feat: add suggestion feature

api/src/app/routes/suggestions/index.ts

@@ -0,0 +1,173 @@
+import type { FastifyInstance } from "fastify";
+import { SuggestionService } from "../../services/suggestion.service";
+import { AuditService } from "../../services/audit.service";
+import { AuditAction, AuditCategory } from "@library/shared-types";
+import type {
+  SuggestionStatus,
+  SuggestionEntity,
+  CreateSuggestionDto,
+  DeclineSuggestionDto,
+} from "@library/shared-types";
+import { adminGuard } from "../../middleware/admin-guard";
+import { bannedGuard } from "../../middleware/banned-guard";
+
+export default async function (app: FastifyInstance): Promise<void> {
+  // Get all suggestions (admin only)
+  app.get<{
+    Querystring: { status?: SuggestionStatus; entityType?: SuggestionEntity };
+  }>(
+    "/",
+    {
+      preHandler: [app.authenticate, adminGuard],
+    },
+    async (request, reply) => {
+      const { status, entityType } = request.query;
+
+      const suggestions = await SuggestionService.getAllSuggestions({
+        status,
+        entityType,
+      });
+
+      reply.send(suggestions);
+    }
+  );
+
+  // Get current user's suggestions
+  app.get(
+    "/my",
+    {
+      preHandler: [app.authenticate],
+    },
+    async (request, reply) => {
+      const userId = request.user.id;
+      const suggestions = await SuggestionService.getUserSuggestions(userId);
+      reply.send(suggestions);
+    }
+  );
+
+  // Get a single suggestion by ID
+  app.get<{ Params: { id: string } }>(
+    "/:id",
+    {
+      preHandler: [app.authenticate],
+    },
+    async (request, reply) => {
+      const { id } = request.params;
+      const suggestion = await SuggestionService.getSuggestionById(id);
+
+      if (!suggestion) {
+        return reply.notFound("Suggestion not found");
+      }
+
+      // Non-admins can only view their own suggestions
+      if (!request.user.isAdmin && suggestion.userId !== request.user.id) {
+        return reply.forbidden("You can only view your own suggestions");
+      }
+
+      reply.send(suggestion);
+    }
+  );
+
+  // Create a new suggestion (any authenticated non-banned user)
+  app.post<{ Body: CreateSuggestionDto }>(
+    "/",
+    {
+      preHandler: [app.authenticate, bannedGuard, app.csrfProtection],
+    },
+    async (request, reply) => {
+      const userId = request.user.id;
+
+      try {
+        const suggestion = await SuggestionService.createSuggestion(
+          userId,
+          request.body
+        );
+
+        await AuditService.log(
+          {
+            action: AuditAction.ENTRY_CREATE,
+            category: AuditCategory.CONTENT,
+            resourceType: "Suggestion",
+            resourceId: suggestion.id,
+            details: `Created ${suggestion.entityType} suggestion: ${suggestion.title}`,
+            success: true,
+          },
+          request
+        );
+
+        reply.send(suggestion);
+      } catch (error) {
+        return reply.badRequest(
+          error instanceof Error ? error.message : "Failed to create suggestion"
+        );
+      }
+    }
+  );
+
+  // Accept a suggestion (admin only)
+  app.put<{ Params: { id: string } }>(
+    "/:id/accept",
+    {
+      preHandler: [app.authenticate, adminGuard, app.csrfProtection],
+    },
+    async (request, reply) => {
+      const { id } = request.params;
+
+      try {
+        const suggestion = await SuggestionService.acceptSuggestion(id);
+
+        await AuditService.log(
+          {
+            action: AuditAction.ENTRY_UPDATE,
+            category: AuditCategory.ADMIN,
+            resourceType: "Suggestion",
+            resourceId: suggestion.id,
+            details: `Accepted ${suggestion.entityType} suggestion: ${suggestion.title}`,
+            success: true,
+          },
+          request
+        );
+
+        reply.send(suggestion);
+      } catch (error) {
+        return reply.badRequest(
+          error instanceof Error ? error.message : "Failed to accept suggestion"
+        );
+      }
+    }
+  );
+
+  // Decline a suggestion (admin only)
+  app.put<{ Params: { id: string }; Body: DeclineSuggestionDto }>(
+    "/:id/decline",
+    {
+      preHandler: [app.authenticate, adminGuard, app.csrfProtection],
+    },
+    async (request, reply) => {
+      const { id } = request.params;
+      const { reason } = request.body;
+
+      try {
+        const suggestion = await SuggestionService.declineSuggestion(id, reason);
+
+        await AuditService.log(
+          {
+            action: AuditAction.ENTRY_UPDATE,
+            category: AuditCategory.ADMIN,
+            resourceType: "Suggestion",
+            resourceId: suggestion.id,
+            details: `Declined ${suggestion.entityType} suggestion: ${suggestion.title}${reason ? ` (Reason: ${reason})` : ""}`,
+            success: true,
+          },
+          request
+        );
+
+        reply.send(suggestion);
+      } catch (error) {
+        return reply.badRequest(
+          error instanceof Error ? error.message : "Failed to decline suggestion"
+        );
+      }
+    }
+  );
+}