import express from 'express' import { pool } from '../config/database.js' import slugify from 'slugify' import logger from '../utils/logger.js' const router = express.Router() const MAX_EXTERNAL_URL_LENGTH = 2048 function isValidExternalUrl(url) { if (typeof url !== 'string') return false const trimmed = url.trim() if (!trimmed || trimmed.length > MAX_EXTERNAL_URL_LENGTH) return false return trimmed.startsWith('http://') || trimmed.startsWith('https://') } // Get all posts for current user // Note: authenticateToken middleware is applied at server level, so req.user is available router.get('/', async (req, res) => { try { logger.transaction('FETCH_POSTS', { userId: req.user.id }) const query = 'SELECT id, title, slug, status, content_type, external_url, created_at, updated_at FROM posts WHERE user_id = $1 ORDER BY updated_at DESC' logger.db('SELECT', query, [req.user.id]) const result = await pool.query(query, [req.user.id]) logger.transaction('FETCH_POSTS_SUCCESS', { userId: req.user.id, count: result.rows.length }) res.json(result.rows) } catch (error) { logger.error('POSTS', 'Error fetching posts', error) res.status(500).json({ message: 'Failed to fetch posts', error: error.message }) } }) // Get single post by ID router.get('/:id', async (req, res) => { try { logger.transaction('FETCH_POST_BY_ID', { postId: req.params.id, userId: req.user.id }) const query = 'SELECT * FROM posts WHERE id = $1 AND user_id = $2' logger.db('SELECT', query, [req.params.id, req.user.id]) const result = await pool.query(query, [req.params.id, req.user.id]) if (result.rows.length === 0) { logger.warn('POSTS', 'Post not found', { postId: req.params.id, userId: req.user.id }) return res.status(404).json({ message: 'Post not found' }) } logger.transaction('FETCH_POST_BY_ID_SUCCESS', { postId: req.params.id, userId: req.user.id }) res.json(result.rows[0]) } catch (error) { logger.error('POSTS', 'Error fetching post', error) res.status(500).json({ message: 'Failed to fetch post', error: error.message }) } }) // Get post by slug (public) router.get('/slug/:slug', async (req, res) => { try { logger.transaction('FETCH_POST_BY_SLUG', { slug: req.params.slug }) const query = 'SELECT * FROM posts WHERE slug = $1 AND status = $2' logger.db('SELECT', query, [req.params.slug, 'published']) const result = await pool.query(query, [req.params.slug, 'published']) if (result.rows.length === 0) { logger.warn('POSTS', 'Post not found by slug', { slug: req.params.slug }) return res.status(404).json({ message: 'Post not found' }) } logger.transaction('FETCH_POST_BY_SLUG_SUCCESS', { slug: req.params.slug, postId: result.rows[0].id }) res.json(result.rows[0]) } catch (error) { logger.error('POSTS', 'Error fetching post by slug', error) res.status(500).json({ message: 'Failed to fetch post', error: error.message }) } }) // Create post router.post('/', async (req, res) => { try { const { title, content_json, content_type, external_url, status } = req.body logger.transaction('CREATE_POST', { userId: req.user.id, title: title?.substring(0, 50), status: status || 'draft', content_type: content_type || 'tiptap' }) const isLinkPost = content_type === 'link' if (isLinkPost) { if (!title || typeof title !== 'string' || !title.trim()) { return res.status(400).json({ message: 'Title is required' }) } if (!external_url || !isValidExternalUrl(external_url)) { return res.status(400).json({ message: 'Valid external URL is required (http:// or https://, max 2048 characters)' }) } } else { if (!title || !content_json) { logger.warn('POSTS', 'Missing required fields', { hasTitle: !!title, hasContent: !!content_json }) return res.status(400).json({ message: 'Title and content are required' }) } } const slug = slugify(title, { lower: true, strict: true }) + '-' + Date.now() const postStatus = status || 'draft' const contentType = isLinkPost ? 