/** * Case Study Routes * Community case study submission endpoints */ const express = require('express'); const router = express.Router(); const casesController = require('../controllers/cases.controller'); const { authenticateToken, requireRole } = require('../middleware/auth.middleware'); const { validateRequired, validateEmail, validateObjectId } = require('../middleware/validation.middleware'); const { asyncHandler } = require('../middleware/error.middleware'); const { createInputValidationMiddleware } = require('../middleware/input-validation.middleware'); const { formRateLimiter } = require('../middleware/rate-limit.middleware'); const { csrfProtection } = require('../middleware/csrf-protection.middleware'); /** * Public routes */ // Validation schema for case study submission const caseSubmissionSchema = { 'submitter.name': { required: true, type: 'name', maxLength: 100 }, 'submitter.email': { required: true, type: 'email', maxLength: 254 }, 'submitter.organization': { required: false, type: 'default', maxLength: 200 }, 'case_study.title': { required: true, type: 'title', maxLength: 200 }, 'case_study.description': { required: true, type: 'description', maxLength: 50000 }, 'case_study.failure_mode': { required: true, type: 'default', maxLength: 500 }, 'case_study.context': { required: false, type: 'default', maxLength: 5000 }, 'case_study.impact': { required: false, type: 'default', maxLength: 5000 }, 'case_study.lessons_learned': { required: false, type: 'default', maxLength: 5000 } }; // POST /api/cases/submit - Submit case study (public) router.post('/submit', formRateLimiter, // 5 requests per minute csrfProtection, // CSRF validation createInputValidationMiddleware(caseSubmissionSchema), validateRequired([ 'submitter.name', 'submitter.email', 'case_study.title', 'case_study.description', 'case_study.failure_mode' ]), validateEmail('submitter.email'), asyncHandler(casesController.submitCase) ); /** * Admin routes */ // GET /api/cases/submissions/stats - Get submission statistics (admin) router.get('/submissions/stats', authenticateToken, requireRole('admin', 'moderator'), asyncHandler(casesController.getStats) ); // GET /api/cases/submissions - List all submissions (admin) router.get('/submissions', authenticateToken, requireRole('admin', 'moderator'), asyncHandler(casesController.listSubmissions) ); // GET /api/cases/submissions/high-relevance - List high-relevance pending (admin) router.get('/submissions/high-relevance', authenticateToken, requireRole('admin', 'moderator'), asyncHandler(casesController.listHighRelevance) ); // GET /api/cases/submissions/:id - Get submission by ID (admin) router.get('/submissions/:id', authenticateToken, requireRole('admin', 'moderator'), validateObjectId('id'), asyncHandler(casesController.getSubmission) ); // POST /api/cases/submissions/:id/approve - Approve submission (admin) router.post('/submissions/:id/approve', authenticateToken, requireRole('admin'), validateObjectId('id'), asyncHandler(casesController.approveSubmission) ); // POST /api/cases/submissions/:id/reject - Reject submission (admin) router.post('/submissions/:id/reject', authenticateToken, requireRole('admin'), validateObjectId('id'), validateRequired(['reason']), asyncHandler(casesController.rejectSubmission) ); // POST /api/cases/submissions/:id/request-info - Request more information (admin) router.post('/submissions/:id/request-info', authenticateToken, requireRole('admin', 'moderator'), validateObjectId('id'), validateRequired(['requested_info']), asyncHandler(casesController.requestMoreInfo) ); // DELETE /api/cases/submissions/:id - Delete submission (admin) router.delete('/submissions/:id', authenticateToken, requireRole('admin'), validateObjectId('id'), asyncHandler(casesController.deleteSubmission) ); module.exports = router;