44a91e7fcf
Case Submission Portal (Admin Moderation Queue): - Add statistics endpoint (GET /api/cases/submissions/stats) - Enhance filtering: status, failure_mode, AI relevance score - Add sorting options: date, relevance, completeness - Create admin moderation interface (case-moderation.html) - Implement CSP-compliant admin UI (no inline event handlers) - Deploy moderation actions: approve, reject, request-info - Fix API parameter mapping for different action types Internationalization (i18n): - Implement lightweight i18n system (i18n-simple.js, ~5KB) - Add language selector component with flag emojis - Create German and French translations for homepage - Document Te Reo Māori translation requirements - Add i18n attributes to homepage - Integrate language selector into navbar Bug Fixes: - Fix search button modal display on docs.html (remove conflicting flex class) Page Enhancements: - Add dedicated JS modules for researcher, leader, koha pages - Improve page-specific functionality and interactions Documentation: - Add I18N_IMPLEMENTATION_SUMMARY.md (implementation guide) - Add TE_REO_MAORI_TRANSLATION_REQUIREMENTS.md (cultural sensitivity guide) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
117 lines
3.9 KiB
JavaScript
117 lines
3.9 KiB
JavaScript
/**
|
|
* Case Study Routes
|
|
* Community case study submission endpoints
|
|
*/
|
|
|
|
const express = require('express');
|
|
const router = express.Router();
|
|
|
|
const casesController = require('../controllers/cases.controller');
|
|
const { authenticateToken, requireRole } = require('../middleware/auth.middleware');
|
|
const { validateRequired, validateEmail, validateObjectId } = require('../middleware/validation.middleware');
|
|
const { asyncHandler } = require('../middleware/error.middleware');
|
|
const { createInputValidationMiddleware } = require('../middleware/input-validation.middleware');
|
|
const { formRateLimiter } = require('../middleware/rate-limit.middleware');
|
|
const { csrfProtection } = require('../middleware/csrf-protection.middleware');
|
|
|
|
/**
|
|
* Public routes
|
|
*/
|
|
|
|
// Validation schema for case study submission
|
|
const caseSubmissionSchema = {
|
|
'submitter.name': { required: true, type: 'name', maxLength: 100 },
|
|
'submitter.email': { required: true, type: 'email', maxLength: 254 },
|
|
'submitter.organization': { required: false, type: 'default', maxLength: 200 },
|
|
'case_study.title': { required: true, type: 'title', maxLength: 200 },
|
|
'case_study.description': { required: true, type: 'description', maxLength: 50000 },
|
|
'case_study.failure_mode': { required: true, type: 'default', maxLength: 500 },
|
|
'case_study.context': { required: false, type: 'default', maxLength: 5000 },
|
|
'case_study.impact': { required: false, type: 'default', maxLength: 5000 },
|
|
'case_study.lessons_learned': { required: false, type: 'default', maxLength: 5000 }
|
|
};
|
|
|
|
// POST /api/cases/submit - Submit case study (public)
|
|
router.post('/submit',
|
|
formRateLimiter, // 5 requests per minute
|
|
csrfProtection, // CSRF validation
|
|
createInputValidationMiddleware(caseSubmissionSchema),
|
|
validateRequired([
|
|
'submitter.name',
|
|
'submitter.email',
|
|
'case_study.title',
|
|
'case_study.description',
|
|
'case_study.failure_mode'
|
|
]),
|
|
validateEmail('submitter.email'),
|
|
asyncHandler(casesController.submitCase)
|
|
);
|
|
|
|
/**
|
|
* Admin routes
|
|
*/
|
|
|
|
// GET /api/cases/submissions/stats - Get submission statistics (admin)
|
|
router.get('/submissions/stats',
|
|
authenticateToken,
|
|
requireRole('admin', 'moderator'),
|
|
asyncHandler(casesController.getStats)
|
|
);
|
|
|
|
// GET /api/cases/submissions - List all submissions (admin)
|
|
router.get('/submissions',
|
|
authenticateToken,
|
|
requireRole('admin', 'moderator'),
|
|
asyncHandler(casesController.listSubmissions)
|
|
);
|
|
|
|
// GET /api/cases/submissions/high-relevance - List high-relevance pending (admin)
|
|
router.get('/submissions/high-relevance',
|
|
authenticateToken,
|
|
requireRole('admin', 'moderator'),
|
|
asyncHandler(casesController.listHighRelevance)
|
|
);
|
|
|
|
// GET /api/cases/submissions/:id - Get submission by ID (admin)
|
|
router.get('/submissions/:id',
|
|
authenticateToken,
|
|
requireRole('admin', 'moderator'),
|
|
validateObjectId('id'),
|
|
asyncHandler(casesController.getSubmission)
|
|
);
|
|
|
|
// POST /api/cases/submissions/:id/approve - Approve submission (admin)
|
|
router.post('/submissions/:id/approve',
|
|
authenticateToken,
|
|
requireRole('admin'),
|
|
validateObjectId('id'),
|
|
asyncHandler(casesController.approveSubmission)
|
|
);
|
|
|
|
// POST /api/cases/submissions/:id/reject - Reject submission (admin)
|
|
router.post('/submissions/:id/reject',
|
|
authenticateToken,
|
|
requireRole('admin'),
|
|
validateObjectId('id'),
|
|
validateRequired(['reason']),
|
|
asyncHandler(casesController.rejectSubmission)
|
|
);
|
|
|
|
// POST /api/cases/submissions/:id/request-info - Request more information (admin)
|
|
router.post('/submissions/:id/request-info',
|
|
authenticateToken,
|
|
requireRole('admin', 'moderator'),
|
|
validateObjectId('id'),
|
|
validateRequired(['requested_info']),
|
|
asyncHandler(casesController.requestMoreInfo)
|
|
);
|
|
|
|
// DELETE /api/cases/submissions/:id - Delete submission (admin)
|
|
router.delete('/submissions/:id',
|
|
authenticateToken,
|
|
requireRole('admin'),
|
|
validateObjectId('id'),
|
|
asyncHandler(casesController.deleteSubmission)
|
|
);
|
|
|
|
module.exports = router;
|