mirror of
https://github.com/donpat1to/Schichtenplaner.git
synced 2025-12-01 06:55:45 +01:00
added express payload validation
This commit is contained in:
@@ -8,12 +8,13 @@ import {
|
||||
validateToken
|
||||
} from '../controllers/authController.js';
|
||||
import { authMiddleware } from '../middleware/auth.js';
|
||||
import { validateLogin, validateRegister, handleValidationErrors } from '../middleware/validation.js';
|
||||
|
||||
const router = express.Router();
|
||||
|
||||
// Public routes
|
||||
router.post('/login', login);
|
||||
router.post('/register', register);
|
||||
router.post('/login', validateLogin, handleValidationErrors, login);
|
||||
router.post('/register', validateRegister, handleValidationErrors, register);
|
||||
router.get('/validate', validateToken);
|
||||
|
||||
// Protected routes (require authentication)
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
// backend/src/routes/employees.ts
|
||||
import express from 'express';
|
||||
import { authMiddleware, requireRole } from '../middleware/auth.js';
|
||||
import {
|
||||
@@ -12,6 +11,16 @@ import {
|
||||
changePassword,
|
||||
updateLastLogin
|
||||
} from '../controllers/employeeController.js';
|
||||
import {
|
||||
handleValidationErrors,
|
||||
validateEmployee,
|
||||
validateEmployeeUpdate,
|
||||
validateChangePassword,
|
||||
validateId,
|
||||
validateEmployeeId,
|
||||
validateAvailabilities,
|
||||
validatePagination
|
||||
} from '../middleware/validation.js';
|
||||
|
||||
const router = express.Router();
|
||||
|
||||
@@ -19,16 +28,18 @@ const router = express.Router();
|
||||
router.use(authMiddleware);
|
||||
|
||||
// Employee CRUD Routes
|
||||
router.get('/', authMiddleware, getEmployees);
|
||||
router.get('/:id', requireRole(['admin', 'maintenance']), getEmployee);
|
||||
router.post('/', requireRole(['admin']), createEmployee);
|
||||
router.put('/:id', requireRole(['admin', 'maintenance']), updateEmployee);
|
||||
router.delete('/:id', requireRole(['admin']), deleteEmployee);
|
||||
router.put('/:id/password', authMiddleware, changePassword);
|
||||
router.put('/:id/last-login', authMiddleware, updateLastLogin);
|
||||
router.get('/', validatePagination, handleValidationErrors, getEmployees);
|
||||
router.get('/:id', validateId, handleValidationErrors, requireRole(['admin', 'maintenance']), getEmployee);
|
||||
router.post('/', validateEmployee, handleValidationErrors, requireRole(['admin']), createEmployee);
|
||||
router.put('/:id', validateId, validateEmployeeUpdate, handleValidationErrors, requireRole(['admin', 'maintenance']), updateEmployee);
|
||||
router.delete('/:id', validateId, handleValidationErrors, requireRole(['admin']), deleteEmployee);
|
||||
|
||||
// Password & Login Routes
|
||||
router.put('/:id/password', validateId, validateChangePassword, handleValidationErrors, changePassword);
|
||||
router.put('/:id/last-login', validateId, handleValidationErrors, updateLastLogin);
|
||||
|
||||
// Availability Routes
|
||||
router.get('/:employeeId/availabilities', authMiddleware, getAvailabilities);
|
||||
router.put('/:employeeId/availabilities', authMiddleware, updateAvailabilities);
|
||||
router.get('/:employeeId/availabilities', validateEmployeeId, handleValidationErrors, getAvailabilities);
|
||||
router.put('/:employeeId/availabilities', validateEmployeeId, validateAvailabilities, handleValidationErrors, updateAvailabilities);
|
||||
|
||||
export default router;
|
||||
@@ -1,4 +1,3 @@
|
||||
// backend/src/routes/scheduledShifts.ts
|
||||
import express from 'express';
|
||||
import { authMiddleware, requireRole } from '../middleware/auth.js';
|
||||
import {
|
||||
@@ -8,23 +7,21 @@ import {
|
||||
getScheduledShiftsFromPlan,
|
||||
updateScheduledShift
|
||||
} from '../controllers/shiftPlanController.js';
|
||||
import {
|
||||
validateId,
|
||||
validatePlanId,
|
||||
validateScheduledShiftUpdate,
|
||||
handleValidationErrors
|
||||
} from '../middleware/validation.js';
|
||||
|
||||
const router = express.Router();
|
||||
|
||||
router.use(authMiddleware);
|
||||
|
||||
|
||||
router.post('/:id/generate-shifts', requireRole(['admin', 'maintenance']), generateScheduledShiftsForPlan);
|
||||
|
||||
router.post('/:id/regenerate-shifts', requireRole(['admin', 'maintenance']), regenerateScheduledShifts);
|
||||
|
||||
// GET all scheduled shifts for a plan
|
||||
router.get('/plan/:planId', authMiddleware, getScheduledShiftsFromPlan);
|
||||
|
||||
// GET specific scheduled shift
|
||||
router.get('/:id', authMiddleware, getScheduledShift);
|
||||
|
||||
// UPDATE scheduled shift
|
||||
router.put('/:id', authMiddleware, updateScheduledShift);
|
||||
router.post('/:id/generate-shifts', validateId, handleValidationErrors, requireRole(['admin', 'maintenance']), generateScheduledShiftsForPlan);
