'use strict'; module.exports = function (app) { const router = require('express').Router(), { authAllowAdmin } = require('../middlewares/validate'), partnerCtl = require('../controllers/partner'), mongoose = require('mongoose'); // Middleware to validate ObjectId const validateObjectId = (req, res, next) => { const { id } = req.params; if (id && !mongoose.Types.ObjectId.isValid(id)) { return res.status(400).json({ error: 'Invalid ID format' }); } next(); }; // Partner organization routes - follow job route conventions router.route('/') .get(partnerCtl.getPartners_get) .post(authAllowAdmin(), partnerCtl.createPartner_post); // Get all customers for a given partner router.get('/customers', partnerCtl.getPartnerCustomers_get); // Partner system user routes - REST-style consistent with partners router.route('/systemUsers') .get(partnerCtl.getSystemUsers_get) .post(partnerCtl.createSystemUser_post); // Test partner system user authentication router.post('/systemUsers/testAuth', partnerCtl.testPartnerAuth_post); // Get current (first active) system user for a given partner+customer router.get('/systemUsers/current', partnerCtl.getCurrentSystemUser_get); // Get aircraft list from partner system router.get('/aircraft', partnerCtl.getPartnerAircraft_get); router.post('/syncData', partnerCtl.syncData_post); router.post('/uploadJob', partnerCtl.uploadJob_post); // Partner System User routes with ID validation router.route('/systemUsers/:id') .get(validateObjectId, partnerCtl.getSystemUser_get) .put(validateObjectId, partnerCtl.updateSystemUser_put) .delete(validateObjectId, partnerCtl.deleteSystemUser); // Partner organization routes with ID validation router.route('/:id') .get(validateObjectId, partnerCtl.getPartnerById_get) .put(validateObjectId, authAllowAdmin(), partnerCtl.updatePartner_put) .delete(validateObjectId, authAllowAdmin(), partnerCtl.deletePartner); app.use('/api/partners', router); }