generated from nhcarrigan/template
7579f1ec97
## Summary This PR implements several improvements to the library application: - Added start and finish date tracking for media items - Added "Retired" category for abandoned media - Implemented avatar-based user menu with dropdown navigation - Added automatic background token refresh to prevent session expiry - Created centralised logging system with frontend-to-API log forwarding - Added toast notifications for error handling ## Changes ### Media Tracking (#41) - Added `dateStarted` and `dateFinished` fields to Books, Games, Manga, Music, and Shows - Updated TypeScript types, Prisma schema, and API services - Added manual date input fields to frontend forms - Properly converts HTML date strings to Date objects before API submission ### Retired Category (#43) - Added `RETIRED` status to all media type enums - Updated Prisma schema, frontend dropdowns, and filter buttons - Added status label handling for retired items ### User Menu (#46) - Replaced username text with avatar image in header - Created dropdown menu with navigation items (Users, Audit, Suggestions) - Added logout button to menu - Implemented keyboard accessibility (tabindex, role, keyup handlers) ### Token Refresh (#44) - Implemented automatic token refresh every 13 minutes in background - Added proactive refresh to prevent token expiry during form filling - Prevents users from losing form data due to expired sessions ### Centralised Logging (#1) - Created `/log` endpoint on API to receive frontend logs - Replaced API console.log calls with @nhcarrigan/logger - Created ConsoleLoggerService to intercept all console methods on frontend - Added global error handlers (window.error, unhandledrejection) on frontend - Added process error handlers (uncaughtException, unhandledRejection, SIGTERM, SIGINT) on API - All frontend console activity now forwarded to centralised logging ### Error Handling - Created ToastService and ToastComponent for displaying errors - Integrated with GlobalErrorHandler and HTTP interceptor - Added accessibility features (keyboard navigation, ARIA attributes) - Set toast opacity to 40% for optimal readability ### Testing & Build - Fixed pre-existing test failure for GET / route (now returns version info) - Added ESM module mocking (jsdom, marked, dompurify, @nhcarrigan/logger) - Configured Jest with isolatedModules to handle TypeScript errors - Excluded test-setup.ts from production build - All tests passing (123 total) - Build passing with no errors ## Test Plan - [x] All tests pass (123 tests) - [x] Build passes without errors - [x] Lint passes (only pre-existing warnings) - [x] Date fields work correctly on all media types - [x] Retired status displays and filters properly - [x] Avatar menu opens/closes correctly with keyboard and mouse - [x] Token refresh prevents session expiry - [x] Toast notifications appear for errors - [x] Frontend logs forward to API successfully - [x] Root route returns version information Closes #41 Closes #43 Closes #44 Closes #46 Closes #1 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Hikari <hikari@nhcarrigan.com> Reviewed-on: #50 Co-authored-by: Naomi Carrigan <commits@nhcarrigan.com> Co-committed-by: Naomi Carrigan <commits@nhcarrigan.com>
229 lines
6.7 KiB
TypeScript
229 lines
6.7 KiB
TypeScript
import type { FastifyInstance } from "fastify";
|
|
import { SuggestionService } from "../../services/suggestion.service";
|
|
import { AuditService } from "../../services/audit.service";
|
|
import { AuditAction, AuditCategory } from "@library/shared-types";
|
|
import type {
|
|
SuggestionStatus,
|
|
SuggestionEntity,
|
|
CreateSuggestionDto,
|
|
DeclineSuggestionDto,
|
|
AcceptWithEditsDto,
|
|
} from "@library/shared-types";
|
|
import { adminGuard } from "../../middleware/admin-guard";
|
|
import { bannedGuard } from "../../middleware/banned-guard";
|
|
|
|
export default async function (app: FastifyInstance): Promise<void> {
|
|
// Get all suggestions (admin only)
|
|
app.get<{
|
|
Querystring: { status?: SuggestionStatus; entityType?: SuggestionEntity };
|
|
}>(
|
|
"/",
|
|
{
|
|
preHandler: [app.authenticate, adminGuard],
|
|
},
|
|
async (request, reply) => {
|
|
const { status, entityType } = request.query;
|
|
|
|
const suggestions = await SuggestionService.getAllSuggestions({
|
|
status,
|
|
entityType,
|
|
});
|
|
|
|
reply.send(suggestions);
|
|
}
|
|
);
|
|
|
|
// Get current user's suggestions
|
|
app.get(
|
|
"/my",
|
|
{
|
|
preHandler: [app.authenticate],
|
|
},
|
|
async (request, reply) => {
|
|
const userId = request.user.id;
|
|
const suggestions = await SuggestionService.getUserSuggestions(userId);
|
|
reply.send(suggestions);
|
|
}
|
|
);
|
|
|
|
// Get a single suggestion by ID
|
|
app.get<{ Params: { id: string } }>(
|
|
"/:id",
|
|
{
|
|
preHandler: [app.authenticate],
|
|
},
|
|
async (request, reply) => {
|
|
const { id } = request.params;
|
|
