Hugging Face's logo

Spaces:
imeshuek
/
wedding-platform
Build error

App Files Community
imeshuek commited on
Commit
0e3996f
Β·
verified Β·
1 Parent(s): abe028d

Upload api/routes/routes.ts

Browse files
Files changed (1) hide show
  1. api/routes/routes.ts +110 -0
api/routes/routes.ts ADDED
@@ -0,0 +1,110 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ // API Routes β€” Express/Fastify
2
+ // Modular backend: separate service layers for identity, vendor, booking, contract, admin
3
+
4
+ import { requirePermission, requireRole, requireContractAccess, Permission, Role } from './middleware/rbac'
5
+
6
+ // ── Auth Routes ──
7
+ // POST /api/v1/auth/register β€” Create account (bcrypt hash)
8
+ // POST /api/v1/auth/login β€” Email + password, returns session cookie
9
+ // POST /api/v1/auth/oidc/callback β€” OIDC callback (Cognito/Keycloak)
10
+ // POST /api/v1/auth/oidc/google β€” Google OAuth
11
+ // POST /api/v1/auth/oidc/apple β€” Apple OAuth
12
+ // POST /api/v1/auth/logout β€” Revoke session
13
+ // POST /api/v1/auth/refresh β€” Refresh session
14
+ // POST /api/v1/auth/mfa/verify β€” MFA verification
15
+ // POST /api/v1/auth/impersonate β€” Admin impersonation (requires IMPERSONATE_USERS, reason field, TTL)
16
+ // POST /api/v1/auth/switch-role β€” Switch active role (if user has multiple)
17
+ // POST /api/v1/auth/password-reset β€” Email password reset link
18
+ // POST /api/v1/auth/verify-email β€” Email verification
19
+ // GET /api/v1/auth/session β€” Get current session
20
+
21
+ // ── Client Routes ──
22
+ // requireRole(CLIENT) on all
23
+ // GET /api/v1/client/profile β€” Get profile
24
+ // PUT /api/v1/client/profile β€” Update profile
25
+ // GET /api/v1/client/bookings β€” List bookings
26
+ // POST /api/v1/client/bookings β€” Create booking (idempotency key required)
27
+ // GET /api/v1/client/bookings/:id β€” Booking detail
28
+ // PUT /api/v1/client/bookings/:id β€” Update booking
29
+ // DELETE /api/v1/client/bookings/:id β€” Cancel booking
30
+ // GET /api/v1/client/shortlist β€” List shortlisted vendors
31
+ // POST /api/v1/client/shortlist/:vendorId β€” Shortlist vendor
32
+ // DELETE /api/v1/client/shortlist/:vendorId β€” Remove from shortlist
33
+ // GET /api/v1/client/workspaces β€” List workspaces
34
+ // POST /api/v1/client/workspaces β€” Create workspace
35
+ // PUT /api/v1/client/workspaces/:id β€” Update workspace
36
+ // GET /api/v1/client/notifications β€” List notifications
37
+ // PUT /api/v1/client/notifications/:id/read β€” Mark as read
38
+
39
+ // ── Vendor Routes ──
40
+ // requireRole(VENDOR) on protected routes
41
+ // POST /api/v1/vendors/onboard β€” Vendor onboarding (KYC submission)
42
+ // GET /api/v1/vendors/:id β€” Public vendor profile
43
+ // PUT /api/v1/vendors/profile β€” Update own profile (requires MANAGE_PROFILE)
44
+ // POST /api/v1/vendors/packages β€” Create package
45
+ // PUT /api/v1/vendors/packages/:id β€” Update package
46
+ // DELETE /api/v1/vendors/packages/:id β€” Delete package
47
+ // GET /api/v1/vendors/leads β€” List leads (requires VIEW_LEADS)
48
+ // PUT /api/v1/vendors/leads/:id β€” Update lead status
49
+ // GET /api/v1/vendors/analytics β€” KPI dashboard
50
+ // GET /api/v1/vendors/availability β€” List availability
51
+ // POST /api/v1/vendors/availability β€” Set availability
52
+ // DELETE /api/v1/vendors/availability/:id β€” Remove availability
53
+
54
+ // ── Contract Routes ──
55
+ // Each route has contract-scoped access control
56
+ // POST /api/v1/contracts β€” Create contract (vendor only, CREATE_CONTRACT)
57
