added express payload validation

2025-12-01 06:55:45 +01:00 · 2025-10-28 18:58:58 +01:00
parent a838ba44e8
commit 5f8a6bef31
12 changed files with 1490 additions and 793 deletions
--- a/backend/src/routes/shiftPlans.ts
+++ b/backend/src/routes/shiftPlans.ts
@@ -1,4 +1,3 @@
-// backend/src/routes/shiftPlans.ts
 import express from 'express';
 import { authMiddleware, requireRole } from '../middleware/auth.js';
 import { 
@@ -10,32 +9,25 @@ import {
  createFromPreset,
  clearAssignments
 } from '../controllers/shiftPlanController.js';
+import { 
+  validateShiftPlan, 
+  validateShiftPlanUpdate, 
+  validateCreateFromPreset, 
+  handleValidationErrors, 
+  validateId 
+} from '../middleware/validation.js';

 const router = express.Router();

 router.use(authMiddleware);

 // Combined routes for both shift plans and templates
-
-// GET all shift plans (including templates)
-router.get('/' , authMiddleware, getShiftPlans);
-
-// GET specific shift plan or template
-router.get('/:id', authMiddleware, getShiftPlan);
-
-// POST create new shift plan
-router.post('/', requireRole(['admin', 'maintenance']), createShiftPlan);
-
-// POST create new plan from preset
-router.post('/from-preset', requireRole(['admin', 'maintenance']), createFromPreset);
-
-// PUT update shift plan or template
-router.put('/:id', requireRole(['admin', 'maintenance']), updateShiftPlan);
-
-// DELETE shift plan or template
-router.delete('/:id', requireRole(['admin', 'maintenance']), deleteShiftPlan);
-
-// POST clear assignments and reset to draft
-router.post('/:id/clear-assignments', requireRole(['admin', 'maintenance']), clearAssignments);
+router.get('/', getShiftPlans);
+router.get('/:id', validateId, handleValidationErrors, getShiftPlan);
+router.post('/', validateShiftPlan, handleValidationErrors, requireRole(['admin', 'maintenance']), createShiftPlan);
+router.post('/from-preset', validateCreateFromPreset, handleValidationErrors, requireRole(['admin', 'maintenance']), createFromPreset);
+router.put('/:id', validateId, validateShiftPlanUpdate, handleValidationErrors, requireRole(['admin', 'maintenance']), updateShiftPlan);
+router.delete('/:id', validateId, handleValidationErrors, requireRole(['admin', 'maintenance']), deleteShiftPlan);
+router.post('/:id/clear-assignments', validateId, handleValidationErrors, requireRole(['admin', 'maintenance']), clearAssignments);

 export default router;