SynBioShop/routes.js at master · TeamMacLean/SynBioShop · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
const express = require("express");
const router = express.Router();
const path = require("path");

const Util = require("./lib/util");
const config = require("./config");

function isAuthenticated(req, res, next) {
  if (req.isAuthenticated()) {
    return next();
  } else {
    req.session.returnTo = req.path;
    return res.redirect("/signin");
  }
}

function isAdmin(req, res, next) {
  if (req.user && Util.isAdmin(req.user.username)) {
    return next();
  } else {
    return res
      .status(403)
      .send("Access Denied: You do not have administrator privileges.");
  }
}

// --- Controller Imports ---
const docs = require("./controllers/documents");
const premade = require("./controllers/premade");
const custom = require("./controllers/custom");
const recent = require("./controllers/recent");
const search = require("./controllers/search");
const auth = require("./controllers/auth");
const shoppingCart = require("./controllers/shoppingCart");
const orders = require("./controllers/orders");
const upload = require("./controllers/upload");
const admin = require("./controllers/admin");
const budgetHolder = require("./controllers/budgetHolder");

// --- Global/Root Routes ---
router.get("/", (req, res) => res.render("index"));
router.get("/whoamoi", isAuthenticated, auth.whoami);
router.post("/check-ldap-user", auth.checkLDAPUser);

// --- Authentication Routes ---
router.get("/signin", auth.signIn);
router.post("/signin", auth.signInPost);
router.get("/signout", isAuthenticated, auth.signOut);

// --- Admin-Specific Routes ---
router
  .route("/admin/billboard")
  .all(isAuthenticated, isAdmin) // Chained middleware
  .get(admin.billboard.edit)
  .post(admin.billboard.editPost);

// --- Documentation (Docs) Routes ---
router.get("/docs", docs.index);
router
  .route("/docs/rearrange")
  .all(isAuthenticated, isAdmin)
  .get(docs.rearrange)
  .post(docs.rearrangeSave);

router
  .route("/docs/new")
  .all(isAuthenticated, isAdmin)
  .get(docs.subject.new)
  .post(docs.subject.save);

router.get("/docs/:subjectID", docs.subject.show);
router
  .route("/docs/:subjectID/rename")
  .all(isAuthenticated, isAdmin)
  .get(docs.subject.rename)
  .post(docs.subject.save);

// use post not get now
router.post(
  "/docs/:subjectID/disable",
  isAuthenticated,
  isAdmin,
  docs.subject.disable,
);
router.post(
  "/docs/:subjectID/delete",
  isAuthenticated,
  isAdmin,
  docs.subject.delete,
);
router.post(
  "/docs/:subjectID/enable",
  isAuthenticated,
  isAdmin,
  docs.subject.enable,
);

router
  .route("/docs/:subjectID/new")
  .all(isAuthenticated, isAdmin)
  .get(docs.document.new)
  .post(docs.document.save);

// redundant?
router
  .route("/docs/:subjectID/addsubject")
  .all(isAuthenticated, isAdmin)
  .get(docs.subject.new)
  .post(docs.subject.save);

router.get("/docs/item/:itemID", docs.document.show);
router
  .route("/docs/item/:itemID/edit")
  .all(isAuthenticated, isAdmin)
  .get(docs.document.edit)
  .post(docs.document.save);

// changed from get to post
router.post(
  "/docs/item/:itemID/disable",
  isAuthenticated,
  isAdmin,
  docs.document.disable,
);
router.post(
  "/docs/item/:itemID/enable",
  isAuthenticated,
  isAdmin,
  docs.document.enable,
);
router.post(
  "/docs/item/:itemID/delete",
  isAuthenticated,
  isAdmin,
  docs.document.delete,
);

// --- Premade Item Management Routes ---
// Removed `if (!config.disablePremade)` around the entire block.
// Controller logic (e.g., premade.index) should handle redirects if disabled.
router.get("/premade", isAuthenticated, premade.index);
router.get("/premade/export", isAuthenticated, premade.export);

router
  .route("/premade/rearrange")
  .all(isAuthenticated, isAdmin)
  .get(premade.rearrange)
  .post(premade.rearrangeSave);

router
  .route("/premade/new")
  .all(isAuthenticated, isAdmin)
  .get(premade.db.new)
  .post(premade.db.save);

router.get("/premade/:id", isAuthenticated, premade.db.show); // Show DB
router.post("/premade/:id/edit", isAuthenticated, isAdmin, premade.db.save); // POST to save DB edits
router.get("/premade/:id/edit", isAuthenticated, isAdmin, premade.db.edit); // GET to show DB edit form

// DB disable/enable/delete (changed from GET to POST for state-changing actions)
router.post(
  "/premade/:id/disable",
  isAuthenticated,
  isAdmin,
  premade.db.disable,
);
router.post("/premade/:id/enable", isAuthenticated, isAdmin, premade.db.enable);
router.post("/premade/:id/delete", isAuthenticated, isAdmin, premade.db.delete);

router // For new Categories within a DB
  .route("/premade/:id/new") // The `:id` here refers to DB ID
  .all(isAuthenticated, isAdmin)
  .get(premade.category.new)
  .post(premade.category.save);

router.get(
  "/premade/category/:categoryID",
  isAuthenticated,
  premade.category.show,
);
router.post(
  "/premade/category/:categoryID/edit",
  isAuthenticated,
  isAdmin,
  premade.category.save,
); // POST to save category edits
router.get(
  "/premade/category/:categoryID/edit",
  isAuthenticated,
  isAdmin,
  premade.category.edit,
); // GET to show category edit form