+ // GET /api/v1/contracts β€” List contracts (scoped to user)
58
+ // GET /api/v1/contracts/:id β€” Get contract (requireContractAccess)
59
+ // PUT /api/v1/contracts/:id β€” Update contract (vendor owner only)
60
+ // POST /api/v1/contracts/:id/send β€” Send to client (vendor, SEND_CONTRACT)
61
+ // POST /api/v1/contracts/:id/sign β€” Client e-sign (client signer only, SIGN_CONTRACT)
62
+ // POST /api/v1/contracts/:id/decline β€” Client decline
63
+ // POST /api/v1/contracts/:id/amend β€” Request amendment (client: REQUEST_AMENDMENT)
64
+ // POST /api/v1/contracts/:id/amend/:versionId/accept β€” Vendor accepts amendment
65
+ // GET /api/v1/contracts/:id/audit β€” Get audit trail
66
+ // GET /api/v1/contracts/:id/versions β€” List all versions
67
+ // GET /api/v1/contracts/:id/versions/:versionId β€” Get specific version snapshot
68
+ // POST /api/v1/contracts/:id/dispute β€” Client disputes contract
69
+ // POST /api/v1/contracts/:id/resolve β€” Admin resolves dispute (MEDIATE_DISPUTES)
70
+ // GET /api/v1/contracts/:id/export/pdf β€” Export signed contract as PDF
71
+ // GET /api/v1/contracts/:id/export/audit/pdf β€” Export audit trail as PDF
72
+ // GET /api/v1/contracts/:id/export/audit/csv β€” Export audit trail as CSV
73
+ // POST /api/v1/contracts/:id/deliverables β€” Add deliverable
74
+ // PUT /api/v1/contracts/:id/deliverables/:did β€” Update deliverable
75
+ // PUT /api/v1/contracts/:id/deliverables/:did/complete β€” Mark deliverable complete
76
+
77
+ // ── Admin Routes ──
78
+ // requireRole(ADMIN) with specific permissions
79
+ // GET /api/v1/admin/dashboard β€” Operations dashboard
80
+ // GET /api/v1/admin/moderation β€” Moderation queue
81
+ // POST /api/v1/admin/moderation/:id/approve β€” Approve item
82
+ // POST /api/v1/admin/moderation/:id/reject β€” Reject item
83
+ // GET /api/v1/admin/vendors β€” All vendors (require MODERATE_VENDORS)
84
+ // PUT /api/v1/admin/vendors/:id/verify β€” Verify vendor
85
+ // GET /api/v1/admin/categories β€” List categories
86
+ // POST /api/v1/admin/categories β€” Create category (require MANAGE_CATEGORIES)
87
+ // PUT /api/v1/admin/categories/:id β€” Update category
88
+ // GET /api/v1/admin/contracts β€” All contracts (require OVERSEE_CONTRACTS)
89
+ // POST /api/v1/admin/contracts/:id/mediate β€” Mediate contract
90
+ // GET /api/v1/admin/users β€” List users (require MANAGE_USERS)
91
+ // POST /api/v1/admin/users/:id/impersonate β€” Impersonate (require IMPERSONATE_USERS)
92
+ // GET /api/v1/admin/audit-logs β€” View admin audit logs
93
+ // POST /api/v1/admin/schema/publish β€” Publish schema/config changes (require MANAGE_CATEGORIES)
94
+ // GET /api/v1/admin/schema/diff β€” View schema diff before publish
95
+ // PUT /api/v1/admin/templates/:id/approve β€” Approve contract template
96
+ // PUT /api/v1/admin/templates/:id/reject β€” Reject contract template
97
+
98
+ // ── Search Routes (public) ──
99
+ // GET /api/v1/search β€” Faceted vendor search
100
+ // Query params: q, category, district, priceMin, priceMax, rating, sort, page, limit
101
+
102
+ // ── Payment Routes ──
103
+ // POST /api/v1/payments/create-checkout β€” Create Stripe checkout session
104
+ // POST /api/v1/payments/webhook β€” Stripe webhook (HMAC verified)
105
+ // GET /api/v1/payments/history β€” Payment history
106
+
107
+ // ── Notification Routes ──
108
+ // GET /api/v1/notifications β€” List notifications (scoped to user)
109
+ // PUT /api/v1/notifications/:id/read β€” Mark as read
110
+ // POST /api/v1/notifications/send β€” Admin: send notification (require MANAGE_USERS)