john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tractatus/src/routes/blog.routes.js
TheFlow ef6cfb4a2a feat(content): add framework-guided blog pre-publication and comment analysis 
Blog Pre-Publication Workflow:
- New admin interface (blog-pre-publication.html) for framework-guided content review
- Analysis provides: sensitivity check, compliance validation, audience analysis
- Publication guidance: timing, monitoring, action recommendations
- Response templates for anticipated reader feedback
- Overall recommendation: APPROVE/REVIEW/REJECT decision
- CSP-compliant implementation (no inline scripts/styles)

Comment & Feedback Analysis Workflow:
- New admin interface (comment-analysis.html) for social media/article feedback
- Sentiment analysis (positive/negative/neutral/mixed with confidence)
- Values alignment check (aligned values, concerns, misunderstandings)
- Risk assessment (low/medium/high with factors)
- Recommended responses (prioritized with rationale)
- Framework guidance on whether/how to respond

Backend Implementation:
- New controller: framework-content-analysis.controller.js
- Services invoked: PluralisticDeliberationOrchestrator, BoundaryEnforcer
- API routes: /api/admin/blog/analyze, /api/admin/feedback/analyze
- Integration with existing auth and validation middleware

Framework Validation:
During implementation, framework caught and blocked TWO CSP violations:
1. Inline onclick attribute - forced addEventListener pattern
2. Inline style attribute - forced data attributes + JavaScript
This demonstrates framework is actively preventing violations in real-time.

Transforms blog curation from passive reporter to active agency manager.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-27 19:45:43 +13:00

202 lines
5.6 KiB
JavaScript
Raw Blame History

/**
* Blog Routes
* AI-curated blog endpoints
*/
const express = require('express');
const router = express.Router();
const blogController = require('../controllers/blog.controller');
const frameworkContentAnalysis = require('../controllers/framework-content-analysis.controller');
const { authenticateToken, requireRole } = require('../middleware/auth.middleware');
const { validateRequired, validateObjectId, validateSlug } = require('../middleware/validation.middleware');
const { asyncHandler } = require('../middleware/error.middleware');
/**
* Public routes
*/
// GET /api/blog/rss - RSS feed (must be before /:slug to avoid conflict)
router.get('/rss',
asyncHandler(blogController.generateRSSFeed)
);
// GET /api/blog/editorial-guidelines - Get editorial guidelines (must be before /:slug)
router.get('/editorial-guidelines',
authenticateToken,
requireRole('admin', 'moderator'),
asyncHandler(blogController.getEditorialGuidelines)
);
// GET /api/blog - List published posts
router.get('/',
asyncHandler(blogController.listPublishedPosts)
);
// GET /api/blog/:slug - Get published post by slug
router.get('/:slug',
asyncHandler(blogController.getPublishedPost)
);
/**
* Admin routes
*/
// POST /api/blog/suggest-topics - AI-powered topic suggestions (TRA-OPS-0002)
router.post('/suggest-topics',
authenticateToken,
requireRole('admin'),
validateRequired(['audience']),
asyncHandler(blogController.suggestTopics)
);
// POST /api/blog/suggest-topics-for-publication - Publication-specific topic suggestions
router.post('/suggest-topics-for-publication',
authenticateToken,
requireRole('admin'),
validateRequired(['publicationId']),
asyncHandler(blogController.suggestTopicsForPublication)
);
// POST /api/blog/draft-post - AI-powered blog post drafting (TRA-OPS-0002)
// Enforces inst_016, inst_017, inst_018
router.post('/draft-post',
authenticateToken,
requireRole('admin'),
validateRequired(['topic', 'audience']),
asyncHandler(blogController.draftBlogPost)
);
// POST /api/blog/analyze-content - Analyze content for Tractatus compliance
router.post('/analyze-content',
authenticateToken,
requireRole('admin'),
validateRequired(['title', 'body']),
asyncHandler(blogController.analyzeContent)
);
// POST /api/blog/check-framework - Check content for framework violations (inst_016/017/018/079)
router.post('/check-framework',
authenticateToken,
requireRole('admin'),
asyncHandler(blogController.checkFramework)
);
// POST /api/blog/validate-uniqueness - Check content uniqueness against existing articles
router.post('/validate-uniqueness',
authenticateToken,
requireRole('admin'),
validateRequired(['content']),
asyncHandler(blogController.validateUniqueness)
);
// POST /api/blog/check-submission-conflict - Check for submission conflicts
router.post('/check-submission-conflict',
authenticateToken,
requireRole('admin'),
validateRequired(['contentId', 'targetPublicationId']),
asyncHandler(blogController.checkSubmissionConflict)
);
// POST /api/blog/validate-article - Comprehensive validation (content + title)
router.post('/validate-article',
authenticateToken,
requireRole('admin'),
validateRequired(['articleId']),
asyncHandler(blogController.validateArticle)
);
/**
* Framework-Guided Pre-Publication Workflow
* Active agency management with compliance checks and response templates
*/
// POST /api/admin/blog/analyze - Framework-guided blog pre-publication analysis
router.post('/admin/blog/analyze',
authenticateToken,
requireRole('admin'),
validateRequired(['title', 'content']),
asyncHandler(frameworkContentAnalysis.analyzeBlogPost)
);
// POST /api/admin/blog/draft - Save blog post as draft
router.post('/admin/blog/draft',
authenticateToken,
requireRole('admin'),
validateRequired(['title', 'content']),
asyncHandler(frameworkContentAnalysis.saveBlogDraft)
);
// POST /api/admin/blog/publish - Publish blog post
router.post('/admin/blog/publish',
authenticateToken,
requireRole('admin'),
validateRequired(['title', 'content']),
asyncHandler(frameworkContentAnalysis.publishBlogPost)
);
// GET /api/blog/admin/posts?status=draft
router.get('/admin/posts',
authenticateToken,
requireRole('admin', 'moderator'),
asyncHandler(blogController.listPostsByStatus)
);
// GET /api/blog/admin/:id - Get any post by ID
router.get('/admin/:id',
authenticateToken,
requireRole('admin', 'moderator'),
validateObjectId('id'),
asyncHandler(blogController.getPostById)
);
// POST /api/blog - Create new post
router.post('/',
authenticateToken,
requireRole('admin'),
validateRequired(['title', 'slug', 'content']),
validateSlug,
asyncHandler(blogController.createPost)
);
// PUT /api/blog/:id - Update post
router.put('/:id',
authenticateToken,
requireRole('admin'),
validateObjectId('id'),
asyncHandler(blogController.updatePost)
);
// POST /api/blog/:id/publish - Publish post
router.post('/:id/publish',
authenticateToken,
requireRole('admin'),
validateObjectId('id'),
asyncHandler(blogController.publishPost)
);
// DELETE /api/blog/:id - Delete post
router.delete('/:id',
authenticateToken,
requireRole('admin'),
validateObjectId('id'),
asyncHandler(blogController.deletePost)
);
// GET /api/blog/:id/submissions - Get submission tracking data
router.get('/:id/submissions',
authenticateToken,
requireRole('admin'),
validateObjectId('id'),
asyncHandler(blogController.getSubmissions)
);
// PUT /api/blog/:id/submissions - Create/update submission tracking
router.put('/:id/submissions',
authenticateToken,
requireRole('admin'),
validateObjectId('id'),
asyncHandler(blogController.updateSubmission)
);
module.exports = router;
Reference in a new issue View git blame Copy permalink