archetecture security fix
This commit is contained in:
@@ -0,0 +1,247 @@
|
||||
"use strict";
|
||||
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
||||
if (k2 === undefined) k2 = k;
|
||||
var desc = Object.getOwnPropertyDescriptor(m, k);
|
||||
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
||||
desc = { enumerable: true, get: function() { return m[k]; } };
|
||||
}
|
||||
Object.defineProperty(o, k2, desc);
|
||||
}) : (function(o, m, k, k2) {
|
||||
if (k2 === undefined) k2 = k;
|
||||
o[k2] = m[k];
|
||||
}));
|
||||
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
||||
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
||||
}) : function(o, v) {
|
||||
o["default"] = v;
|
||||
});
|
||||
var __importStar = (this && this.__importStar) || (function () {
|
||||
var ownKeys = function(o) {
|
||||
ownKeys = Object.getOwnPropertyNames || function (o) {
|
||||
var ar = [];
|
||||
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
||||
return ar;
|
||||
};
|
||||
return ownKeys(o);
|
||||
};
|
||||
return function (mod) {
|
||||
if (mod && mod.__esModule) return mod;
|
||||
var result = {};
|
||||
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
||||
__setModuleDefault(result, mod);
|
||||
return result;
|
||||
};
|
||||
})();
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
const express_1 = require("express");
|
||||
const zod_1 = require("zod");
|
||||
const requireCompanyAuth_1 = require("../../middleware/requireCompanyAuth");
|
||||
const requireTenant_1 = require("../../middleware/requireTenant");
|
||||
const requireSubscription_1 = require("../../middleware/requireSubscription");
|
||||
const validate_1 = require("../../http/validate");
|
||||
const respond_1 = require("../../http/respond");
|
||||
const upload_1 = require("../../http/upload");
|
||||
const service = __importStar(require("./reservation.service"));
|
||||
const lifecycle = __importStar(require("./reservation.lifecycle.service"));
|
||||
const inspectionService = __importStar(require("./reservation.inspection.service"));
|
||||
const additionalDriverService = __importStar(require("./reservation.additional-driver.service"));
|
||||
const photoService = __importStar(require("./reservation.photo.service"));
|
||||
const reservation_document_service_1 = require("./reservation.document.service");
|
||||
const reservation_schemas_1 = require("./reservation.schemas");
|
||||
const photoTypeSchema = zod_1.z.enum(['PICKUP', 'DROPOFF']);
|
||||
const photoParamSchema = zod_1.z.object({ id: zod_1.z.string(), photoId: zod_1.z.string() });
|
||||
const router = (0, express_1.Router)();
|
||||
router.use(requireCompanyAuth_1.requireCompanyAuth, requireTenant_1.requireTenant, requireSubscription_1.requireSubscription);
|
||||
router.get('/', async (req, res, next) => {
|
||||
try {
|
||||
const query = (0, validate_1.parseQuery)(reservation_schemas_1.listQuerySchema, req);
|
||||
const result = await service.listReservations(req.companyId, query);
|
||||
res.json(result);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.post('/', async (req, res, next) => {
|
||||
try {
|
||||
const body = (0, validate_1.parseBody)(reservation_schemas_1.createSchema, req);
|
||||
const reservation = await service.createReservation(req.companyId, body);
|
||||
(0, respond_1.created)(res, reservation);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.get('/:id', async (req, res, next) => {
|
||||
try {
|
||||
const { id } = (0, validate_1.parseParams)(reservation_schemas_1.idParamSchema, req);
|
||||
const reservation = await service.getReservation(id, req.companyId);
|
||||
(0, respond_1.ok)(res, reservation);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.patch('/:id', async (req, res, next) => {
|
||||
try {
|
||||
const { id } = (0, validate_1.parseParams)(reservation_schemas_1.idParamSchema, req);
|
||||
const body = (0, validate_1.parseBody)(reservation_schemas_1.updateSchema, req);
|
||||
const reservation = await service.updateReservation(id, req.companyId, body);
|
||||
(0, respond_1.ok)(res, reservation);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.get('/:id/contract', async (req, res, next) => {
|
||||
try {
|
||||
const { id } = (0, validate_1.parseParams)(reservation_schemas_1.idParamSchema, req);
|
||||
const contract = await (0, reservation_document_service_1.getContract)(id, req.companyId);
|
||||
(0, respond_1.ok)(res, contract);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.get('/:id/billing', async (req, res, next) => {
|
||||
try {
|
||||
const { id } = (0, validate_1.parseParams)(reservation_schemas_1.idParamSchema, req);
|
||||
const billing = await (0, reservation_document_service_1.getBilling)(id, req.companyId);
|
||||
(0, respond_1.ok)(res, billing);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.post('/:id/confirm', async (req, res, next) => {
|
||||
try {
|
||||
const { id } = (0, validate_1.parseParams)(reservation_schemas_1.idParamSchema, req);
|
||||
const updated = await lifecycle.confirmReservation(id, req.companyId);
|
||||