// Category disable/enable/delete (changed from GET to POST)
router.post(
  "/premade/category/:categoryID/disable",
  isAuthenticated,
  isAdmin,
  premade.category.disable,
);
router.post(
  "/premade/category/:categoryID/enable",
  isAuthenticated,
  isAdmin,
  premade.category.enable,
);
router.post(
  "/premade/category/:categoryID/delete",
  isAuthenticated,
  isAdmin,
  premade.category.delete,
);

router // For new Items within a Category
  .route("/premade/category/:categoryID/new")
  .all(isAuthenticated, isAdmin)
  .get(premade.item.new)
  .post(premade.item.save);

router.get("/premade/item/:itemID", isAuthenticated, premade.item.show);
router.post(
  "/premade/item/:itemID/edit",
  isAuthenticated,
  isAdmin,
  premade.item.save,
); // POST to save item edits
router.get(
  "/premade/item/:itemID/edit",
  isAuthenticated,
  isAdmin,
  premade.item.edit,
); // GET to show item edit form

// Item disable/enable/delete (changed from GET to POST)
router.post(
  "/premade/item/:itemID/disable",
  isAuthenticated,
  isAdmin,
  premade.item.disable,
);
router.post(
  "/premade/item/:itemID/enable",
  isAuthenticated,
  isAdmin,
  premade.item.enable,
);
router.post(
  "/premade/item/:itemID/delete",
  isAuthenticated,
  isAdmin,
  premade.item.delete,
); // This is the premade item deletion

// Sequence File Upload and Delete for Items
// HOWDY
router.post(
  "/premade/item/:itemID/uploadSequenceFile",
  isAuthenticated,
  isAdmin,
  upload.uploadSequenceFile,
);
router.post(
  "/premade/item/:itemID/deleteSequenceFile",
  isAuthenticated,
  isAdmin,
  upload.deleteSequenceFile,
);

// --- Custom Routes ---
router.get("/custom", isAuthenticated, custom.index);

// --- Recently Added Items Routes ---
router.get("/recently-added-items", isAuthenticated, recent.index); // Renamed from '/recent' to match content

// --- Search Routes ---
router.get("/search", isAuthenticated, search.index);

// --- Shopping Cart Routes ---
// Removed `if (!config.disableCart)` around the block.
router.get("/cart", isAuthenticated, shoppingCart.index);
router.post("/cart/order", isAuthenticated, shoppingCart.placeOrder);
router.post("/cart/add", isAuthenticated, shoppingCart.addViaPostRoute); // Use a new method name

// --- Budget Holder Management Routes (Admin Only) ---
router.get(
  "/budget",
  isAuthenticated,
  budgetHolder.ensureAdmin,
  budgetHolder.index,
);
router.get(
  "/budget/new",
  isAuthenticated,
  budgetHolder.ensureAdmin,
  budgetHolder.new,
);
router.post(
  "/budget",
  isAuthenticated,
  budgetHolder.ensureAdmin,
  budgetHolder.create,
);
router.get(
  "/budget/:id/edit",
  isAuthenticated,
  budgetHolder.ensureAdmin,
  budgetHolder.edit,
);
router.post(
  "/budget/:id",
  isAuthenticated,
  budgetHolder.ensureAdmin,
  budgetHolder.update,
);
router.post(
  "/budget/:id/delete",
  isAuthenticated,
  budgetHolder.ensureAdmin,
  budgetHolder.delete,
);

// --- File Upload & Management Routes (General) ---
// Changed from .route('/upload') to separate GET/POST for clarity
router.post("/upload", isAuthenticated, isAdmin, upload.uploadFilePost); // For general file uploads

router.post("/imageupload", isAuthenticated, isAdmin, upload.uploadImagePost); // For image uploads (e.g., from TinyMCE)

router.get("/filemanager", isAuthenticated, isAdmin, upload.fileManager); // General file manager view
router.get("/filemanager/:id/download", upload.download); // Download specific file

// HOWDY
router.post(
  "/filemanager/:id/delete",
  isAuthenticated,
  isAdmin,
  upload.deleteFile,
);
router.get("/sequencefilemanager/:id/download", upload.downloadSequenceFile); // Download sequence file

// --- Orders Routes ---
router.get("/orders", isAuthenticated, isAdmin, orders.showAll);
router.get("/order/summary", isAuthenticated, isAdmin, orders.simonSummary);
router.get("/order/export", isAuthenticated, isAdmin, orders.exportOrders); // Export costed orders only
router.get(
  "/order/export-all",
  isAuthenticated,
  isAdmin,
  orders.exportAllOrders,
); // Export all orders (including non-costed)
router.get("/order/summary-data", isAuthenticated, isAdmin, orders.summaryData); // Get summary data for date range

router.get("/dupes", isAuthenticated, isAdmin, orders.simonRepeatOrders); // Route name 'dupes' could be more descriptive

router.get("/order/:id", isAuthenticated, isAdmin, orders.show); // Show specific order details

// Order state changes (changed from GET to POST for best practice)
router.post(
  "/order/:id/complete",
  isAuthenticated,
  isAdmin,
  orders.markAsComplete,
);
router.post(
  "/order/:id/incomplete",
  isAuthenticated,
  isAdmin,
  orders.markAsIncomplete,
);
router.post(
  "/order/:id/cancel",
  isAuthenticated,
  isAdmin,
  orders.markAsCancelled,
);
router.post(
  "/order/:id/uncancel",
  isAuthenticated,
  isAdmin,
  orders.markAsUnCancelled,
);

// --- 404 Catch-all ---
router.use("*", (req, res) => {
  // Use router.use for catch-all middleware
  console.log("404 Not Found:", req.method, req.originalUrl);
  res.status(404).render("404"); // Ensure 404 status is sent
});

module.exports = router;