158 lines
4.4 KiB
TypeScript
158 lines
4.4 KiB
TypeScript
import { Router } from 'express';
|
|
import eventsController from '../controllers/events.controller';
|
|
import { authenticate, optionalAuth } from '../middleware/auth.middleware';
|
|
import { requireGroups } from '../middleware/rbac.middleware';
|
|
|
|
const router = Router();
|
|
|
|
/** Groups that may create, update, or cancel events */
|
|
const WRITE_GROUPS = ['dashboard_admin', 'dashboard_moderator'];
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Categories
|
|
// ---------------------------------------------------------------------------
|
|
|
|
/**
|
|
* GET /api/events/kategorien
|
|
* List all event categories. Any authenticated user can read.
|
|
*/
|
|
router.get('/kategorien', authenticate, eventsController.listKategorien.bind(eventsController));
|
|
|
|
/**
|
|
* POST /api/events/kategorien
|
|
* Create a new category. Requires admin or moderator.
|
|
*/
|
|
router.post(
|
|
'/kategorien',
|
|
authenticate,
|
|
requireGroups(WRITE_GROUPS),
|
|
eventsController.createKategorie.bind(eventsController)
|
|
);
|
|
|
|
/**
|
|
* PATCH /api/events/kategorien/:id
|
|
* Update an existing category. Requires admin or moderator.
|
|
*/
|
|
router.patch(
|
|
'/kategorien/:id',
|
|
authenticate,
|
|
requireGroups(WRITE_GROUPS),
|
|
eventsController.updateKategorie.bind(eventsController)
|
|
);
|
|
|
|
/**
|
|
* DELETE /api/events/kategorien/:id
|
|
* Delete a category (only if no events reference it). Requires admin or moderator.
|
|
*/
|
|
router.delete(
|
|
'/kategorien/:id',
|
|
authenticate,
|
|
requireGroups(WRITE_GROUPS),
|
|
eventsController.deleteKategorie.bind(eventsController)
|
|
);
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Known groups list (used by frontend to populate zielgruppen picker)
|
|
// ---------------------------------------------------------------------------
|
|
|
|
/**
|
|
* GET /api/events/groups
|
|
* Returns the list of known Authentik groups with human-readable labels.
|
|
*/
|
|
router.get('/groups', authenticate, eventsController.getAvailableGroups.bind(eventsController));
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Calendar & upcoming — specific routes must come before /:id
|
|
// ---------------------------------------------------------------------------
|
|
|
|
/**
|
|
* GET /api/events/calendar?from=<ISO>&to=<ISO>
|
|
* Events in a date range, filtered by the requesting user's groups.
|
|
* Optional auth — unauthenticated callers only see alle_gruppen events.
|
|
*/
|
|
router.get('/calendar', optionalAuth, eventsController.getCalendarRange.bind(eventsController));
|
|
|
|
/**
|
|
* GET /api/events/upcoming?limit=10
|
|
* Next N upcoming events visible to the requesting user.
|
|
*/
|
|
router.get('/upcoming', optionalAuth, eventsController.getUpcoming.bind(eventsController));
|
|
|
|
/**
|
|
* GET /api/events/calendar-token
|
|
* Returns (or creates) the user's personal iCal subscribe token + URL.
|
|
* Requires authentication.
|
|
*/
|
|
router.get(
|
|
'/calendar-token',
|
|
authenticate,
|
|
eventsController.getCalendarToken.bind(eventsController)
|
|
);
|
|
|
|
/**
|
|
* GET /api/events/calendar.ics?token=<token>
|
|
* iCal feed — authenticated via per-user opaque token.
|
|
* No Bearer token required; calendar clients use the token query param.
|
|
*/
|
|
router.get(
|
|
'/calendar.ics',
|
|
optionalAuth,
|
|
eventsController.getIcalExport.bind(eventsController)
|
|
);
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Events CRUD
|
|
// ---------------------------------------------------------------------------
|
|
|
|
/**
|
|
* POST /api/events
|
|
* Create a new event. Requires admin or moderator.
|
|
*/
|
|
router.post(
|
|
'/',
|
|
authenticate,
|
|
requireGroups(WRITE_GROUPS),
|
|
eventsController.createEvent.bind(eventsController)
|
|
);
|
|
|
|
/**
|
|
* GET /api/events/:id
|
|
* Single event detail. Any authenticated user.
|
|
*/
|
|
router.get('/:id', authenticate, eventsController.getById.bind(eventsController));
|
|
|
|
/**
|
|
* PATCH /api/events/:id
|
|
* Update an existing event. Requires admin or moderator.
|
|
*/
|
|
router.patch(
|
|
'/:id',
|
|
authenticate,
|
|
requireGroups(WRITE_GROUPS),
|
|
eventsController.updateEvent.bind(eventsController)
|
|
);
|
|
|
|
/**
|
|
* DELETE /api/events/:id
|
|
* Soft-cancel an event (sets abgesagt=TRUE + reason). Requires admin or moderator.
|
|
*/
|
|
router.delete(
|
|
'/:id',
|
|
authenticate,
|
|
requireGroups(WRITE_GROUPS),
|
|
eventsController.cancelEvent.bind(eventsController)
|
|
);
|
|
|
|
/**
|
|
* POST /api/events/:id/delete
|
|
* Hard-delete an event permanently. Requires admin or moderator.
|
|
*/
|
|
router.post(
|
|
'/:id/delete',
|
|
authenticate,
|
|
requireGroups(WRITE_GROUPS),
|
|
eventsController.deleteEvent.bind(eventsController)
|
|
);
|
|
|
|
export default router;
|