(0, respond_1.ok)(res, updated);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.post('/:id/checkin', async (req, res, next) => {
|
||||
try {
|
||||
const { id } = (0, validate_1.parseParams)(reservation_schemas_1.idParamSchema, req);
|
||||
const { mileage } = (0, validate_1.parseBody)(reservation_schemas_1.checkinSchema, req);
|
||||
const updated = await lifecycle.checkinReservation(id, req.companyId, mileage);
|
||||
(0, respond_1.ok)(res, updated);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.post('/:id/checkout', async (req, res, next) => {
|
||||
try {
|
||||
const { id } = (0, validate_1.parseParams)(reservation_schemas_1.idParamSchema, req);
|
||||
const { mileage } = (0, validate_1.parseBody)(reservation_schemas_1.checkoutSchema, req);
|
||||
const updated = await lifecycle.checkoutReservation(id, req.companyId, mileage);
|
||||
(0, respond_1.ok)(res, updated);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.post('/:id/close', async (req, res, next) => {
|
||||
try {
|
||||
const { id } = (0, validate_1.parseParams)(reservation_schemas_1.idParamSchema, req);
|
||||
const closedBy = `${req.employee.firstName} ${req.employee.lastName}`;
|
||||
const reservation = await lifecycle.closeReservation(id, req.companyId, closedBy);
|
||||
(0, respond_1.ok)(res, reservation);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.post('/:id/extend', async (req, res, next) => {
|
||||
try {
|
||||
const { id } = (0, validate_1.parseParams)(reservation_schemas_1.idParamSchema, req);
|
||||
const { newEndDate, reason } = (0, validate_1.parseBody)(reservation_schemas_1.extendSchema, req);
|
||||
(0, respond_1.ok)(res, await lifecycle.extendReservation(id, req.companyId, new Date(newEndDate), reason));
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.post('/:id/cancel', async (req, res, next) => {
|
||||
try {
|
||||
const { id } = (0, validate_1.parseParams)(reservation_schemas_1.idParamSchema, req);
|
||||
const { reason } = (0, validate_1.parseBody)(reservation_schemas_1.cancelSchema, req);
|
||||
const updated = await lifecycle.cancelReservation(id, req.companyId, reason);
|
||||
(0, respond_1.ok)(res, updated);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.get('/:id/inspections', async (req, res, next) => {
|
||||
try {
|
||||
const { id } = (0, validate_1.parseParams)(reservation_schemas_1.idParamSchema, req);
|
||||
const inspections = await inspectionService.getInspections(id, req.companyId);
|
||||
(0, respond_1.ok)(res, inspections);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.put('/:id/inspections/:type', async (req, res, next) => {
|
||||
try {
|
||||
const { id, type: rawType } = (0, validate_1.parseParams)(reservation_schemas_1.inspectionParamSchema, req);
|
||||
const type = reservation_schemas_1.inspectionTypeParam.parse(rawType.toUpperCase());
|
||||
const body = (0, validate_1.parseBody)(reservation_schemas_1.inspectionSchema, req);
|
||||
const inspectedBy = `${req.employee.firstName} ${req.employee.lastName}`;
|
||||
const result = await inspectionService.upsertInspection(id, req.companyId, type, body, inspectedBy);
|
||||
(0, respond_1.ok)(res, result);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.patch('/:id/additional-drivers/:driverId/approval', async (req, res, next) => {
|
||||
try {
|
||||
const { id, driverId } = (0, validate_1.parseParams)(reservation_schemas_1.driverParamSchema, req);
|
||||
const { approved, note } = (0, validate_1.parseBody)(reservation_schemas_1.approvalSchema, req);
|
||||
const approvedBy = `${req.employee.firstName} ${req.employee.lastName}`;
|
||||
const updated = await additionalDriverService.approveAdditionalDriver(id, driverId, req.companyId, approved, note, approvedBy);
|
||||
(0, respond_1.ok)(res, updated);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.get('/:id/photos', async (req, res, next) => {
|
||||
try {
|
||||
const { id } = (0, validate_1.parseParams)(reservation_schemas_1.idParamSchema, req);
|
||||
(0, respond_1.ok)(res, await photoService.listPhotos(id, req.companyId));
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.post('/:id/photos', upload_1.imageUpload.single('photo'), async (req, res, next) => {
|
||||
try {
|
||||
const { id } = (0, validate_1.parseParams)(reservation_schemas_1.idParamSchema, req);
|
||||
(0, upload_1.assertImageFile)(req.file, 'photo');
|
||||
const type = photoTypeSchema.parse(req.body.type);
|
||||
const photo = await photoService.uploadPhoto(id, req.companyId, type, req.file.buffer);
|
||||
(0, respond_1.created)(res, photo);
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
router.delete('/:id/photos/:photoId', async (req, res, next) => {
|
||||
try {
|
||||
const { id, photoId } = (0, validate_1.parseParams)(photoParamSchema, req);
|
||||
await photoService.deletePhoto(photoId, id, req.companyId);
|
||||
(0, respond_1.ok)(res, { deleted: true });
|
||||
}
|
||||
catch (err) {
|
||||
next(err);
|
||||
}
|
||||
});
|
||||
exports.default = router;
|
||||
//# sourceMappingURL=reservation.routes.js.map
|
||||
Reference in New Issue
Block a user