Files
library/api/src/app/routes/suggestions/index.ts
T
naomi 7579f1ec97
Node.js CI / CI (push) Successful in 1m18s
Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m17s
feat: multiple improvements to library functionality (#50)
## Summary

This PR implements several improvements to the library application:

- Added start and finish date tracking for media items
- Added "Retired" category for abandoned media
- Implemented avatar-based user menu with dropdown navigation
- Added automatic background token refresh to prevent session expiry
- Created centralised logging system with frontend-to-API log forwarding
- Added toast notifications for error handling

## Changes

### Media Tracking (#41)
- Added `dateStarted` and `dateFinished` fields to Books, Games, Manga, Music, and Shows
- Updated TypeScript types, Prisma schema, and API services
- Added manual date input fields to frontend forms
- Properly converts HTML date strings to Date objects before API submission

### Retired Category (#43)
- Added `RETIRED` status to all media type enums
- Updated Prisma schema, frontend dropdowns, and filter buttons
- Added status label handling for retired items

### User Menu (#46)
- Replaced username text with avatar image in header
- Created dropdown menu with navigation items (Users, Audit, Suggestions)
- Added logout button to menu
- Implemented keyboard accessibility (tabindex, role, keyup handlers)

### Token Refresh (#44)
- Implemented automatic token refresh every 13 minutes in background
- Added proactive refresh to prevent token expiry during form filling
- Prevents users from losing form data due to expired sessions

### Centralised Logging (#1)
- Created `/log` endpoint on API to receive frontend logs
- Replaced API console.log calls with @nhcarrigan/logger
- Created ConsoleLoggerService to intercept all console methods on frontend
- Added global error handlers (window.error, unhandledrejection) on frontend
- Added process error handlers (uncaughtException, unhandledRejection, SIGTERM, SIGINT) on API
- All frontend console activity now forwarded to centralised logging

### Error Handling
- Created ToastService and ToastComponent for displaying errors
- Integrated with GlobalErrorHandler and HTTP interceptor
- Added accessibility features (keyboard navigation, ARIA attributes)
- Set toast opacity to 40% for optimal readability

### Testing & Build
- Fixed pre-existing test failure for GET / route (now returns version info)
- Added ESM module mocking (jsdom, marked, dompurify, @nhcarrigan/logger)
- Configured Jest with isolatedModules to handle TypeScript errors
- Excluded test-setup.ts from production build
- All tests passing (123 total)
- Build passing with no errors

## Test Plan

- [x] All tests pass (123 tests)
- [x] Build passes without errors
- [x] Lint passes (only pre-existing warnings)
- [x] Date fields work correctly on all media types
- [x] Retired status displays and filters properly
- [x] Avatar menu opens/closes correctly with keyboard and mouse
- [x] Token refresh prevents session expiry
- [x] Toast notifications appear for errors
- [x] Frontend logs forward to API successfully
- [x] Root route returns version information

Closes #41
Closes #43
Closes #44
Closes #46
Closes #1

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Hikari <hikari@nhcarrigan.com>
Reviewed-on: #50
Co-authored-by: Naomi Carrigan <commits@nhcarrigan.com>
Co-committed-by: Naomi Carrigan <commits@nhcarrigan.com>
2026-02-19 16:52:43 -08:00

