tractatus/src/routes/cases.routes.js

/**
 * Case Study Routes
 * Community case study submission endpoints
 */

const express = require('express');
const router = express.Router();

const casesController = require('../controllers/cases.controller');
const { authenticateToken, requireRole } = require('../middleware/auth.middleware');
const { validateRequired, validateEmail, validateObjectId } = require('../middleware/validation.middleware');
const { asyncHandler } = require('../middleware/error.middleware');
const { createInputValidationMiddleware } = require('../middleware/input-validation.middleware');
const { formRateLimiter } = require('../middleware/rate-limit.middleware');
const { csrfProtection } = require('../middleware/csrf-protection.middleware');

/**
 * Public routes
 */

// Validation schema for case study submission
const caseSubmissionSchema = {
  'submitter.name': { required: true, type: 'name', maxLength: 100 },
  'submitter.email': { required: true, type: 'email', maxLength: 254 },
  'submitter.organization': { required: false, type: 'default', maxLength: 200 },
  'case_study.title': { required: true, type: 'title', maxLength: 200 },
  'case_study.description': { required: true, type: 'description', maxLength: 50000 },
  'case_study.failure_mode': { required: true, type: 'default', maxLength: 500 },
  'case_study.context': { required: false, type: 'default', maxLength: 5000 },
  'case_study.impact': { required: false, type: 'default', maxLength: 5000 },
  'case_study.lessons_learned': { required: false, type: 'default', maxLength: 5000 }
};

// POST /api/cases/submit - Submit case study (public)
router.post('/submit',
  formRateLimiter,  // 5 requests per minute
  csrfProtection,  // CSRF validation
  createInputValidationMiddleware(caseSubmissionSchema),
  validateRequired([
    'submitter.name',
    'submitter.email',
    'case_study.title',
    'case_study.description',
    'case_study.failure_mode'
  ]),
  validateEmail('submitter.email'),
  asyncHandler(casesController.submitCase)
);

/**
 * Admin routes
 */

// GET /api/cases/submissions/stats - Get submission statistics (admin)
router.get('/submissions/stats',
  authenticateToken,
  requireRole('admin', 'moderator'),
  asyncHandler(casesController.getStats)
);

// GET /api/cases/submissions - List all submissions (admin)
router.get('/submissions',
  authenticateToken,
  requireRole('admin', 'moderator'),
  asyncHandler(casesController.listSubmissions)
);

// GET /api/cases/submissions/high-relevance - List high-relevance pending (admin)
router.get('/submissions/high-relevance',
  authenticateToken,
  requireRole('admin', 'moderator'),
  asyncHandler(casesController.listHighRelevance)
);

// GET /api/cases/submissions/:id - Get submission by ID (admin)
router.get('/submissions/:id',
  authenticateToken,
  requireRole('admin', 'moderator'),
  validateObjectId('id'),
  asyncHandler(casesController.getSubmission)
);

// POST /api/cases/submissions/:id/approve - Approve submission (admin)
router.post('/submissions/:id/approve',
  authenticateToken,
  requireRole('admin'),
  validateObjectId('id'),
  asyncHandler(casesController.approveSubmission)
);

// POST /api/cases/submissions/:id/reject - Reject submission (admin)
router.post('/submissions/:id/reject',
  authenticateToken,
  requireRole('admin'),
  validateObjectId('id'),
  validateRequired(['reason']),
  asyncHandler(casesController.rejectSubmission)
);

// POST /api/cases/submissions/:id/request-info - Request more information (admin)
router.post('/submissions/:id/request-info',
  authenticateToken,
  requireRole('admin', 'moderator'),
  validateObjectId('id'),
  validateRequired(['requested_info']),
  asyncHandler(casesController.requestMoreInfo)
);

// DELETE /api/cases/submissions/:id - Delete submission (admin)
router.delete('/submissions/:id',
  authenticateToken,
  requireRole('admin'),
  validateObjectId('id'),
  asyncHandler(casesController.deleteSubmission)
);

module.exports = router;