("../../../middleware/auth.middleware");
const rbac_middleware_1 = require("../../../middleware/rbac.middleware");
const rate_limit_1 = require("../../../middleware/rate-limit");
const ADMIN_ROLES = [client_1.UserRole.SUPER_ADMIN, client_1.UserRole.INFLUENCE_ADMIN, client_1.UserRole.MAP_ADMIN];
// --- Campaign-scoped public routes (mount at /api/campaigns) ---
const campaignPublicRouter = (0, express_1.Router)();
exports.responseCampaignPublicRouter = campaignPublicRouter;
// GET /api/campaigns/:slug/responses
campaignPublicRouter.get('/:slug/responses', (0, validate_1.validate)(responses_schemas_1.listPublicResponsesSchema, 'query'), async (req, res, next) => {
try {
const slug = req.params.slug;
const result = await responses_service_1.responsesService.listApproved(slug, req.query);
res.json(result);
}
catch (err) {
next(err);
}
});
// GET /api/campaigns/:slug/response-stats
campaignPublicRouter.get('/:slug/response-stats', async (req, res, next) => {
try {
const slug = req.params.slug;
const stats = await responses_service_1.responsesService.getStats(slug);
res.json(stats);
}
catch (err) {
next(err);
}
});
// POST /api/campaigns/:slug/responses
campaignPublicRouter.post('/:slug/responses', rate_limit_1.responseRateLimit, (0, validate_1.validate)(responses_schemas_1.submitResponseSchema), async (req, res, next) => {
try {
const slug = req.params.slug;
const senderIp = req.ip || req.socket.remoteAddress;
const result = await responses_service_1.responsesService.submitResponse(slug, req.body, senderIp);
res.status(201).json(result);
}
catch (err) {
next(err);
}
});
// --- Response-scoped public routes (mount at /api/responses) ---
const responsesPublicRouter = (0, express_1.Router)();
exports.responsesPublicRouter = responsesPublicRouter;
// POST /api/responses/:id/upvote
responsesPublicRouter.post('/:id/upvote', auth_middleware_2.optionalAuth, async (req, res, next) => {
try {
const id = req.params.id;
const userIp = req.ip || req.socket.remoteAddress;
const userId = req.user?.id;
const result = await responses_service_1.responsesService.upvote(id, userIp, userId);
res.json(result);
}
catch (err) {
next(err);
}
});
// DELETE /api/responses/:id/upvote
responsesPublicRouter.delete('/:id/upvote', auth_middleware_2.optionalAuth, async (req, res, next) => {
try {
const id = req.params.id;
const userIp = req.ip || req.socket.remoteAddress;
const userId = req.user?.id;
const result = await responses_service_1.responsesService.removeUpvote(id, userIp, userId);
res.json(result);
}
catch (err) {
next(err);
}
});
// GET /api/responses/:id/verify/:token — returns HTML page
responsesPublicRouter.get('/:id/verify/:token', async (req, res, next) => {
try {
const id = req.params.id;
const token = req.params.token;
const result = await responses_service_1.responsesService.verify(id, token);
const html = result.success
? buildResultPage('Response Verified', `Thank you for verifying this response for the "${result.campaignTitle}" campaign. The response has been approved and will now appear on the public response wall.`, '#16a34a')
: buildResultPage('Verification Failed', result.reason || 'Unable to verify this response.', '#dc2626');
res.type('html').send(html);
}
catch (err) {
next(err);
}
});
// GET /api/responses/:id/report/:token — returns HTML page
responsesPublicRouter.get('/:id/report/:token', async (req, res, next) => {
try {
const id = req.params.id;
const token = req.params.token;
const result = await responses_service_1.responsesService.report(id, token);
const html = result.success
? buildResultPage('Response Reported', `This response for the "${result.campaignTitle}" campaign has been flagged as invalid and removed from the public response wall. Thank you for letting us know.`, '#dc2626')
: buildResultPage('Report Failed', result.reason || 'Unable to process this report.', '#dc2626');
res.type('html').send(html);
}
catch (err) {
next(err);
}
});
// --- Admin routes (mount at /api/responses) ---
const responsesAdminRouter = (0, express_1.Router)();
exports.responsesAdminRouter = responsesAdminRouter;
responsesAdminRouter.use(auth_middleware_1.authenticate);
responsesAdminRouter.use((0, rbac_middleware_1.requireRole)(...ADMIN_ROLES));
// GET /api/responses
responsesAdminRouter.get('/', (0, validate_1.validate)(responses_schemas_1.listAdminResponsesSchema, 'query'), async (req, res, next) => {
try {
const result = await responses_service_1.responsesService.findAll(req.query);
res.json(result);
}
catch (err) {
next(err);
}
});
// PATCH /api/responses/:id/status
responsesAdminRouter.patch('/:id/status', (0, validate_1.validate)(responses_schemas_1.updateResponseStatusSchema), async (req, res, next) => {
try {
const id = req.params.id;
const result = await responses_service_1.responsesService.updateStatus(id, req.body);
res.json(result);
}
catch (err) {
next(err);
}
});
// POST /api/responses/:id/resend-verification
responsesAdminRouter.post('/:id/resend-verification', async (req, res, next) => {
try {
const id = req.params.id;
const result = await responses_service_1.responsesService.resendVerification(id);
res.json(result);
}
catch (err) {
next(err);
}
});
// DELETE /api/responses/:id
responsesAdminRouter.delete('/:id', async (req, res, next) => {
try {
const id = req.params.id;
await responses_service_1.responsesService.deleteResponse(id);
res.status(204).send();
}
catch (err) {
next(err);
}
});
// --- HTML page builder for verify/report endpoints ---
function escapeHtml(unsafe) {
return unsafe
.replace(/&/g, '&')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&#x27;');
}
function buildResultPage(title, message, accentColor) {
const escapedTitle = escapeHtml(title);
const escapedMessage = escapeHtml(message);
return `<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>${escapedTitle} - Changemaker Lite</title>
<style>
body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; margin: 0; padding: 40px 20px; background: #f8fafc; color: #334155; }
.container { max-width: 500px; margin: 0 auto; text-align: center; }
.card { background: white; border-radius: 12px; padding: 40px; box-shadow: 0 1px 3px rgba(0,0,0,0.1); }
.icon { font-size: 48px; margin-bottom: 16px; }
h1 { color: ${accentColor}; font-size: 24px; margin: 0 0 16px; }
p { font-size: 16px; line-height: 1.6; color: #64748b; margin: 0; }
.brand { margin-top: 32px; font-size: 14px; color: #94a3b8; }
.brand strong { color: #2563eb; }
</style>
</head>
<body>
<div class="container">
<div class="card">
<div class="icon">${accentColor === '#16a34a' ? '&#10003;' : '&#10007;'}</div>
<h1>${escapedTitle}</h1>
<p>${escapedMessage}</p>
</div>
<div class="brand">Powered by <strong>Changemaker Lite</strong></div>
</div>
</body>
</html>`;
}
//# sourceMappingURL=responses.routes.js.map
Reference in New Issue View Git Blame Copy Permalink