|
||||
router.post('/:id/regenerate-shifts', validateId, handleValidationErrors, requireRole(['admin', 'maintenance']), regenerateScheduledShifts);
|
||||
router.get('/plan/:planId', validatePlanId, handleValidationErrors, getScheduledShiftsFromPlan);
|
||||
router.get('/:id', validateId, handleValidationErrors, getScheduledShift);
|
||||
router.put('/:id', validateId, validateScheduledShiftUpdate, handleValidationErrors, updateScheduledShift);
|
||||
|
||||
export default router;
|
||||
@@ -1,9 +1,10 @@
|
||||
import express from 'express';
|
||||
import { SchedulingService } from '../services/SchedulingService.js';
|
||||
import { validateSchedulingRequest, handleValidationErrors } from '../middleware/validation.js';
|
||||
|
||||
const router = express.Router();
|
||||
|
||||
router.post('/generate-schedule', async (req, res) => {
|
||||
router.post('/generate-schedule', validateSchedulingRequest, handleValidationErrors, async (req: express.Request, res: express.Response) => {
|
||||
try {
|
||||
const { shiftPlan, employees, availabilities, constraints } = req.body;
|
||||
|
||||
@@ -14,18 +15,6 @@ router.post('/generate-schedule', async (req, res) => {
|
||||
constraintCount: constraints?.length
|
||||
});
|
||||
|
||||
// Validate required data
|
||||
if (!shiftPlan || !employees || !availabilities) {
|
||||
return res.status(400).json({
|
||||
error: 'Missing required data',
|
||||
details: {
|
||||
shiftPlan: !!shiftPlan,
|
||||
employees: !!employees,
|
||||
availabilities: !!availabilities
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
const scheduler = new SchedulingService();
|
||||
const result = await scheduler.generateOptimalSchedule({
|
||||
shiftPlan,
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
// backend/src/routes/setup.ts
|
||||
import express from 'express';
|
||||
import { checkSetupStatus, setupAdmin } from '../controllers/setupController.js';
|
||||
import { validateSetupAdmin, handleValidationErrors } from '../middleware/validation.js';
|
||||
|
||||
const router = express.Router();
|
||||
|
||||
router.get('/status', checkSetupStatus);
|
||||
router.post('/admin', setupAdmin);
|
||||
router.post('/admin', validateSetupAdmin, handleValidationErrors, setupAdmin);
|
||||
|
||||
export default router;
|
||||
@@ -1,4 +1,3 @@
|
||||
// backend/src/routes/shiftPlans.ts
|
||||
import express from 'express';
|
||||
import { authMiddleware, requireRole } from '../middleware/auth.js';
|
||||
import {
|
||||
@@ -10,32 +9,25 @@ import {
|
||||
createFromPreset,
|
||||
clearAssignments
|
||||
} from '../controllers/shiftPlanController.js';
|
||||
import {
|
||||
validateShiftPlan,
|
||||
validateShiftPlanUpdate,
|
||||
validateCreateFromPreset,
|
||||
handleValidationErrors,
|
||||
validateId
|
||||
} from '../middleware/validation.js';
|
||||
|
||||
const router = express.Router();
|
||||
|
||||
router.use(authMiddleware);
|
||||
|
||||
// Combined routes for both shift plans and templates
|
||||
|
||||
// GET all shift plans (including templates)
|
||||
router.get('/' , authMiddleware, getShiftPlans);
|
||||
|
||||
// GET specific shift plan or template
|
||||
router.get('/:id', authMiddleware, getShiftPlan);
|
||||
|
||||
// POST create new shift plan
|
||||
router.post('/', requireRole(['admin', 'maintenance']), createShiftPlan);
|
||||
|
||||
// POST create new plan from preset
|
||||
router.post('/from-preset', requireRole(['admin', 'maintenance']), createFromPreset);
|
||||
|
||||
// PUT update shift plan or template
|
||||
router.put('/:id', requireRole(['admin', 'maintenance']), updateShiftPlan);
|
||||
|
||||
// DELETE shift plan or template
|
||||
router.delete('/:id', requireRole(['admin', 'maintenance']), deleteShiftPlan);
|
||||
|
||||
// POST clear assignments and reset to draft
|
||||
router.post('/:id/clear-assignments', requireRole(['admin', 'maintenance']), clearAssignments);
|
||||
router.get('/', getShiftPlans);
|
||||
router.get('/:id', validateId, handleValidationErrors, getShiftPlan);
|
||||
router.post('/', validateShiftPlan, handleValidationErrors, requireRole(['admin', 'maintenance']), createShiftPlan);
|
||||
router.post('/from-preset', validateCreateFromPreset, handleValidationErrors, requireRole(['admin', 'maintenance']), createFromPreset);
|
||||
router.put('/:id', validateId, validateShiftPlanUpdate, handleValidationErrors, requireRole(['admin', 'maintenance']), updateShiftPlan);
|
||||
router.delete('/:id', validateId, handleValidationErrors, requireRole(['admin', 'maintenance']), deleteShiftPlan);
|
||||
router.post('/:id/clear-assignments', validateId, handleValidationErrors, requireRole(['admin', 'maintenance']), clearAssignments);
|
||||
|
||||
export default router;
|
||||
Reference in New Issue
Block a user