- Create Economist SubmissionTracking package correctly: * mainArticle = full blog post content * coverLetter = 216-word SIR— letter * Links to blog post via blogPostId - Archive 'Letter to The Economist' from blog posts (it's the cover letter) - Fix date display on article cards (use published_at) - Target publication already displaying via blue badge Database changes: - Make blogPostId optional in SubmissionTracking model - Economist package ID: 68fa85ae49d4900e7f2ecd83 - Le Monde package ID: 68fa2abd2e6acd5691932150 Next: Enhanced modal with tabs, validation, export 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
107 lines
3.6 KiB
JavaScript
107 lines
3.6 KiB
JavaScript
/**
|
|
* Media Inquiry Routes
|
|
* Press/media inquiry submission and triage endpoints
|
|
*/
|
|
|
|
const express = require('express');
|
|
const router = express.Router();
|
|
|
|
const mediaController = require('../controllers/media.controller');
|
|
const { authenticateToken, requireRole } = require('../middleware/auth.middleware');
|
|
const { validateRequired, validateEmail, validateObjectId } = require('../middleware/validation.middleware');
|
|
const { asyncHandler } = require('../middleware/error.middleware');
|
|
const { createInputValidationMiddleware } = require('../middleware/input-validation.middleware');
|
|
const { formRateLimiter } = require('../middleware/rate-limit.middleware');
|
|
const { csrfProtection } = require('../middleware/csrf-protection.middleware');
|
|
|
|
/**
|
|
* Public routes
|
|
*/
|
|
|
|
// Validation schema for media inquiry submission
|
|
const mediaInquirySchema = {
|
|
'contact.name': { required: true, type: 'name', maxLength: 100 },
|
|
'contact.email': { required: true, type: 'email', maxLength: 254 },
|
|
'contact.outlet': { required: true, type: 'default', maxLength: 200 },
|
|
'contact.phone': { required: false, type: 'phone', maxLength: 20 },
|
|
'contact.role': { required: false, type: 'default', maxLength: 100 },
|
|
'inquiry.subject': { required: true, type: 'title', maxLength: 200 },
|
|
'inquiry.message': { required: true, type: 'description', maxLength: 5000 },
|
|
'inquiry.deadline': { required: false, type: 'default', maxLength: 100 }
|
|
};
|
|
|
|
// POST /api/media/inquiries - Submit media inquiry (public)
|
|
router.post('/inquiries',
|
|
formRateLimiter, // 5 requests per minute
|
|
csrfProtection, // CSRF validation
|
|
createInputValidationMiddleware(mediaInquirySchema),
|
|
validateRequired(['contact.name', 'contact.email', 'contact.outlet', 'inquiry.subject', 'inquiry.message']),
|
|
validateEmail('contact.email'),
|
|
asyncHandler(mediaController.submitInquiry)
|
|
);
|
|
|
|
// GET /api/media/triage-stats - Get triage statistics (public, transparency)
|
|
router.get('/triage-stats',
|
|
asyncHandler(mediaController.getTriageStats)
|
|
);
|
|
|
|
/**
|
|
* Admin routes
|
|
*/
|
|
|
|
// GET /api/media/inquiries - List all inquiries (admin)
|
|
router.get('/inquiries',
|
|
authenticateToken,
|
|
requireRole('admin', 'moderator'),
|
|
asyncHandler(mediaController.listInquiries)
|
|
);
|
|
|
|
// GET /api/media/inquiries/urgent - List high urgency inquiries (admin)
|
|
router.get('/inquiries/urgent',
|
|
authenticateToken,
|
|
requireRole('admin', 'moderator'),
|
|
asyncHandler(mediaController.listUrgentInquiries)
|
|
);
|
|
|
|
// GET /api/media/inquiries/:id - Get inquiry by ID (admin)
|
|
router.get('/inquiries/:id',
|
|
authenticateToken,
|
|
requireRole('admin', 'moderator'),
|
|
validateObjectId('id'),
|
|
asyncHandler(mediaController.getInquiry)
|
|
);
|
|
|
|
// POST /api/media/inquiries/:id/assign - Assign inquiry to user (admin)
|
|
router.post('/inquiries/:id/assign',
|
|
authenticateToken,
|
|
requireRole('admin'),
|
|
validateObjectId('id'),
|
|
asyncHandler(mediaController.assignInquiry)
|
|
);
|
|
|
|
// POST /api/media/inquiries/:id/triage - Run AI triage (admin)
|
|
router.post('/inquiries/:id/triage',
|
|
authenticateToken,
|
|
requireRole('admin', 'moderator'),
|
|
validateObjectId('id'),
|
|
asyncHandler(mediaController.triageInquiry)
|
|
);
|
|
|
|
// POST /api/media/inquiries/:id/respond - Mark as responded (admin)
|
|
router.post('/inquiries/:id/respond',
|
|
authenticateToken,
|
|
requireRole('admin', 'moderator'),
|
|
validateObjectId('id'),
|
|
validateRequired(['content']),
|
|
asyncHandler(mediaController.respondToInquiry)
|
|
);
|
|
|
|
// DELETE /api/media/inquiries/:id - Delete inquiry (admin)
|
|
router.delete('/inquiries/:id',
|
|
authenticateToken,
|
|
requireRole('admin'),
|
|
validateObjectId('id'),
|
|
asyncHandler(mediaController.deleteInquiry)
|
|
);
|
|
|
|
module.exports = router;
|