139 lines
5.2 KiB
JavaScript
139 lines
5.2 KiB
JavaScript
const express = require('express');
|
|
const router = express.Router();
|
|
const { body, param, validationResult } = require('express-validator');
|
|
const representativesController = require('../controllers/representatives');
|
|
const emailsController = require('../controllers/emails');
|
|
const campaignsController = require('../controllers/campaigns');
|
|
const rateLimiter = require('../utils/rate-limiter');
|
|
const { requireAdmin } = require('../middleware/auth');
|
|
|
|
// Validation middleware
|
|
const handleValidationErrors = (req, res, next) => {
|
|
const errors = validationResult(req);
|
|
if (!errors.isEmpty()) {
|
|
return res.status(400).json({ errors: errors.array() });
|
|
}
|
|
next();
|
|
};
|
|
|
|
// Test endpoints
|
|
router.get('/health', (req, res) => {
|
|
res.json({ status: 'ok', timestamp: new Date().toISOString() });
|
|
});
|
|
|
|
router.get('/test-represent', representativesController.testConnection);
|
|
router.get('/test-smtp', requireAdmin, emailsController.testSMTPConnection);
|
|
|
|
// Representatives endpoints
|
|
router.get(
|
|
'/representatives/by-postal/:postalCode',
|
|
param('postalCode').matches(/^[A-Za-z]\d[A-Za-z]\s?\d[A-Za-z]\d$/).withMessage('Invalid postal code format'),
|
|
handleValidationErrors,
|
|
rateLimiter.general,
|
|
representativesController.getByPostalCode
|
|
);
|
|
|
|
router.post(
|
|
'/representatives/refresh-postal/:postalCode',
|
|
param('postalCode').matches(/^[A-Za-z]\d[A-Za-z]\s?\d[A-Za-z]\d$/).withMessage('Invalid postal code format'),
|
|
handleValidationErrors,
|
|
representativesController.refreshPostalCode
|
|
);
|
|
|
|
// Email endpoints
|
|
router.post(
|
|
'/emails/preview',
|
|
rateLimiter.general,
|
|
[
|
|
body('recipientEmail').isEmail().withMessage('Valid recipient email is required'),
|
|
body('senderName').notEmpty().withMessage('Sender name is required'),
|
|
body('senderEmail').isEmail().withMessage('Valid sender email is required'),
|
|
body('subject').notEmpty().withMessage('Subject is required'),
|
|
body('message').notEmpty().withMessage('Message is required'),
|
|
body('postalCode').matches(/^[A-Za-z]\d[A-Za-z]\s?\d[A-Za-z]\d$/).withMessage('Invalid postal code format')
|
|
],
|
|
handleValidationErrors,
|
|
emailsController.previewEmail
|
|
);
|
|
|
|
router.post(
|
|
'/emails/send',
|
|
rateLimiter.email, // General hourly rate limit
|
|
rateLimiter.perRecipientEmailLimiter, // Per-recipient 5-minute rate limit
|
|
[
|
|
body('recipientEmail').isEmail().withMessage('Valid email is required'),
|
|
body('senderName').notEmpty().withMessage('Sender name is required'),
|
|
body('senderEmail').isEmail().withMessage('Valid sender email is required'),
|
|
body('subject').notEmpty().withMessage('Subject is required'),
|
|
body('message').notEmpty().withMessage('Message is required'),
|
|
body('postalCode').matches(/^[A-Za-z]\d[A-Za-z]\s?\d[A-Za-z]\d$/).withMessage('Invalid postal code format')
|
|
],
|
|
handleValidationErrors,
|
|
emailsController.sendEmail
|
|
);
|
|
|
|
// Email testing endpoints
|
|
router.post(
|
|
'/emails/test',
|
|
requireAdmin,
|
|
rateLimiter.general,
|
|
[
|
|
body('subject').notEmpty().withMessage('Subject is required'),
|
|
body('message').notEmpty().withMessage('Message is required')
|
|
],
|
|
handleValidationErrors,
|
|
emailsController.sendTestEmail
|
|
);
|
|
|
|
router.get(
|
|
'/emails/logs',
|
|
requireAdmin,
|
|
rateLimiter.general,
|
|
emailsController.getEmailLogs
|
|
);
|
|
|
|
// Campaign endpoints (Admin) - Protected
|
|
router.get('/admin/campaigns', requireAdmin, rateLimiter.general, campaignsController.getAllCampaigns);
|
|
router.get('/admin/campaigns/:id', requireAdmin, rateLimiter.general, campaignsController.getCampaignById);
|
|
router.post(
|
|
'/admin/campaigns',
|
|
requireAdmin,
|
|
rateLimiter.general,
|
|
[
|
|
body('title').notEmpty().withMessage('Campaign title is required'),
|
|
body('email_subject').notEmpty().withMessage('Email subject is required'),
|
|
body('email_body').notEmpty().withMessage('Email body is required')
|
|
],
|
|
handleValidationErrors,
|
|
campaignsController.createCampaign
|
|
);
|
|
router.put('/admin/campaigns/:id', requireAdmin, rateLimiter.general, campaignsController.updateCampaign);
|
|
router.delete('/admin/campaigns/:id', requireAdmin, rateLimiter.general, campaignsController.deleteCampaign);
|
|
router.get('/admin/campaigns/:id/analytics', requireAdmin, rateLimiter.general, campaignsController.getCampaignAnalytics);
|
|
|
|
// Campaign endpoints (Public)
|
|
router.get('/campaigns/:slug', rateLimiter.general, campaignsController.getCampaignBySlug);
|
|
router.get('/campaigns/:slug/representatives/:postalCode', rateLimiter.representAPI, campaignsController.getRepresentativesForCampaign);
|
|
router.post(
|
|
'/campaigns/:slug/track-user',
|
|
rateLimiter.general,
|
|
[
|
|
body('postalCode').matches(/^[A-Za-z]\d[A-Za-z]\s?\d[A-Za-z]\d$/).withMessage('Invalid postal code format')
|
|
],
|
|
handleValidationErrors,
|
|
campaignsController.trackUserInfo
|
|
);
|
|
router.post(
|
|
'/campaigns/:slug/send-email',
|
|
rateLimiter.email, // General hourly rate limit
|
|
rateLimiter.perRecipientEmailLimiter, // Per-recipient 5-minute rate limit
|
|
[
|
|
body('recipientEmail').isEmail().withMessage('Valid recipient email is required'),
|
|
body('postalCode').matches(/^[A-Za-z]\d[A-Za-z]\s?\d[A-Za-z]\d$/).withMessage('Invalid postal code format'),
|
|
body('emailMethod').isIn(['smtp', 'mailto']).withMessage('Email method must be smtp or mailto')
|
|
],
|
|
handleValidationErrors,
|
|
campaignsController.sendCampaignEmail
|
|
);
|
|
|
|
module.exports = router; |