tractatus/src/routes/media.routes.js

/**
 * Media Inquiry Routes
 * Press/media inquiry submission and triage endpoints
 */

const express = require('express');
const router = express.Router();

const mediaController = require('../controllers/media.controller');
const { authenticateToken, requireRole } = require('../middleware/auth.middleware');
const { validateRequired, validateEmail, validateObjectId } = require('../middleware/validation.middleware');
const { asyncHandler } = require('../middleware/error.middleware');
const { createInputValidationMiddleware } = require('../middleware/input-validation.middleware');
const { formRateLimiter } = require('../middleware/rate-limit.middleware');
const { csrfProtection } = require('../middleware/csrf-protection.middleware');

/**
 * Public routes
 */

// Validation schema for media inquiry submission
const mediaInquirySchema = {
  'contact.name': { required: true, type: 'name', maxLength: 100 },
  'contact.email': { required: true, type: 'email', maxLength: 254 },
  'contact.outlet': { required: true, type: 'default', maxLength: 200 },
  'contact.phone': { required: false, type: 'phone', maxLength: 20 },
  'contact.role': { required: false, type: 'default', maxLength: 100 },
  'inquiry.subject': { required: true, type: 'title', maxLength: 200 },
  'inquiry.message': { required: true, type: 'description', maxLength: 5000 },
  'inquiry.deadline': { required: false, type: 'default', maxLength: 100 }
};

// POST /api/media/inquiries - Submit media inquiry (public)
router.post('/inquiries',
  formRateLimiter,  // 5 requests per minute
  csrfProtection,  // CSRF validation
  createInputValidationMiddleware(mediaInquirySchema),
  validateRequired(['contact.name', 'contact.email', 'contact.outlet', 'inquiry.subject', 'inquiry.message']),
  validateEmail('contact.email'),
  asyncHandler(mediaController.submitInquiry)
);

// GET /api/media/triage-stats - Get triage statistics (public, transparency)
router.get('/triage-stats',
  asyncHandler(mediaController.getTriageStats)
);

/**
 * Admin routes
 */

// GET /api/media/inquiries - List all inquiries (admin)
router.get('/inquiries',
  authenticateToken,
  requireRole('admin', 'moderator'),
  asyncHandler(mediaController.listInquiries)
);

// GET /api/media/inquiries/urgent - List high urgency inquiries (admin)
router.get('/inquiries/urgent',
  authenticateToken,
  requireRole('admin', 'moderator'),
  asyncHandler(mediaController.listUrgentInquiries)
);

// GET /api/media/inquiries/:id - Get inquiry by ID (admin)
router.get('/inquiries/:id',
  authenticateToken,
  requireRole('admin', 'moderator'),
  validateObjectId('id'),
  asyncHandler(mediaController.getInquiry)
);

// POST /api/media/inquiries/:id/assign - Assign inquiry to user (admin)
router.post('/inquiries/:id/assign',
  authenticateToken,
  requireRole('admin'),
  validateObjectId('id'),
  asyncHandler(mediaController.assignInquiry)
);

// POST /api/media/inquiries/:id/triage - Run AI triage (admin)
router.post('/inquiries/:id/triage',
  authenticateToken,
  requireRole('admin', 'moderator'),
  validateObjectId('id'),
  asyncHandler(mediaController.triageInquiry)
);

// POST /api/media/inquiries/:id/respond - Mark as responded (admin)
router.post('/inquiries/:id/respond',
  authenticateToken,
  requireRole('admin', 'moderator'),
  validateObjectId('id'),
  validateRequired(['content']),
  asyncHandler(mediaController.respondToInquiry)
);

// DELETE /api/media/inquiries/:id - Delete inquiry (admin)
router.delete('/inquiries/:id',
  authenticateToken,
  requireRole('admin'),
  validateObjectId('id'),
  asyncHandler(mediaController.deleteInquiry)
);

module.exports = router;