const suggestion = await SuggestionService.getSuggestionById(id);
|
|
|
|
if (!suggestion) {
|
|
return reply.notFound("Suggestion not found");
|
|
}
|
|
|
|
// Non-admins can only view their own suggestions
|
|
if (!request.user.isAdmin && suggestion.userId !== request.user.id) {
|
|
return reply.forbidden("You can only view your own suggestions");
|
|
}
|
|
|
|
reply.send(suggestion);
|
|
}
|
|
);
|
|
|
|
// Create a new suggestion (any authenticated non-banned user)
|
|
app.post<{ Body: CreateSuggestionDto }>(
|
|
"/",
|
|
{
|
|
preHandler: [app.authenticate, bannedGuard, app.csrfProtection],
|
|
},
|
|
async (request, reply) => {
|
|
const userId = request.user.id;
|
|
|
|
try {
|
|
const suggestion = await SuggestionService.createSuggestion(
|
|
userId,
|
|
request.body
|
|
);
|
|
|
|
await AuditService.logFromRequest(request, {
|
|
action: AuditAction.entryCreate,
|
|
category: AuditCategory.content,
|
|
resourceType: "Suggestion",
|
|
resourceId: suggestion.id,
|
|
details: `Created ${suggestion.entityType} suggestion: ${suggestion.title}`,
|
|
success: true,
|
|
});
|
|
|
|
reply.send(suggestion);
|
|
} catch (error) {
|
|
return reply.badRequest(
|
|
error instanceof Error ? error.message : "Failed to create suggestion"
|
|
);
|
|
}
|
|
}
|
|
);
|
|
|
|
// Accept a suggestion (admin only)
|
|
app.put<{ Params: { id: string } }>(
|
|
"/:id/accept",
|
|
{
|
|
preHandler: [app.authenticate, adminGuard, app.csrfProtection],
|
|
},
|
|
async (request, reply) => {
|
|
const { id } = request.params;
|
|
|
|
try {
|
|
const suggestion = await SuggestionService.acceptSuggestion(id);
|
|
|
|
await AuditService.logFromRequest(request, {
|
|
action: AuditAction.entryUpdate,
|
|
category: AuditCategory.admin,
|
|
resourceType: "Suggestion",
|
|
resourceId: suggestion.id,
|
|
details: `Accepted ${suggestion.entityType} suggestion: ${suggestion.title}`,
|
|
success: true,
|
|
});
|
|
|
|
reply.send(suggestion);
|
|
} catch (error) {
|
|
return reply.badRequest(
|
|
error instanceof Error ? error.message : "Failed to accept suggestion"
|
|
);
|
|
}
|
|
}
|
|
);
|
|
|
|
// Accept a suggestion with edits (admin only)
|
|
app.put<{ Params: { id: string }; Body: AcceptWithEditsDto }>(
|
|
"/:id/accept-with-edits",
|
|
{
|
|
preHandler: [app.authenticate, adminGuard, app.csrfProtection],
|
|
},
|
|
async (request, reply) => {
|
|
const { id } = request.params;
|
|
const editedData = request.body;
|
|
|
|
try {
|
|
const suggestion = await SuggestionService.acceptSuggestionWithEdits(id, editedData);
|
|
|
|
await AuditService.logFromRequest(request, {
|
|
action: AuditAction.entryUpdate,
|
|
category: AuditCategory.admin,
|
|
resourceType: "Suggestion",
|
|
resourceId: suggestion.id,
|
|
details: `Accepted ${suggestion.entityType} suggestion with edits: ${suggestion.title}`,
|
|
success: true,
|
|
});
|
|
|
|
reply.send(suggestion);
|
|
} catch (error) {
|
|
return reply.badRequest(
|
|
error instanceof Error ? error.message : "Failed to accept suggestion with edits"
|
|
);
|
|
}
|
|
}
|
|
);
|
|
|
|
// Decline a suggestion (admin only)
|
|
app.put<{ Params: { id: string }; Body: DeclineSuggestionDto }>(
|
|
"/:id/decline",
|
|
{
|
|
preHandler: [app.authenticate, adminGuard, app.csrfProtection],
|
|
},
|
|
async (request, reply) => {
|
|
const { id } = request.params;
|
|
const { reason } = request.body;
|
|
|
|
try {
|
|
const suggestion = await SuggestionService.declineSuggestion(id, reason);
|
|
|
|
await AuditService.logFromRequest(request, {
|
|
action: AuditAction.entryUpdate,
|
|
category: AuditCategory.admin,
|
|
resourceType: "Suggestion",
|
|
resourceId: suggestion.id,
|
|
details: `Declined ${suggestion.entityType} suggestion: ${suggestion.title}${reason ? ` (Reason: ${reason})` : ""}`,
|
|
success: true,
|
|
});
|
|
|
|
reply.send(suggestion);
|
|
} catch (error) {
|
|
return reply.badRequest(
|
|
error instanceof Error ? error.message : "Failed to decline suggestion"
|
|
);
|
|
}
|
|
}
|
|
);
|
|
|
|
// Delete a suggestion (owner or admin only, only if unreviewed)
|
|
app.delete<{ Params: { id: string } }>(
|
|
"/:id",
|
|
{
|
|
preHandler: [app.authenticate, app.csrfProtection],
|
|
},
|
|
async (request, reply) => {
|
|
const { id } = request.params;
|
|
const userId = request.user.id;
|
|
const isAdmin = request.user.isAdmin;
|
|
|
|
try {
|
|
const suggestion = await SuggestionService.deleteSuggestion(id, userId, isAdmin);
|
|
|
|
await AuditService.logFromRequest(request, {
|
|
action: AuditAction.entryDelete,
|
|
category: isAdmin ? AuditCategory.admin : AuditCategory.content,
|
|
resourceType: "Suggestion",
|
|
resourceId: suggestion.id,
|
|
details: `Deleted ${suggestion.entityType} suggestion: ${suggestion.title}`,
|
|
success: true,
|
|
});
|
|
|
|
reply.send({ success: true });
|
|
} catch (error) {
|
|
return reply.badRequest(
|
|
error instanceof Error ? error.message : "Failed to delete suggestion"
|
|
);
|
|
}
|
|
}
|
|
);
|
|
}
|