feat(sim-builder): фаза 3 — БД custom_sims + CRUD API с валидацией спеки и проверкой владения

backend/src/routes/customSims.js

@@ -0,0 +1,23 @@
+'use strict';
+/* /api/custom-sims — CRUD спек-симуляций «Конструктора симуляций» (Фаза 3).
+ * Read-роуты — auth-only (видимость своих + published проверяет контроллер).
+ * Мутации — inline requireRole('teacher','admin') + per-row ownership в хендлере.
+ * НЕ blanket requireRole на роутере: список/чтение доступны и ученику (published). */
+const express = require('express');
+const router  = express.Router();
+const { authMiddleware, requireRole } = require('../middleware/auth');
+const c = require('../controllers/customSimController');
+
+router.use(authMiddleware);
+
+router.get('/',    c.list);
+// @public-by-design: router-level authMiddleware (above) + ownership/published check in handler
+router.get('/:id', c.get);
+
+router.post('/', requireRole('teacher', 'admin'), c.create);
+// @public-by-design: router-level authMiddleware (above) + per-row ownership check in handler
+router.put('/:id',    requireRole('teacher', 'admin'), c.update);
+// @public-by-design: router-level authMiddleware (above) + per-row ownership check in handler
+router.delete('/:id', requireRole('teacher', 'admin'), c.remove);
+
+module.exports = router;