/** * @copyright 2026 NHCarrigan * @license Naomi's Public License * @author Naomi Carrigan */ import { FastifyPluginAsync } from "fastify"; import { Book, CreateBookDto, UpdateBookDto, Comment, CreateCommentDto, AuditAction, AuditCategory, AchievementCategory } from "@library/shared-types"; import { BookService } from "../../services/book.service"; import { CommentService } from "../../services/comment.service"; import { AuditService } from "../../services/audit.service"; import { AchievementService } from "../../services/achievement.service"; import { adminGuard } from "../../middleware/admin-guard"; import { bannedGuard } from "../../middleware/banned-guard"; const booksRoutes: FastifyPluginAsync = async (app) => { const bookService = new BookService(); const commentService = new CommentService(); /** * Get all books (public route). */ app.get<{ Reply: Book[] }>("/", async () => { return bookService.getAllBooks(); }); /** * Get all books in a series (public route). */ app.get<{ Params: { seriesName: string }; Reply: Book[] }>( "/series/:seriesName", async (request) => { const { seriesName } = request.params; return bookService.getBooksBySeries(seriesName); } ); /** * Get single book by ID (public route). */ app.get<{ Params: { id: string }; Reply: Book | null }>( "/:id", async (request) => { const { id } = request.params; return bookService.getBookById(id); } ); /** * Create new book (admin only). */ app.post<{ Body: CreateBookDto; Reply: Book }>( "/", { preValidation: [app.authenticate, adminGuard], preHandler: [app.csrfProtection], }, async (request) => { const book = await bookService.createBook(request.body); await AuditService.logFromRequest(request, { action: AuditAction.entryCreate, category: AuditCategory.content, resourceType: "book", resourceId: book.id, details: `Created book: ${book.title}`, }); return book; } ); /** * Update book by ID (admin only). */ app.put<{ Params: { id: string }; Body: UpdateBookDto; Reply: Book | null; }>( "/:id", { preValidation: [app.authenticate, adminGuard], preHandler: [app.csrfProtection], }, async (request) => { const { id } = request.params; const book = await bookService.updateBook(id, request.body); if (book) { await AuditService.logFromRequest(request, { action: AuditAction.entryUpdate, category: AuditCategory.content, resourceType: "book", resourceId: id, details: `Updated book: ${book.title}`, }); } return book; } ); /** * Delete book by ID (admin only). */ app.delete<{ Params: { id: string }; Reply: { success: boolean } }>( "/:id", { preValidation: [app.authenticate, adminGuard], preHandler: [app.csrfProtection], }, async (request) => { const { id } = request.params; await bookService.deleteBook(id); await AuditService.logFromRequest(request, { action: AuditAction.entryDelete, category: AuditCategory.content, resourceType: "book", resourceId: id, details: `Deleted book with ID: ${id}`, }); return { success: true }; } ); /** * Get comments for a book (public route). */ app.get<{ Params: { id: string }; Reply: Comment[] }>( "/:id/comments", async (request) => { const { id } = request.params; return commentService.getCommentsForBook(id); } ); /** * Add comment to a book (authenticated users). */ app.post<{ Params: { id: string }; Body: CreateCommentDto; Reply: Comment }>( "/:id/comments", { preValidation: [app.authenticate, bannedGuard], preHandler: [app.csrfProtection], }, async (request) => { const { id } = request.params; const userId = request.user.id; const comment = await commentService.createCommentForBook(id, userId, request.body); await AuditService.logFromRequest(request, { action: AuditAction.commentCreate, category: AuditCategory.content, resourceType: "book", resourceId: id, details: `Added comment to book`, }); // Check for comment achievements const achievementService = new AchievementService(); await achievementService.checkAchievements( userId, AchievementCategory.Comment, request ); return comment; } ); /** * Update comment (owner or admin). */ app.put<{ Params: { id: string; commentId: string }; Body: CreateCommentDto; Reply: Comment | { error: string } }>( "/:id/comments/:commentId", { preValidation: [app.authenticate], preHandler: [app.csrfProtection], }, async (request, reply) => { const { id, commentId } = request.params; const userId = request.user.id; const isAdmin = request.user.isAdmin; const verification = await commentService.verifyCommentOwnership(commentId, "book", id); if (!verification.exists) { return reply.code(404).send({ error: "Comment not found" }); } if (verification.comment?.userId !== userId && !isAdmin) { return reply.code(403).send({ error: "You can only edit your own comments" }); } const comment = await commentService.updateComment(commentId, request.body.content); await AuditService.logFromRequest(request, { action: AuditAction.commentUpdate, category: AuditCategory.content, resourceType: "book", resourceId: id, details: `Updated comment ${commentId} on book`, }); return comment; } ); /** * Delete comment (owner or admin). */ app.delete<{ Params: { id: string; commentId: string }; Reply: { success: boolean } | { error: string } }>( "/:id/comments/:commentId", { preValidation: [app.authenticate], preHandler: [app.csrfProtection], }, async (request, reply) => { const { id, commentId } = request.params; const userId = request.user.id; const isAdmin = request.user.isAdmin; const verification = await commentService.verifyCommentOwnership(commentId, "book", id); if (!verification.exists) { return reply.code(404).send({ error: "Comment not found" }); } if (verification.comment?.userId !== userId && !isAdmin) { return reply.code(403).send({ error: "You can only delete your own comments" }); } await commentService.deleteComment(commentId); await AuditService.logFromRequest(request, { action: AuditAction.commentDelete, category: isAdmin && verification.comment?.userId !== userId ? AuditCategory.admin : AuditCategory.content, resourceType: "book", resourceId: id, details: `Deleted comment ${commentId} from book`, }); return { success: true }; } ); }; export default booksRoutes;