'link' : (content_type || 'tiptap') const contentJson = isLinkPost ? {} : content_json const externalUrl = isLinkPost ? external_url.trim() : null const query = `INSERT INTO posts (user_id, title, content_json, slug, status, content_type, external_url) VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING *` logger.db('INSERT', query, [req.user.id, title, '[content_json]', slug, postStatus, contentType, externalUrl]) const result = await pool.query(query, [ req.user.id, title, JSON.stringify(contentJson), slug, postStatus, contentType, externalUrl ]) logger.transaction('CREATE_POST_SUCCESS', { postId: result.rows[0].id, userId: req.user.id, slug: result.rows[0].slug }) res.status(201).json(result.rows[0]) } catch (error) { logger.error('POSTS', 'Error creating post', error) res.status(500).json({ message: 'Failed to create post', error: error.message }) } }) // Update post router.put('/:id', async (req, res) => { try { const { title, content_json, content_type, external_url, status } = req.body logger.transaction('UPDATE_POST', { postId: req.params.id, userId: req.user.id, updates: { title: title !== undefined, content: content_json !== undefined, status: status !== undefined, content_type: content_type !== undefined, external_url: external_url !== undefined } }) // Check if post exists and belongs to user const checkQuery = 'SELECT id FROM posts WHERE id = $1 AND user_id = $2' logger.db('SELECT', checkQuery, [req.params.id, req.user.id]) const existingPost = await pool.query(checkQuery, [req.params.id, req.user.id]) if (existingPost.rows.length === 0) { logger.warn('POSTS', 'Post not found for update', { postId: req.params.id, userId: req.user.id }) return res.status(404).json({ message: 'Post not found' }) } const isLinkUpdate = content_type === 'link' if (external_url !== undefined && isLinkUpdate && !isValidExternalUrl(external_url)) { return res.status(400).json({ message: 'Valid external URL is required (http:// or https://, max 2048 characters)' }) } if (content_type === 'link' && external_url === undefined) { return res.status(400).json({ message: 'external_url is required when content_type is link' }) } // Build update query dynamically const updates = [] const values = [] let paramCount = 1 if (title !== undefined) { updates.push(`title = $${paramCount++}`) values.push(title) } if (content_json !== undefined) { updates.push(`content_json = $${paramCount++}`) values.push(JSON.stringify(content_json)) } if (status !== undefined) { updates.push(`status = $${paramCount++}`) values.push(status) } if (content_type !== undefined) { updates.push(`content_type = $${paramCount++}`) values.push(content_type) } // When content_type is set to non-link, clear external_url; when link, set URL if (content_type !== undefined) { updates.push(`external_url = $${paramCount++}`) values.push(content_type === 'link' && external_url !== undefined ? external_url.trim() : null) } else if (external_url !== undefined) { updates.push(`external_url = $${paramCount++}`) values.push(external_url.trim()) } // Update slug if title changed if (title !== undefined) { const slug = slugify(title, { lower: true, strict: true }) + '-' + Date.now() updates.push(`slug = $${paramCount++}`) values.push(slug) } updates.push(`updated_at = NOW()`) values.push(req.params.id, req.user.id) const updateQuery = `UPDATE posts SET ${updates.join(', ')} WHERE id = $${paramCount} AND user_id = $${paramCount + 1} RETURNING *` logger.db('UPDATE', updateQuery, values) const result = await pool.query(updateQuery, values) logger.transaction('UPDATE_POST_SUCCESS', { postId: req.params.id, userId: req.user.id }) res.json(result.rows[0]) } catch (error) { logger.error('POSTS', 'Error updating post', error) res.status(500).json({ message: 'Failed to update post', error: error.message }) } }) // Delete post router.delete('/:id', async (req, res) => { try { logger.transaction('DELETE_POST', { postId: req.params.id, userId: req.user.id }) const query = 'DELETE FROM posts WHERE id = $1 AND user_id = $2 RETURNING id' logger.db('DELETE', query, [req.params.id, req.user.id]) const result = await pool.query(query, [req.params.id, req.user.id]) if (result.rows.length === 0) { logger.warn('POSTS', 'Post not found for deletion', { postId: req.params.id, userId: req.user.id }) return res.status(404).json({ message: 'Post not found' }) } logger.transaction('DELETE_POST_SUCCESS', { postId: req.params.id, userId: req.user.id }) res.json({ message: 'Post deleted successfully' }) } catch (error) { logger.error('POSTS', 'Error deleting post', error) res.status(500).json({ message: 'Failed to delete post', error: error.message }) } }) export default router