crm-server/src/routes/note.routes.js

import express from 'express';
import * as noteController from '../controllers/note.controller.js';
import { authenticate } from '../middlewares/auth/authMiddleware.js';
import { requireAdmin } from '../middlewares/auth/roleMiddleware.js';
import { validateBody, validateParams } from '../middlewares/security/validateInput.js';
import { createNoteSchema, updateNoteSchema } from '../validators/crm.validators.js';
import { z } from 'zod';

const router = express.Router();

// All note routes require authentication
router.use(authenticate);

/**
 * Note management
 */

// Get all notes (admin only - returns all notes system-wide)
router.get('/', requireAdmin, noteController.getAllNotes);

// Get my reminders (must be before /:noteId to avoid route conflict)
router.get('/my-reminders', noteController.getMyReminders);

// Get note by ID
router.get(
  '/:noteId',
  validateParams(z.object({ noteId: z.string().uuid() })),
  noteController.getNoteById
);

// Create new note
router.post(
  '/',
  validateBody(createNoteSchema),
  noteController.createNote
);

// Update note
router.patch(
  '/:noteId',
  validateParams(z.object({ noteId: z.string().uuid() })),
  validateBody(updateNoteSchema),
  noteController.updateNote
);

// Delete note
router.delete(
  '/:noteId',
  validateParams(z.object({ noteId: z.string().uuid() })),
  noteController.deleteNote
);

// Mark reminder as sent
router.post(
  '/:noteId/mark-reminder-sent',
  validateParams(z.object({ noteId: z.string().uuid() })),
  noteController.markReminderSent
);

export default router;