feat: avatar moderation — ученик загружает фото, учитель/админ подтверждает или отклоняет

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-14 20:55:45 +03:00
parent 6429e07606
commit c2eb319162
8 changed files with 422 additions and 22 deletions
@@ -0,0 +1,40 @@
+const express  = require('express');
+const router   = express.Router();
+const multer   = require('multer');
+const path     = require('path');
+const crypto   = require('crypto');
+const { authMiddleware, requireRole } = require('../middleware/auth');
+const ctrl     = require('../controllers/avatarController');
+
+/* ── multer: avatars only, 2 MB ────────────────────────────────────────── */
+const AVATARS_DIR  = path.join(__dirname, '../../uploads/avatars');
+const AVATAR_TYPES = new Set(['image/png', 'image/jpeg', 'image/webp']);
+
+const storage = multer.diskStorage({
+    destination: AVATARS_DIR,
+    filename: (_req, file, cb) => {
+        const ext  = path.extname(file.originalname).toLowerCase();
+        const name = crypto.randomBytes(16).toString('hex') + ext;
+        cb(null, name);
+    },
+});
+
+const upload = multer({
+    storage,
+    limits: { fileSize: 2 * 1024 * 1024 }, // 2 MB
+    fileFilter: (_req, file, cb) => {
+        cb(null, AVATAR_TYPES.has(file.mimetype));
+    },
+});
+
+/* ── student routes ─────────────────────────────────────────────────────── */
+router.post('/request',   authMiddleware, upload.single('avatar'), ctrl.requestAvatar);
+router.get('/my-status',  authMiddleware, ctrl.myStatus);
+router.delete('/me',      authMiddleware, ctrl.removeAvatar);
+
+/* ── moderator routes (teacher or admin) ────────────────────────────────── */
+router.get('/pending',        authMiddleware, requireRole('teacher', 'admin'), ctrl.getPending);
+router.post('/:id/approve',   authMiddleware, requireRole('teacher', 'admin'), ctrl.approveAvatar);
+router.post('/:id/reject',    authMiddleware, requireRole('teacher', 'admin'), ctrl.rejectAvatar);
+
+module.exports = router;