/** * @copyright 2026 NHCarrigan * @license Naomi's Public License * @author Naomi Carrigan */ import { FastifyPluginAsync } from "fastify"; import { Comment, AuditAction, AuditCategory } from "@library/shared-types"; import { CommentService } from "../../services/comment.service"; import { AuditService } from "../../services/audit.service"; import { adminGuard } from "../../middleware/admin-guard"; interface UpdateCommentBody { content: string; } const commentsRoutes: FastifyPluginAsync = async (app) => { const commentService = new CommentService(); // Admin: Update any comment by ID app.put<{ Params: { id: string }; Body: UpdateCommentBody; Reply: Comment | { error: string } }>( "/:id", { preValidation: [app.authenticate, adminGuard], preHandler: [app.csrfProtection], }, async (request, reply) => { const { id } = request.params; const { content } = request.body; const existingComment = await commentService.getCommentById(id); if (!existingComment) { return reply.code(404).send({ error: "Comment not found" }); } const comment = await commentService.updateComment(id, content); await AuditService.logFromRequest(request, { action: AuditAction.commentUpdate, category: AuditCategory.admin, details: `Admin updated comment ${id}`, }); return comment; } ); // Admin: Delete any comment by ID app.delete<{ Params: { id: string }; Reply: { success: boolean } | { error: string } }>( "/:id", { preValidation: [app.authenticate, adminGuard], preHandler: [app.csrfProtection], }, async (request, reply) => { const { id } = request.params; const existingComment = await commentService.getCommentById(id); if (!existingComment) { return reply.code(404).send({ error: "Comment not found" }); } await commentService.deleteComment(id); await AuditService.logFromRequest(request, { action: AuditAction.commentDelete, category: AuditCategory.admin, details: `Admin deleted comment ${id}`, }); return { success: true }; } ); }; export default commentsRoutes;