229 lines
6.7 KiB
TypeScript

import type { FastifyInstance } from "fastify";
import { SuggestionService } from "../../services/suggestion.service";
import { AuditService } from "../../services/audit.service";
import { AuditAction, AuditCategory } from "@library/shared-types";
import type {
SuggestionStatus,
SuggestionEntity,
CreateSuggestionDto,
DeclineSuggestionDto,
AcceptWithEditsDto,
} from "@library/shared-types";
import { adminGuard } from "../../middleware/admin-guard";
import { bannedGuard } from "../../middleware/banned-guard";
export default async function (app: FastifyInstance): Promise<void> {
// Get all suggestions (admin only)
app.get<{
Querystring: { status?: SuggestionStatus; entityType?: SuggestionEntity };
}>(
"/",
{
preHandler: [app.authenticate, adminGuard],
},
async (request, reply) => {
const { status, entityType } = request.query;
const suggestions = await SuggestionService.getAllSuggestions({
status,
entityType,
});
reply.send(suggestions);
}
);
// Get current user's suggestions
app.get(
"/my",
{
preHandler: [app.authenticate],
},
async (request, reply) => {
const userId = request.user.id;
const suggestions = await SuggestionService.getUserSuggestions(userId);
reply.send(suggestions);
}
);
// Get a single suggestion by ID
app.get<{ Params: { id: string } }>(
"/:id",
{
preHandler: [app.authenticate],
},
async (request, reply) => {
const { id } = request.params;
const suggestion = await SuggestionService.getSuggestionById(id);
if (!suggestion) {
return reply.notFound("Suggestion not found");
}
// Non-admins can only view their own suggestions
if (!request.user.isAdmin && suggestion.userId !== request.user.id) {
return reply.forbidden("You can only view your own suggestions");
}
reply.send(suggestion);
}
);
// Create a new suggestion (any authenticated non-banned user)
app.post<{ Body: CreateSuggestionDto }>(
"/",
{
preHandler: [app.authenticate, bannedGuard, app.csrfProtection],
},
async (request, reply) => {
const userId = request.user.id;
try {
const suggestion = await SuggestionService.createSuggestion(
userId,
request.body
);
await AuditService.logFromRequest(request, {
action: AuditAction.entryCreate,
category: AuditCategory.content,
resourceType: "Suggestion",
resourceId: suggestion.id,
details: `Created ${suggestion.entityType} suggestion: ${suggestion.title}`,
success: true,
});
reply.send(suggestion);
} catch (error) {
return reply.badRequest(
error instanceof Error ? error.message : "Failed to create suggestion"
);
}
}
);
// Accept a suggestion (admin only)
app.put<{ Params: { id: string } }>(
"/:id/accept",
{
preHandler: [app.authenticate, adminGuard, app.csrfProtection],
},
async (request, reply) => {
const { id } = request.params;
try {
const suggestion = await SuggestionService.acceptSuggestion(id);
await AuditService.logFromRequest(request, {
action: AuditAction.entryUpdate,
category: AuditCategory.admin,
resourceType: "Suggestion",
resourceId: suggestion.id,
details: `Accepted ${suggestion.entityType} suggestion: ${suggestion.title}`,
success: true,
});
reply.send(suggestion);
} catch (error) {
return reply.badRequest(
error instanceof Error ? error.message : "Failed to accept suggestion"
);
}
}
);
// Accept a suggestion with edits (admin only)
app.put<{ Params: { id: string }; Body: AcceptWithEditsDto }>(
"/:id/accept-with-edits",
{
preHandler: [app.authenticate, adminGuard, app.csrfProtection],
},
async (request, reply) => {
const { id } = request.params;
const editedData = request.body;
try {
const suggestion = await SuggestionService.acceptSuggestionWithEdits(id, editedData);
await AuditService.logFromRequest(request, {
action: AuditAction.entryUpdate,
category: AuditCategory.admin,
resourceType: "Suggestion",
resourceId: suggestion.id,
details: `Accepted ${suggestion.entityType} suggestion with edits: ${suggestion.title}`,
success: true,
});
reply.send(suggestion);
} catch (error) {
return reply.badRequest(
error instanceof Error ? error.message : "Failed to accept suggestion with edits"
);
}
}
);
// Decline a suggestion (admin only)
app.put<{ Params: { id: string }; Body: DeclineSuggestionDto }>(
"/:id/decline",
{
preHandler: [app.authenticate, adminGuard, app.csrfProtection],
},
async (request, reply) => {
const { id } = request.params;
const { reason } = request.body;
try {
const suggestion = await SuggestionService.declineSuggestion(id, reason);
await AuditService.logFromRequest(request, {
action: AuditAction.entryUpdate,
category: AuditCategory.admin,
resourceType: "Suggestion",
resourceId: suggestion.id,
details: `Declined ${suggestion.entityType} suggestion: ${suggestion.title}${reason ? ` (Reason: ${reason})` : ""}`,
success: true,
});
reply.send(suggestion);
} catch (error) {
return reply.badRequest(
error instanceof Error ? error.message : "Failed to decline suggestion"
);
}
}
);
// Delete a suggestion (owner or admin only, only if unreviewed)
app.delete<{ Params: { id: string } }>(
"/:id",
{
preHandler: [app.authenticate, app.csrfProtection],
},
async (request, reply) => {
const { id } = request.params;
const userId = request.user.id;
const isAdmin = request.user.isAdmin;
try {
const suggestion = await SuggestionService.deleteSuggestion(id, userId, isAdmin);
await AuditService.logFromRequest(request, {
action: AuditAction.entryDelete,
category: isAdmin ? AuditCategory.admin : AuditCategory.content,
resourceType: "Suggestion",
resourceId: suggestion.id,
details: `Deleted ${suggestion.entityType} suggestion: ${suggestion.title}`,
success: true,
});
reply.send({ success: true });
} catch (error) {
return reply.badRequest(
error instanceof Error ? error.message : "Failed to delete suggestion"
);
}
}
);
}