@@ -69,6 +69,38 @@ app.get('/api/faqs', async (_, res) => {
6969 res . status ( 200 ) . send ( JSON . stringify ( faqs ) ) ;
7070} ) ;
7171
72+ /**
73+ * Creates a new blog post.
74+ *
75+ * @remarks
76+ * This endpoint allows an authenticated user to create a new blog post.
77+ * The request body must include a valid `BlogPost` object containing
78+ * at least a `title`, `content`, and `apartment`. If any of these
79+ * required fields are missing, the request will fail with a 401 error.
80+ *
81+ * The new post is initialized with:
82+ * - `likes`: 0
83+ * - `status`: "PENDING"
84+ * - `comments`: an empty array
85+ * - `date`: parsed from the request body
86+ *
87+ * @route POST /api/new-blog-post
88+ *
89+ * @requestBody
90+ * {
91+ * "title": string,
92+ * "content": string,
93+ * "apartment": string,
94+ * "date": string,
95+ * "userId": string,
96+ * ...
97+ * }
98+ *
99+ * @status
100+ * - 201: Blog post created successfully. Returns the new document ID.
101+ * - 401: Missing fields or authentication error.
102+ * - 500: Unexpected server error.
103+ */
72104app . post ( '/api/new-blog-post' , authenticate , async ( req , res ) => {
73105 try {
74106 const doc = blogPostCollection . doc ( ) ;
@@ -90,6 +122,29 @@ app.post('/api/new-blog-post', authenticate, async (req, res) => {
90122 }
91123} ) ;
92124
125+ /**
126+ * Soft-deletes a blog post by marking it as `DELETED`.
127+ *
128+ * @remarks
129+ * This endpoint allows an authenticated user or admin to mark a blog post
130+ * as deleted. The blog post is not permanently removed from the database;
131+ * its `status` field is updated to `"DELETED"`.
132+ *
133+ * Authorization:
134+ * - A post can be deleted only by its creator (`userId` === `req.user.uid`)
135+ * or by a user whose email is included in the `admins` list.
136+ *
137+ * @route PUT /api/delete-blog-post/:blogPostId
138+ *
139+ * @pathParam blogPostId - The unique ID of the blog post document to delete.
140+ *
141+ * @status
142+ * - 200: Blog post successfully marked as deleted.
143+ * - 403: User is not authorized to delete this post.
144+ * - 404: Blog post not found.
145+ * - 500: Error updating the blog post status.
146+ */
147+
93148app . put ( '/api/delete-blog-post/:blogPostId' , authenticate , async ( req , res ) => {
94149 if ( ! req . user ) throw new Error ( 'Not authenticated' ) ;
95150 const { blogPostId } = req . params ; // Extract the blog post document ID from the request parameters
@@ -117,6 +172,29 @@ app.put('/api/delete-blog-post/:blogPostId', authenticate, async (req, res) => {
117172 }
118173} ) ;
119174
175+ /**
176+ * Soft-deletes a blog post by marking it as `DELETED`.
177+ *
178+ * @remarks
179+ * This endpoint allows an authenticated user or admin to mark a blog post
180+ * as deleted. The blog post is not permanently removed from the database;
181+ * its `status` field is updated to `"DELETED"`.
182+ *
183+ * Authorization:
184+ * - A post can be deleted only by its creator (`userId` === `req.user.uid`)
185+ * or by a user whose email is included in the `admins` list.
186+ *
187+ * @route PUT /api/delete-blog-post/:blogPostId
188+ *
189+ * @pathParam blogPostId - The unique ID of the blog post document to delete.
190+ *
191+ * @status
192+ * - 200: Blog post successfully marked as deleted.
193+ * - 403: User is not authorized to delete this post.
194+ * - 404: Blog post not found.
195+ * - 500: Error updating the blog post status.
196+ */
197+
120198app . post ( '/api/edit-blog-post/:blogPostId' , authenticate , async ( req , res ) => {
121199 if ( ! req . user ) {
122200 throw new Error ( 'not authenticated' ) ;
0 commit comments